Hi, thanks GeekU!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by dale (administrator) on ASM52A2200 on 22-03-2014 12:23:02
Running from C:\Users\dale\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe
(KMP Media co.,Ltd) C:\Program Files (x86)\The KMPlayer\KMPlayer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google) C:\Users\dale\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] ()
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\...\Run: [Google Update] - C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-25] (Google Inc.)
HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\...\Run: [Google Update*] - [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\...\MountPoints2: {ccbed0aa-aebb-11e1-ad1c-001f16922226} - "E:\WD SmartWare.exe" autoplay=true
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z
Startup: C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Encarta Dictionary Quickshelf.lnk
ShortcutTarget: Encarta Dictionary Quickshelf.lnk -> C:\Program Files (x86)\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
BHO-x32: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\Program Files (x86)\iFinger\plugins\IE.ifp (iFinger Ltd)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
DPF: HKLM-x32 {0C615F36-0C1C-497B-B9E4-833B0D7AA8CA}
http://24.80.232.13:81/NetViewX.cab
DPF: HKLM-x32 {556EEC63-31E2-47C3-BF29-DFF799D2FE04}
https://secure.logme...?rnd=1069883935
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853}
http://zone.msn.com/...vl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592}
http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
https://secure.logme...trl.cab?lmi=100
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - No File
Handler-x32: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\itss51.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522
FF Homepage:
https://www.google.c...mNuLWyQGHt4HYBw
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.4 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\TELUS_Activation_11\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\dale\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\dale\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\dale\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\dale\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\dale\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dale\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dale\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
==================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-16] (Alcatel-Lucent)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-07-10] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8915 2012-05-05] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] ()
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software)
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-10] (Microsoft Corporation)
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{8d7c074a-07cc-7fd2-f05a-c9ccfd6113d2}\ \...\???\{8d7c074a-07cc-7fd2-f05a-c9ccfd6113d2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-17] ()
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA))
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-03-07] (SMART Technologies)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-03-07] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-22 12:23 - 2014-03-22 12:23 - 00013782 _____ () C:\Users\dale\Downloads\FRST.txt
2014-03-22 12:22 - 2014-03-22 12:23 - 00000000 ____D () C:\FRST
2014-03-22 12:22 - 2014-03-22 12:22 - 02157056 _____ (Farbar) C:\Users\dale\Downloads\FRST64.exe
2014-03-22 07:11 - 2014-03-22 07:11 - 00000000 ____D () C:\Windows\TempF167CCAF-BC81-B374-AE4F-E137B53C6E82-Signatures
2014-03-21 22:09 - 2014-03-21 22:09 - 00026759 _____ () C:\Users\dale\Downloads\jurassic-park-1993_finnish-351220.zip
2014-03-21 22:08 - 2014-03-21 22:08 - 00040962 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-649408.zip
2014-03-21 22:02 - 2014-03-21 22:20 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park (1993) [1080p]
2014-03-21 21:57 - 2014-03-21 21:57 - 00022309 _____ () C:\Users\dale\Downloads\[kickass.to]jurassic.park.1993.bdrip.1080p.dual.audio.hindi.5.1.rm.eng.5.1.tariq.qureshi.torrent
2014-03-21 21:01 - 2014-03-21 21:01 - 00036120 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-635929.zip
2014-03-21 19:54 - 2014-03-21 19:54 - 00000000 ____D () C:\Users\dale\Downloads\Goldfinger1964]DvDrip[Eng]-FXG
2014-03-21 19:51 - 2014-03-21 20:03 - 00000000 ____D () C:\Users\dale\Downloads\The Raid Redemption (2011)
2014-03-21 19:51 - 2014-03-21 19:59 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park I 1993
2014-03-21 07:18 - 2014-03-21 07:18 - 00000000 ____D () C:\Windows\TempD858869B-9740-6BD9-89C9-C8033A15E732-Signatures
2014-03-20 03:00 - 2014-03-20 03:00 - 00000000 ____D () C:\Windows\Temp72AF277C-1525-9955-D167-140A39CE6135-Signatures
2014-03-19 20:36 - 2014-03-19 20:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 15:59 - 2014-03-19 16:00 - 00000000 ____D () C:\Users\dale\Downloads\Intuit TurboTax 2013 Canada
2014-03-19 07:36 - 2014-03-19 07:36 - 00000000 ____D () C:\Windows\TempEFC3F3A7-406E-7783-20EF-17693B889BA5-Signatures
2014-03-18 17:09 - 2014-03-18 17:09 - 00000000 ____D () C:\Users\dale\Desktop\LEN Housing
2014-03-18 07:41 - 2014-03-18 07:41 - 00000000 ____D () C:\Windows\TempC23D5EE1-B76E-7E6E-D185-6F92ED49A8FD-Signatures
2014-03-17 08:35 - 2014-03-17 08:45 - 00000000 ____D () C:\Users\dale\Desktop\cv
2014-03-17 07:56 - 2014-03-17 07:56 - 00000000 ____D () C:\Windows\TempAB6874E1-6EFB-9F5E-BCED-4F86507E1762-Signatures
2014-03-16 03:00 - 2014-03-16 03:00 - 00000000 ____D () C:\Windows\Temp537B2C91-ACBF-5BF4-1347-057CB0EDEEF5-Signatures
2014-03-15 03:00 - 2014-03-15 03:00 - 00000000 ____D () C:\Windows\Temp907ACCBF-663A-749F-92AA-FD614B2A9E16-Signatures
2014-03-14 23:21 - 2014-03-14 23:21 - 00016855 _____ () C:\Users\dale\Downloads\revolution-second-season_english-855172.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00016051 _____ () C:\Users\dale\Downloads\revolution-second-season_english-877581.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00015888 _____ () C:\Users\dale\Downloads\revolution-second-season_english-873931.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013656 _____ () C:\Users\dale\Downloads\revolution-second-season_english-851559.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013599 _____ () C:\Users\dale\Downloads\revolution-second-season_english-869950.zip
2014-03-14 08:00 - 2014-03-14 08:00 - 00000000 ____D () C:\Windows\TempB450F607-BDA6-E782-A014-24481F019757-Signatures
2014-03-13 03:04 - 2014-03-13 03:04 - 00000000 ____D () C:\Windows\Temp82860861-2519-F1C7-3D19-A055EF6C8A8A-Signatures
2014-03-12 23:02 - 2014-03-12 23:09 - 283815693 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E15.HDTV.x264-LOL.mp4
2014-03-12 23:01 - 2014-03-12 23:12 - 329432774 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E16.HDTV.x264-LOL.mp4
2014-03-12 04:14 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 04:14 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 04:14 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 04:14 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 04:14 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 04:14 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 04:14 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 04:14 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 04:14 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 04:14 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 04:14 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 04:14 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 04:14 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 04:14 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 04:14 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 04:14 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 04:14 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 04:14 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 04:14 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 04:14 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 04:14 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 04:14 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 04:14 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 04:14 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 04:14 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 04:14 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 04:14 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 04:14 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 04:14 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 04:14 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 04:14 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 04:14 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 04:14 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 04:14 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 04:14 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 04:14 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 04:14 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 04:14 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 04:14 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 04:14 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 04:14 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 04:14 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 04:14 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 04:14 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 04:13 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 04:13 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 04:13 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 04:13 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 03:00 - 2014-03-12 03:00 - 00000000 ____D () C:\Windows\Temp0CE082E2-4DB2-E26E-B899-15D3247C8194-Signatures
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ____D () C:\Users\dale\AppData\Local\Skype
2014-03-11 07:24 - 2014-03-11 07:25 - 00000000 ____D () C:\Windows\Temp2BD02C65-BE57-A637-1FA5-D76A98DD1E7B-Signatures
2014-03-10 19:38 - 2014-03-10 19:38 - 00015256 _____ () C:\Users\dale\Downloads\revolution-second-season_english-818431.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00014493 _____ () C:\Users\dale\Downloads\revolution-second-season_english-814599.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00013196 _____ () C:\Users\dale\Downloads\revolution-second-season_english-844497.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00012108 _____ () C:\Users\dale\Downloads\revolution-second-season_english-822071.zip
2014-03-10 15:54 - 2014-03-10 15:54 - 00000000 ____D () C:\Windows\Temp549F650D-B454-D528-0B83-465CEA0B4272-Signatures
2014-03-10 03:00 - 2014-03-10 03:00 - 00000000 ____D () C:\Windows\Temp424C21DF-C756-E6B9-F089-562BC1F4845F-Signatures
2014-03-09 11:24 - 2014-03-09 11:24 - 00000000 ____D () C:\Windows\TempD41D68B2-B9FE-82CF-9D18-8D4B89EE476F-Signatures
2014-03-08 13:34 - 2014-03-08 13:59 - 00000000 ____D () C:\Program Files (x86)\WizTree
2014-03-08 13:30 - 2014-03-08 13:31 - 00000000 ____D () C:\Users\dale\Desktop\Geessy Work
2014-03-08 04:00 - 2014-03-08 04:00 - 00000000 ____D () C:\Windows\TempE251C687-04CF-B042-2C2F-40B2DC403286-Signatures
2014-03-07 04:00 - 2014-03-07 04:00 - 00000000 ____D () C:\Windows\TempB2EFD702-4E3F-83E5-10A6-2A4D196F5E8F-Signatures
2014-03-06 04:00 - 2014-03-06 04:00 - 00000000 ____D () C:\Windows\Temp649C8DFD-DDD0-0B12-6304-A4258E2DF6D6-Signatures
2014-03-05 04:00 - 2014-03-05 04:00 - 00000000 ____D () C:\Windows\Temp86BDA880-72BA-E800-9D5E-D752136D1415-Signatures
2014-03-04 08:59 - 2014-03-04 08:59 - 00000000 ____D () C:\Windows\TempDCCA3082-4259-D26A-F7CB-388A69E67DFB-Signatures
2014-03-03 09:14 - 2014-03-03 09:14 - 00000000 ____D () C:\Windows\Temp838A6C2A-182D-F972-7AC4-3227E2C30B2C-Signatures
2014-03-02 11:34 - 2014-03-02 11:34 - 00000000 ____D () C:\Windows\TempB516AC1A-8A33-D9FA-1BC1-77E85F0C1CD2-Signatures
2014-03-01 10:35 - 2014-03-07 17:44 - 00000000 ____D () C:\Users\dale\Desktop\Comedy
2014-03-01 04:00 - 2014-03-01 04:00 - 00000000 ____D () C:\Windows\Temp702526FF-0F90-E4E4-8BA1-EECC830B09D5-Signatures
2014-02-28 04:00 - 2014-02-28 04:00 - 00000000 ____D () C:\Windows\Temp63E9048C-1308-F690-AED1-5C1ACDA69E4C-Signatures
2014-02-27 07:57 - 2014-02-27 07:58 - 00000000 ____D () C:\Windows\TempB4CA3120-5ADC-2CE3-9DFB-C2590AB8C3D7-Signatures
2014-02-26 04:00 - 2014-02-26 04:00 - 00000000 ____D () C:\Windows\TempBB950C1C-5C58-02FA-D13D-9DA3F698A031-Signatures
2014-02-25 04:00 - 2014-02-25 04:00 - 00000000 ____D () C:\Windows\TempF021D2D0-6C71-A9A5-78A0-E251EAE6BE11-Signatures
2014-02-24 08:17 - 2014-02-24 08:17 - 00000000 ____D () C:\Windows\Temp5A9E70C7-2785-582D-3D5E-7BA811BCB509-Signatures
2014-02-23 09:43 - 2014-02-23 09:43 - 00000000 ____D () C:\Windows\Temp60C4A19A-C900-3DD6-C83E-CDE27177C59A-Signatures
2014-02-22 11:17 - 2014-02-22 11:17 - 00000000 ____D () C:\Windows\Temp422D83C5-75C0-A982-D130-7EB98B6790BC-Signatures
2014-02-21 08:53 - 2014-02-21 08:53 - 00000000 ____D () C:\Windows\Temp9259F361-9CC4-7F89-EEE7-33588A2ECDD9-Signatures
2014-02-20 09:13 - 2014-02-20 09:13 - 00000000 ____D () C:\Windows\Temp287F794B-3A6F-929D-FFC2-AC8FB717D60C-Signatures
==================== One Month Modified Files and Folders =======
2014-03-22 12:23 - 2014-03-22 12:23 - 00013782 _____ () C:\Users\dale\Downloads\FRST.txt
2014-03-22 12:23 - 2014-03-22 12:22 - 00000000 ____D () C:\FRST
2014-03-22 12:22 - 2014-03-22 12:22 - 02157056 _____ (Farbar) C:\Users\dale\Downloads\FRST64.exe
2014-03-22 12:18 - 2012-05-05 02:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 12:13 - 2011-06-10 07:38 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA.job
2014-03-22 11:58 - 2013-06-04 16:53 - 00000000 ____D () C:\Users\dale\Desktop\MARTIN
2014-03-22 11:40 - 2012-06-25 13:58 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
2014-03-22 11:23 - 2011-04-16 10:53 - 01829595 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 10:11 - 2012-07-20 22:06 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
2014-03-22 07:21 - 2011-05-06 07:11 - 00024192 _____ () C:\Users\dale\AppData\Roaming\Notepad2.ini
2014-03-22 07:17 - 2012-06-25 13:58 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
2014-03-22 07:16 - 2012-06-04 14:40 - 00000000 ____D () C:\Users\dale\AppData\Roaming\uTorrent
2014-03-22 07:11 - 2014-03-22 07:11 - 00000000 ____D () C:\Windows\TempF167CCAF-BC81-B374-AE4F-E137B53C6E82-Signatures
2014-03-22 07:11 - 2012-05-05 03:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-22 07:11 - 2011-04-16 13:10 - 00002141 _____ () C:\Windows\epplauncher.mif
2014-03-22 07:11 - 2011-04-16 13:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-21 22:22 - 2009-07-13 21:51 - 00196267 _____ () C:\Windows\setupact.log
2014-03-21 22:20 - 2014-03-21 22:02 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park (1993) [1080p]
2014-03-21 22:11 - 2012-07-20 22:06 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
2014-03-21 22:09 - 2014-03-21 22:09 - 00026759 _____ () C:\Users\dale\Downloads\jurassic-park-1993_finnish-351220.zip
2014-03-21 22:08 - 2014-03-21 22:08 - 00040962 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-649408.zip
2014-03-21 21:57 - 2014-03-21 21:57 - 00022309 _____ () C:\Users\dale\Downloads\[kickass.to]jurassic.park.1993.bdrip.1080p.dual.audio.hindi.5.1.rm.eng.5.1.tariq.qureshi.torrent
2014-03-21 21:25 - 2009-07-13 21:45 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 21:25 - 2009-07-13 21:45 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 21:22 - 2009-07-13 22:13 - 00879048 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-21 21:17 - 2011-04-19 07:33 - 00348436 _____ () C:\Windows\PFRO.log
2014-03-21 21:17 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 21:01 - 2014-03-21 21:01 - 00036120 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-635929.zip
2014-03-21 20:03 - 2014-03-21 19:51 - 00000000 ____D () C:\Users\dale\Downloads\The Raid Redemption (2011)
2014-03-21 19:59 - 2014-03-21 19:51 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park I 1993
2014-03-21 19:54 - 2014-03-21 19:54 - 00000000 ____D () C:\Users\dale\Downloads\Goldfinger1964]DvDrip[Eng]-FXG
2014-03-21 13:13 - 2011-06-10 07:38 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core.job
2014-03-21 11:14 - 2013-02-12 10:26 - 00000000 ____D () C:\Users\dale\Desktop\TV
2014-03-21 11:13 - 2013-08-27 19:35 - 00000000 ____D () C:\Users\dale\Desktop\nEW mOVIES
2014-03-21 07:18 - 2014-03-21 07:18 - 00000000 ____D () C:\Windows\TempD858869B-9740-6BD9-89C9-C8033A15E732-Signatures
2014-03-21 00:04 - 2012-06-03 19:37 - 00000000 ____D () C:\Users\dale\Documents\The KMPlayer
2014-03-20 20:25 - 2012-06-03 18:56 - 00000000 ____D () C:\Users\dale\Geessy Docs
2014-03-20 03:00 - 2014-03-20 03:00 - 00000000 ____D () C:\Windows\Temp72AF277C-1525-9955-D167-140A39CE6135-Signatures
2014-03-19 22:39 - 2012-05-29 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 22:35 - 2013-06-18 20:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-19 22:35 - 2012-06-25 13:58 - 00000000 ____D () C:\Users\dale\AppData\Local\Google
2014-03-19 20:36 - 2014-03-19 20:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 16:00 - 2014-03-19 15:59 - 00000000 ____D () C:\Users\dale\Downloads\Intuit TurboTax 2013 Canada
2014-03-19 12:41 - 2012-05-29 19:37 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Mozilla
2014-03-19 07:36 - 2014-03-19 07:36 - 00000000 ____D () C:\Windows\TempEFC3F3A7-406E-7783-20EF-17693B889BA5-Signatures
2014-03-19 07:36 - 2013-08-25 11:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 07:33 - 2011-05-28 08:28 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 17:09 - 2014-03-18 17:09 - 00000000 ____D () C:\Users\dale\Desktop\LEN Housing
2014-03-18 07:41 - 2014-03-18 07:41 - 00000000 ____D () C:\Windows\TempC23D5EE1-B76E-7E6E-D185-6F92ED49A8FD-Signatures
2014-03-17 08:45 - 2014-03-17 08:35 - 00000000 ____D () C:\Users\dale\Desktop\cv
2014-03-17 07:56 - 2014-03-17 07:56 - 00000000 ____D () C:\Windows\TempAB6874E1-6EFB-9F5E-BCED-4F86507E1762-Signatures
2014-03-16 03:00 - 2014-03-16 03:00 - 00000000 ____D () C:\Windows\Temp537B2C91-ACBF-5BF4-1347-057CB0EDEEF5-Signatures
2014-03-15 03:00 - 2014-03-15 03:00 - 00000000 ____D () C:\Windows\Temp907ACCBF-663A-749F-92AA-FD614B2A9E16-Signatures
2014-03-14 23:21 - 2014-03-14 23:21 - 00016855 _____ () C:\Users\dale\Downloads\revolution-second-season_english-855172.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00016051 _____ () C:\Users\dale\Downloads\revolution-second-season_english-877581.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00015888 _____ () C:\Users\dale\Downloads\revolution-second-season_english-873931.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013656 _____ () C:\Users\dale\Downloads\revolution-second-season_english-851559.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013599 _____ () C:\Users\dale\Downloads\revolution-second-season_english-869950.zip
2014-03-14 08:00 - 2014-03-14 08:00 - 00000000 ____D () C:\Windows\TempB450F607-BDA6-E782-A014-24481F019757-Signatures
2014-03-13 03:22 - 2009-07-13 21:45 - 00424568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:21 - 2012-07-29 11:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:21 - 2012-07-29 11:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:05 - 2011-04-18 17:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 03:04 - 2014-03-13 03:04 - 00000000 ____D () C:\Windows\Temp82860861-2519-F1C7-3D19-A055EF6C8A8A-Signatures
2014-03-12 23:12 - 2014-03-12 23:01 - 329432774 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E16.HDTV.x264-LOL.mp4
2014-03-12 23:09 - 2014-03-12 23:02 - 283815693 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E15.HDTV.x264-LOL.mp4
2014-03-12 03:00 - 2014-03-12 03:00 - 00000000 ____D () C:\Windows\Temp0CE082E2-4DB2-E26E-B899-15D3247C8194-Signatures
2014-03-11 22:51 - 2012-05-29 19:44 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Skype
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ____D () C:\Users\dale\AppData\Local\Skype
2014-03-11 21:22 - 2012-05-29 19:44 - 00000000 ____D () C:\ProgramData\Skype
2014-03-11 07:25 - 2014-03-11 07:24 - 00000000 ____D () C:\Windows\Temp2BD02C65-BE57-A637-1FA5-D76A98DD1E7B-Signatures
2014-03-10 19:38 - 2014-03-10 19:38 - 00015256 _____ () C:\Users\dale\Downloads\revolution-second-season_english-818431.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00014493 _____ () C:\Users\dale\Downloads\revolution-second-season_english-814599.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00013196 _____ () C:\Users\dale\Downloads\revolution-second-season_english-844497.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00012108 _____ () C:\Users\dale\Downloads\revolution-second-season_english-822071.zip
2014-03-10 15:54 - 2014-03-10 15:54 - 00000000 ____D () C:\Windows\Temp549F650D-B454-D528-0B83-465CEA0B4272-Signatures
2014-03-10 03:00 - 2014-03-10 03:00 - 00000000 ____D () C:\Windows\Temp424C21DF-C756-E6B9-F089-562BC1F4845F-Signatures
2014-03-09 11:24 - 2014-03-09 11:24 - 00000000 ____D () C:\Windows\TempD41D68B2-B9FE-82CF-9D18-8D4B89EE476F-Signatures
2014-03-08 13:59 - 2014-03-08 13:34 - 00000000 ____D () C:\Program Files (x86)\WizTree
2014-03-08 13:31 - 2014-03-08 13:30 - 00000000 ____D () C:\Users\dale\Desktop\Geessy Work
2014-03-08 13:28 - 2013-08-07 11:23 - 00000000 ____D () C:\Users\dale\Desktop\FOTOS
2014-03-08 13:27 - 2013-11-05 18:01 - 00000000 ____D () C:\Users\dale\Desktop\esl
2014-03-08 04:00 - 2014-03-08 04:00 - 00000000 ____D () C:\Windows\TempE251C687-04CF-B042-2C2F-40B2DC403286-Signatures
2014-03-07 17:44 - 2014-03-01 10:35 - 00000000 ____D () C:\Users\dale\Desktop\Comedy
2014-03-07 04:00 - 2014-03-07 04:00 - 00000000 ____D () C:\Windows\TempB2EFD702-4E3F-83E5-10A6-2A4D196F5E8F-Signatures
2014-03-06 04:00 - 2014-03-06 04:00 - 00000000 ____D () C:\Windows\Temp649C8DFD-DDD0-0B12-6304-A4258E2DF6D6-Signatures
2014-03-05 04:00 - 2014-03-05 04:00 - 00000000 ____D () C:\Windows\Temp86BDA880-72BA-E800-9D5E-D752136D1415-Signatures
2014-03-04 08:59 - 2014-03-04 08:59 - 00000000 ____D () C:\Windows\TempDCCA3082-4259-D26A-F7CB-388A69E67DFB-Signatures
2014-03-03 09:14 - 2014-03-03 09:14 - 00000000 ____D () C:\Windows\Temp838A6C2A-182D-F972-7AC4-3227E2C30B2C-Signatures
2014-03-02 11:34 - 2014-03-02 11:34 - 00000000 ____D () C:\Windows\TempB516AC1A-8A33-D9FA-1BC1-77E85F0C1CD2-Signatures
2014-03-01 04:00 - 2014-03-01 04:00 - 00000000 ____D () C:\Windows\Temp702526FF-0F90-E4E4-8BA1-EECC830B09D5-Signatures
2014-02-28 23:05 - 2014-03-12 04:14 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 22:17 - 2014-03-12 04:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 22:16 - 2014-03-12 04:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 21:58 - 2014-03-12 04:14 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 21:52 - 2014-03-12 04:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 21:51 - 2014-03-12 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 21:42 - 2014-03-12 04:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 21:40 - 2014-03-12 04:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 21:37 - 2014-03-12 04:14 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 21:33 - 2014-03-12 04:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 21:33 - 2014-03-12 04:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 21:32 - 2014-03-12 04:14 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 21:30 - 2014-03-12 04:14 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 21:23 - 2014-03-12 04:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 21:17 - 2014-03-12 04:14 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 21:11 - 2014-03-12 04:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 21:02 - 2014-03-12 04:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 20:54 - 2014-03-12 04:14 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 20:52 - 2014-03-12 04:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 20:51 - 2014-03-12 04:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-12 04:14 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 20:43 - 2014-03-12 04:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 20:43 - 2014-03-12 04:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 20:42 - 2014-03-12 04:14 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 20:40 - 2014-03-12 04:14 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 20:38 - 2014-03-12 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 20:37 - 2014-03-12 04:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 20:35 - 2014-03-12 04:14 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 20:18 - 2014-03-12 04:14 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 20:16 - 2014-03-12 04:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 20:14 - 2014-03-12 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 20:10 - 2014-03-12 04:14 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 20:03 - 2014-03-12 04:14 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 20:00 - 2014-03-12 04:14 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 19:57 - 2014-03-12 04:14 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 19:53 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-28 19:38 - 2014-03-12 04:14 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 19:32 - 2014-03-12 04:14 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 19:27 - 2014-03-12 04:14 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 19:25 - 2014-03-12 04:14 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 19:25 - 2014-03-12 04:14 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 04:00 - 2014-02-28 04:00 - 00000000 ____D () C:\Windows\Temp63E9048C-1308-F690-AED1-5C1ACDA69E4C-Signatures
2014-02-27 07:58 - 2014-02-27 07:57 - 00000000 ____D () C:\Windows\TempB4CA3120-5ADC-2CE3-9DFB-C2590AB8C3D7-Signatures
2014-02-27 07:56 - 2011-04-16 13:10 - 00873916 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 04:00 - 2014-02-26 04:00 - 00000000 ____D () C:\Windows\TempBB950C1C-5C58-02FA-D13D-9DA3F698A031-Signatures
2014-02-25 04:00 - 2014-02-25 04:00 - 00000000 ____D () C:\Windows\TempF021D2D0-6C71-A9A5-78A0-E251EAE6BE11-Signatures
2014-02-24 08:17 - 2014-02-24 08:17 - 00000000 ____D () C:\Windows\Temp5A9E70C7-2785-582D-3D5E-7BA811BCB509-Signatures
2014-02-23 09:43 - 2014-02-23 09:43 - 00000000 ____D () C:\Windows\Temp60C4A19A-C900-3DD6-C83E-CDE27177C59A-Signatures
2014-02-22 11:17 - 2014-02-22 11:17 - 00000000 ____D () C:\Windows\Temp422D83C5-75C0-A982-D130-7EB98B6790BC-Signatures
2014-02-21 08:53 - 2014-02-21 08:53 - 00000000 ____D () C:\Windows\Temp9259F361-9CC4-7F89-EEE7-33588A2ECDD9-Signatures
2014-02-20 09:13 - 2014-02-20 09:13 - 00000000 ____D () C:\Windows\Temp287F794B-3A6F-929D-FFC2-AC8FB717D60C-Signatures
ZeroAccess:
C:\Users\dale\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\leibeld\AppData\Local\Temp\GUR592F.exe
C:\Users\leibeld\AppData\Local\Temp\nitro_pdf_reader_64.exe
C:\Users\leibeld\AppData\Local\Temp\{4027756A-C829-4743-946E-AA3D2BAF34FE}-chrome_updater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
LastRegBack: 2014-03-20 00:49
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by dale at 2014-03-22 12:23:46
Running from C:\Users\dale\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0011-0000-0001-074957833700}) (Version: 11.0.460 - ABBYY)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{676E4C31-0CD1-454E-BE3A-70D3AC93F915}) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
iFinger 2.0 (HKLM-x32\...\iFinger 2.0) (Version: 2.0.8.280 - iFinger Ltd.)
IIS 7.5 Express (HKLM-x32\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Encarta World English Dictionary (HKLM-x32\...\EWED 2000 A) (Version: - )
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.3.0219.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.219.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Web Deploy 2.0 (HKLM\...\{5134B35A-B559-4762-94A4-FD4918977953}) (Version: 2.0.1070 - Microsoft Corporation)
Microsoft Web Platform Installer 3.0 (HKLM\...\{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}) (Version: 3.0.5 - Microsoft Corporation)
Microsoft WebMatrix (HKLM-x32\...\{66F0E678-69C2-4C46-BA95-117DF28C87E4}) (Version: 1.0.1073 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MySQL Connector Net 6.3.7 (HKLM-x32\...\{5FD88490-011C-4DF1-B886-F298D955171B}) (Version: 6.3.7 - Oracle)
MySQL Server 5.1 (HKLM\...\{D1AFFA41-BB7A-4398-A86A-2B935FC3A649}) (Version: 5.1.57 - MySQL AB)
Nitro PDF Reader 2 (HKLM\...\{536CE037-9381-4A3F-9B70-4E0523730123}) (Version: 2.0.0.29 - Nitro PDF Software)
Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25 - Florian Balmer)
Perle DeviceManager (HKLM-x32\...\Perle DeviceManager) (Version: 4.2 - Perle Systems Limited)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.83 (HKLM-x32\...\Revo Uninstaller) (Version: 1.83 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Stanza (HKLM-x32\...\Stanza) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
Tera Term 4.69 (HKLM-x32\...\Tera Term_is1) (Version: - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.4.0.59 - KMP Media co., Ltd)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)
Wondershare Video Editor(Build 3.1.6) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
==================== Restore Points =========================
15-03-2014 10:00:10 Windows Update
16-03-2014 10:00:10 Windows Update
17-03-2014 14:55:53 Windows Update
18-03-2014 14:40:46 Windows Update
19-03-2014 14:33:09 Windows Update
20-03-2014 05:28:21 Revo Uninstaller's restore point - Google Chrome
20-03-2014 10:00:12 Windows Update
21-03-2014 14:17:44 Windows Update
22-03-2014 14:10:55 Windows Update
==================== Hosts content: ==========================
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {13F94C08-5379-497B-BAAF-6D75323D7BED} - System32\Tasks\{E1F7AB0E-62C9-4258-A06D-6F1218EBB5B3} => Firefox.exe
http://ui.skype.com/...l?page=tsPlugin
Task: {325CD0D0-B1CD-490D-8A55-610C966532AB} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-08-12] ()
Task: {464B03F2-6F9D-4A81-B2CE-D6661AB641E5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10] (Google Inc.)
Task: {740F6CB9-00A2-45D3-882F-27A131D654C9} - System32\Tasks\{B944CBEC-C684-4E63-98EA-C8B2337DF5A2} => C:\Temp\setup.exe [2010-06-13] (L1 Identity Solutions )
Task: {7BE19241-1F57-44F5-ABEA-EC424F1C6163} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: {9310245D-014E-4302-BAF2-649F034E0EEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-02] (Adobe Systems Incorporated)
Task: {A2E5BA19-24E2-4AF5-8771-602F89908AA1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {B98E4E7F-D660-4C46-9BCF-229A3DE35BC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {BF9248C3-51C6-42E5-9790-16C9226CFB6F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {D556E336-E1B7-4795-A6CD-90D4C4F1CC68} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10] (Google Inc.)
Task: {FCB2871D-FEF9-4377-AB2F-DFD1339C9E5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core.job => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA.job => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-04-18 16:51 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-12 21:37 - 2011-04-12 21:37 - 07681536 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2013-11-17 20:30 - 2013-07-24 10:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2012-10-31 01:59 - 2012-10-31 01:59 - 04562432 _____ () C:\Program Files (x86)\The KMPlayer\libcodec.dll
2014-03-19 20:36 - 2014-03-19 20:36 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-02 18:33 - 2013-12-02 18:33 - 16237448 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iFinger 2.0.lnk => C:\Windows\pss\iFinger 2.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iFinger.lnk => C:\Windows\pss\iFinger.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (03/22/2014 07:11:38 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
Error: (03/22/2014 07:11:37 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Microsoft Security Client\MsMpEng.exe.
Error: (03/21/2014 07:18:22 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
Error: (03/21/2014 07:18:19 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.
Error: (03/20/2014 03:00:43 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
Error: (03/20/2014 03:00:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.
Error: (03/19/2014 10:35:25 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16521 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e80
Start Time: 01cf43fe2884cc49
Termination Time: 14
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (03/19/2014 08:20:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: KMPlayer.exe, version: 3.4.0.59, time stamp: 0x5099b3d0
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xc80
Faulting application start time: 0xKMPlayer.exe0
Faulting application path: KMPlayer.exe1
Faulting module path: KMPlayer.exe2
Report Id: KMPlayer.exe3
Error: (03/19/2014 00:41:52 PM) (Source: Microsoft-Windows-RestartManager) (User: ASM52A2200)
Description: Application or service 'Plugin Container for Firefox' could not be shut down.
Error: (03/19/2014 07:36:28 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
System errors:
=============
Error: (03/22/2014 00:16:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Error: (03/22/2014 07:12:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
Error: (03/22/2014 07:11:01 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Error: (03/22/2014 07:11:01 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (03/21/2014 09:18:11 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Error: (03/21/2014 09:18:11 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (03/21/2014 09:17:59 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
Error: (03/21/2014 09:17:57 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (03/21/2014 09:17:57 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
Error: (03/21/2014 09:17:56 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060
Microsoft Office Sessions:
=========================
Error: (03/22/2014 07:11:38 AM) (Source: Microsoft Security Client Setup)(User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
Error: (03/22/2014 07:11:37 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/21/2014 07:18:22 AM) (Source: Microsoft Security Client Setup)(User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
Error: (03/21/2014 07:18:19 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/20/2014 03:00:43 AM) (Source: Microsoft Security Client Setup)(User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
Error: (03/20/2014 03:00:40 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/19/2014 10:35:25 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.16521e8001cf43fe2884cc4914C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (03/19/2014 08:20:06 PM) (Source: Application Error)(User: )
Description: KMPlayer.exe3.4.0.595099b3d0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fc8001cf4335330284d8C:\PROGRA~2\THEKMP~1\KMPlayer.exeC:\Windows\syswow64\KERNELBASE.dll884250c5-afde-11e3-8d79-001f16922226
Error: (03/19/2014 00:41:52 PM) (Source: Microsoft-Windows-RestartManager)(User: ASM52A2200)
Description: 1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exePlugin Container for Firefox0211747080
Error: (03/19/2014 07:36:28 AM) (Source: Microsoft Security Client Setup)(User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
CodeIntegrity Errors:
===================================
Date: 2013-10-20 10:48:21.152
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-20 10:48:20.426
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-20 10:48:17.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-20 10:48:16.555
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-20 10:48:13.392
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-20 10:48:12.641
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-20 10:48:09.484
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-20 10:48:08.726
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-20 10:48:05.541
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sy_ because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-20 10:48:04.850
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sy_ because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 68%
Total physical RAM: 4024.93 MB
Available physical RAM: 1284.58 MB
Total Pagefile: 8048.04 MB
Available Pagefile: 4816.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:221.07 GB) (Free:40.62 GB) NTFS
Drive e: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
Drive g: ( F:) (Fixed) (Total:930.86 GB) (Free:787.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 217E217E)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 931 GB) (Disk ID: 4D5AD2A2)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================