Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Issues with malware [Solved]


  • This topic is locked This topic is locked

#16
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

What exactly happens?

 

Do you get any sort of message or warning?


  • 0

Advertisements


#17
TheAlpinist

TheAlpinist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

A message will appear asking if I want to allow this program to make changes to this computer. I will respond "yes", then it appears the computer is processing followed by nothing.


  • 0

#18
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, Is your Norton security paid for and a current subscription or has it expired?
 

Also lets take a look again with FRST to see if anything is causing issues there.

Supplemental FRST Scan
Please run FRST64 again from your Desktop. If you do not currently have it on your system, download it from here and save it to your desktop.

  • Right click frst.png to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

  • 0

#19
TheAlpinist

TheAlpinist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

My Norton is not paid for and has expired. Should I check the Drivers MD5 and addition.txt buttons when I run FRST?


  • 0

#20
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Thanks. No not necessary for a follow on.
  • 0

#21
TheAlpinist

TheAlpinist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Robert (administrator) on COLIN on 07-10-2014 12:07:00
Running from C:\Users\Robert\Desktop
Loaded Profile: Robert (Available profiles: Robert)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-09-02] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
HKU\S-1-5-21-3973067536-1798800631-1438657387-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938112 2014-09-22] (Valve Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - {D1A5923A-BB03-4DC7-BA39-0BD2EF38D684} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\9wgl5kd2.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2013-07-07]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-10-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://search.conduit.com/?ctid=CT3309350&SearchSource=48&CUI=UN29219282661603511&UM=2"
CHR NewTab: Default -> "chrome-extension://iigplimlmgilpobjilfbfeilnpiigpgl/Search/NewTabPages/html/new_tab.html"
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR DefaultSearchProvider: Default -> Conduit
CHR DefaultSearchURL: Default -> http://search.condui...=CT3309350&UM=2
CHR DefaultSuggestURL: Default -> http://suggest.searc...2661603511&UM=2
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-29]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-29]
CHR Extension: (Weather Europe Extension) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bemdljjjbhcfijgneiodhpjdnpbbcapk [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-29]
CHR Extension: (Proofread Bot  Grammar and Style Checker) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap [2014-09-15]
CHR Extension: (Google Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-29]
CHR Extension: (Taskforce) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc [2014-09-30]
CHR Extension: (No Name) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-29]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-29]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-08-19] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-08-19] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-08-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-08-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-08-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3860480 2013-08-23] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-02] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130904.001\IDSvia64.sys [520280 2013-08-20] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130905.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130905.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-09] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-08-19] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 12:20 - 2014-10-06 12:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-06 12:18 - 2014-10-06 12:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robert\Downloads\mbam-setup-2.0.2.1012(4).exe
2014-10-06 12:14 - 2014-10-06 12:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robert\Downloads\mbam-setup-2.0.2.1012(3).exe
2014-10-06 12:11 - 2014-10-06 12:11 - 00000499 _____ () C:\Users\Robert\Downloads\fixlist.txt
2014-10-03 12:24 - 2014-10-07 12:07 - 00019792 _____ () C:\Users\Robert\Desktop\FRST.txt
2014-10-03 12:24 - 2014-10-06 12:13 - 00000000 ____D () C:\Users\Robert\Desktop\FRST-OlderVersion
2014-10-02 12:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-10-02 12:22 - 2014-10-02 12:22 - 00005735 _____ () C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-10-02 12:21 - 2014-10-03 12:19 - 00000000 ____D () C:\AdwCleaner
2014-10-02 12:21 - 2014-10-02 12:21 - 01375089 _____ () C:\Users\Robert\Desktop\AdwCleaner.exe
2014-10-01 17:34 - 2014-10-01 17:34 - 00004270 _____ () C:\Users\Robert\Desktop\JRT.txt
2014-10-01 17:29 - 2014-10-01 17:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-01 17:28 - 2014-10-01 17:28 - 01061121 _____ (Thisisu) C:\Users\Robert\Downloads\JRT(1).exe
2014-10-01 17:27 - 2014-10-01 17:27 - 01701878 _____ (Thisisu) C:\Users\Robert\Downloads\JRT.exe
2014-10-01 11:44 - 2014-10-01 11:44 - 00001733 _____ () C:\Users\Robert\Downloads\aswMBR.txt
2014-10-01 11:44 - 2014-10-01 11:44 - 00000512 _____ () C:\Users\Robert\Downloads\MBR.dat
2014-10-01 11:42 - 2014-10-01 11:42 - 05185536 _____ (AVAST Software) C:\Users\Robert\Downloads\aswmbr.exe
2014-10-01 11:39 - 2014-10-01 11:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-01 11:33 - 2014-10-01 11:34 - 00052467 _____ () C:\Users\Robert\Downloads\Addition.txt
2014-10-01 11:29 - 2014-10-01 11:34 - 00101687 _____ () C:\Users\Robert\Downloads\FRST.txt
2014-10-01 11:28 - 2014-10-07 12:07 - 00000000 ____D () C:\FRST
2014-10-01 11:27 - 2014-10-06 12:13 - 02109952 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2014-09-30 09:28 - 2014-09-30 09:28 - 00602112 _____ (OldTimer Tools) C:\Users\Robert\Downloads\OTL(4).exe
2014-09-30 09:27 - 2014-09-30 09:27 - 00323168 _____ (FreeWorldApp) C:\Users\Robert\Downloads\Setup(1).exe
2014-09-29 18:10 - 2014-07-24 09:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-29 18:10 - 2014-07-24 01:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-29 18:10 - 2014-07-24 01:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-29 18:09 - 2014-07-24 07:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-29 18:09 - 2014-07-24 07:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-29 18:09 - 2014-07-24 07:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-29 18:09 - 2014-07-24 07:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-29 18:09 - 2014-07-24 07:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-29 18:09 - 2014-07-24 04:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-29 18:09 - 2014-07-24 04:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-29 18:09 - 2014-07-24 04:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-29 18:09 - 2014-07-24 03:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-29 18:09 - 2014-07-24 03:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-29 18:09 - 2014-07-24 03:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-29 18:09 - 2014-07-24 03:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-29 18:09 - 2014-07-24 03:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-29 18:09 - 2014-07-24 03:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-29 18:09 - 2014-07-24 03:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-29 18:09 - 2014-07-24 02:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-29 18:09 - 2014-07-24 02:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-29 18:09 - 2014-07-24 02:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-29 18:09 - 2014-07-24 02:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-29 18:09 - 2014-07-24 02:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-29 18:09 - 2014-07-24 02:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-29 18:09 - 2014-07-24 02:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-29 18:09 - 2014-07-24 02:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-29 18:09 - 2014-07-24 02:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-29 18:09 - 2014-07-24 02:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-29 18:09 - 2014-07-24 02:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-29 18:09 - 2014-07-24 01:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-29 18:09 - 2014-07-24 01:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-29 18:09 - 2014-07-24 01:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-29 18:09 - 2014-07-24 01:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-29 18:09 - 2014-07-24 01:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-29 18:09 - 2014-07-11 22:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-29 18:09 - 2014-07-11 22:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-29 18:09 - 2014-07-04 04:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-29 18:09 - 2014-07-04 04:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-29 18:09 - 2014-07-04 03:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-29 18:09 - 2014-06-25 18:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-29 18:09 - 2014-06-14 00:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-29 18:09 - 2014-06-13 23:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-29 18:09 - 2014-06-07 04:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-29 18:09 - 2014-06-05 03:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-29 18:09 - 2014-05-30 22:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-29 18:09 - 2014-05-28 23:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-29 18:09 - 2014-05-10 02:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-29 18:09 - 2014-05-05 18:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-29 18:09 - 2014-03-24 19:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-29 18:09 - 2014-03-24 19:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-29 18:08 - 2014-07-24 07:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-29 18:08 - 2014-07-24 07:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-29 18:08 - 2014-07-24 07:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-29 18:08 - 2014-07-24 07:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-29 18:08 - 2014-07-24 07:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-29 18:08 - 2014-07-24 04:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-29 18:08 - 2014-07-24 04:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-29 18:08 - 2014-07-24 04:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-29 18:08 - 2014-07-24 04:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-29 18:08 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-29 18:08 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-29 18:08 - 2014-07-24 04:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-29 18:08 - 2014-07-24 03:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-29 18:08 - 2014-07-24 03:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-29 18:08 - 2014-07-24 03:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-29 18:08 - 2014-07-24 03:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-29 18:08 - 2014-07-24 03:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-29 18:08 - 2014-07-24 02:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-29 18:08 - 2014-07-24 02:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-29 18:08 - 2014-07-24 02:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-29 18:08 - 2014-07-24 02:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-29 18:08 - 2014-07-24 02:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-29 18:08 - 2014-07-24 01:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-29 18:08 - 2014-05-28 22:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-29 18:02 - 2014-07-24 09:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-29 18:02 - 2014-07-24 09:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-29 18:02 - 2014-07-24 09:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-29 18:02 - 2014-07-24 09:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-29 18:02 - 2014-07-24 09:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-29 18:02 - 2014-07-24 09:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-29 18:02 - 2014-07-24 09:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-29 18:02 - 2014-07-24 08:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-29 18:02 - 2014-07-24 05:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-29 18:02 - 2014-07-24 05:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-29 18:02 - 2014-07-24 05:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-29 18:02 - 2014-07-24 04:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-29 18:02 - 2014-07-24 04:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-29 18:02 - 2014-07-24 03:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-29 18:02 - 2014-07-24 03:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-29 18:02 - 2014-07-24 03:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-29 18:02 - 2014-07-24 02:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-29 18:02 - 2014-07-24 02:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-29 18:02 - 2014-07-24 02:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-29 18:02 - 2014-07-24 02:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-29 18:02 - 2014-07-24 02:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-29 18:02 - 2014-07-24 02:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-29 18:02 - 2014-07-24 02:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-29 18:02 - 2014-07-24 02:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-29 18:02 - 2014-07-24 02:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-29 18:02 - 2014-07-24 02:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-29 18:02 - 2014-07-24 02:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-29 18:02 - 2014-07-24 02:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-29 18:02 - 2014-07-24 02:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-29 18:02 - 2014-07-24 02:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-29 18:02 - 2014-07-24 02:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-29 18:02 - 2014-07-24 02:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-29 18:02 - 2014-07-24 01:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-29 18:02 - 2014-07-24 01:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-29 18:02 - 2014-07-24 01:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-29 18:02 - 2014-07-24 01:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-29 18:02 - 2014-07-11 23:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-29 18:02 - 2014-07-09 17:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-29 18:02 - 2014-07-04 04:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-29 18:02 - 2014-06-18 20:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-29 18:01 - 2014-07-24 09:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-29 18:01 - 2014-07-24 09:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-29 18:01 - 2014-07-24 09:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-29 18:01 - 2014-07-24 09:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-29 18:01 - 2014-07-24 09:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-29 18:01 - 2014-07-24 09:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-29 18:01 - 2014-07-24 09:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-29 18:01 - 2014-07-24 09:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-29 18:01 - 2014-07-24 09:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-29 18:01 - 2014-07-24 09:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-29 18:01 - 2014-07-24 08:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-29 18:01 - 2014-07-24 05:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-29 18:01 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-29 18:01 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-29 18:01 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-29 18:01 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-29 18:01 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-29 18:01 - 2014-07-24 05:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-29 18:01 - 2014-07-24 05:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-29 18:01 - 2014-07-24 05:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-29 18:01 - 2014-07-24 05:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-29 18:01 - 2014-07-24 05:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-29 18:01 - 2014-07-24 05:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-29 18:01 - 2014-07-24 05:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-29 18:01 - 2014-07-24 05:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-29 18:01 - 2014-07-24 05:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-29 18:01 - 2014-07-24 05:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-29 18:01 - 2014-07-24 04:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-29 18:01 - 2014-07-24 04:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-29 18:01 - 2014-07-24 04:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-29 18:01 - 2014-07-24 03:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-29 18:01 - 2014-07-24 03:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-29 18:01 - 2014-07-24 03:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-29 18:01 - 2014-07-24 03:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-29 18:01 - 2014-07-24 03:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-29 18:01 - 2014-07-24 02:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-29 18:01 - 2014-07-24 02:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-29 18:01 - 2014-07-24 02:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-29 18:01 - 2014-07-24 02:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-29 18:01 - 2014-07-24 02:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-29 18:01 - 2014-07-24 02:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-29 18:01 - 2014-07-24 02:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-29 18:01 - 2014-07-24 02:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-29 18:01 - 2014-07-24 02:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-29 18:01 - 2014-07-24 02:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-29 18:01 - 2014-07-24 02:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-29 18:01 - 2014-07-24 02:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-29 18:01 - 2014-07-24 02:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-29 18:01 - 2014-07-24 01:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-29 18:01 - 2014-07-24 01:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-29 18:01 - 2014-07-24 01:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-29 18:01 - 2014-07-24 01:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-29 18:01 - 2014-07-24 01:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-29 18:01 - 2014-07-23 22:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-29 18:01 - 2014-07-23 22:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-29 18:01 - 2014-07-11 22:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-29 18:01 - 2014-07-04 06:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-29 18:01 - 2014-06-27 00:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-29 18:01 - 2014-06-19 17:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-29 18:01 - 2014-06-07 06:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-29 18:01 - 2014-06-05 08:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-29 18:01 - 2014-05-30 23:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-29 18:01 - 2014-05-28 23:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-29 18:01 - 2014-05-05 22:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-29 18:00 - 2014-07-24 09:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-29 18:00 - 2014-07-24 09:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-29 18:00 - 2014-07-24 09:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-29 18:00 - 2014-07-24 09:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-29 18:00 - 2014-07-24 09:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-29 18:00 - 2014-07-24 04:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-29 18:00 - 2014-07-24 04:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-29 18:00 - 2014-07-24 04:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-29 18:00 - 2014-07-24 04:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-29 18:00 - 2014-07-24 04:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-29 18:00 - 2014-07-24 03:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-29 18:00 - 2014-07-24 03:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-29 18:00 - 2014-07-24 03:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-29 18:00 - 2014-07-24 03:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-29 18:00 - 2014-07-24 03:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-29 18:00 - 2014-07-24 03:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-29 18:00 - 2014-07-24 03:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-29 18:00 - 2014-07-24 02:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-29 18:00 - 2014-07-24 02:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-29 18:00 - 2014-07-24 02:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-29 18:00 - 2014-07-24 02:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-29 18:00 - 2014-07-24 01:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-29 18:00 - 2014-07-11 23:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-29 18:00 - 2014-07-04 03:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-29 18:00 - 2014-06-25 18:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-29 18:00 - 2014-05-29 00:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-29 18:00 - 2014-05-10 04:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-29 17:59 - 2014-07-24 09:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-29 17:59 - 2014-07-24 09:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-29 17:59 - 2014-07-24 05:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-29 17:59 - 2014-07-24 05:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-29 17:59 - 2014-07-24 02:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-29 17:59 - 2014-07-24 01:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-29 17:59 - 2014-07-04 04:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-29 17:59 - 2014-06-05 04:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-29 17:59 - 2014-05-26 01:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-29 17:59 - 2014-03-24 20:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-29 17:59 - 2014-03-24 20:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-29 17:53 - 2014-07-29 19:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-29 17:53 - 2014-07-28 23:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-29 17:33 - 2014-08-23 01:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-29 17:33 - 2014-08-23 01:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-29 17:33 - 2014-08-23 00:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-29 17:33 - 2014-08-22 23:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-29 17:33 - 2014-08-22 22:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-29 17:33 - 2014-08-22 22:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-29 17:33 - 2014-08-22 22:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-29 17:33 - 2014-08-22 22:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-29 17:33 - 2014-08-22 22:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-19 21:09 - 2014-08-14 18:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-15 16:24 - 2014-08-15 19:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-15 16:24 - 2014-08-15 19:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-15 16:24 - 2014-08-15 19:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-15 16:24 - 2014-08-15 19:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-15 16:24 - 2014-08-15 19:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-15 16:24 - 2014-08-15 19:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-15 16:24 - 2014-08-15 19:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-15 16:24 - 2014-08-15 19:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-15 16:24 - 2014-08-15 19:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-15 16:24 - 2014-08-15 19:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-15 16:24 - 2014-08-15 18:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-15 16:24 - 2014-08-15 18:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-15 16:23 - 2014-08-15 20:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-15 16:23 - 2014-08-15 20:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-15 16:23 - 2014-08-15 20:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-15 16:23 - 2014-08-15 20:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-15 16:23 - 2014-08-15 19:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-15 16:23 - 2014-08-15 19:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-15 16:23 - 2014-08-15 19:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-15 16:23 - 2014-08-15 19:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-15 16:23 - 2014-08-15 19:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-15 16:23 - 2014-08-15 19:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-15 16:23 - 2014-08-15 19:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-15 16:23 - 2014-08-15 18:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 16:23 - 2014-08-15 18:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-15 16:23 - 2014-08-15 18:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-15 16:23 - 2014-08-15 18:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-15 16:23 - 2014-08-15 18:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-15 16:23 - 2014-08-15 18:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-15 16:23 - 2014-08-15 18:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-15 16:23 - 2014-08-15 18:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-15 16:23 - 2014-08-15 18:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-15 16:23 - 2014-08-15 18:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-15 16:23 - 2014-08-15 18:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-15 16:23 - 2014-08-15 18:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-15 15:06 - 2014-09-04 20:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-15 15:06 - 2014-09-04 20:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-15 15:06 - 2014-09-04 18:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-15 15:06 - 2014-08-01 18:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-15 15:03 - 2014-07-23 21:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-15 15:03 - 2014-07-23 21:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-08 15:03 - 2014-09-08 15:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robert\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-09-08 15:02 - 2014-09-08 15:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robert\Downloads\mbam-setup-2.0.2.1012(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 12:03 - 2014-05-06 17:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-07 12:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-07 11:51 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-10-07 11:44 - 2014-08-19 14:58 - 01433454 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-07 11:34 - 2013-07-07 15:28 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{76593285-B87E-4AA0-86C2-015B95E8DFC5}
2014-10-06 17:24 - 2013-07-07 15:26 - 00000000 ____D () C:\Users\Robert\AppData\Local\Packages
2014-10-06 12:27 - 2013-07-07 15:37 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3973067536-1798800631-1438657387-1002
2014-10-06 12:20 - 2014-08-01 14:59 - 00000919 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-06 12:20 - 2014-08-01 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 12:15 - 2014-08-01 14:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-06 12:14 - 2013-08-19 18:42 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-10-06 12:14 - 2013-08-19 18:42 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-04 09:31 - 2014-04-07 19:01 - 00003164 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForRobert
2014-10-04 09:31 - 2014-04-07 19:01 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForRobert.job
2014-10-04 03:38 - 2014-02-20 13:47 - 00000468 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2014-10-04 02:16 - 2014-02-20 13:47 - 00000476 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (Local).job
2014-10-03 12:35 - 2013-07-07 19:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-03 12:23 - 2014-08-19 23:31 - 00000000 ___DO () C:\Users\Robert\OneDrive
2014-10-03 12:21 - 2014-03-18 03:54 - 00036186 _____ () C:\WINDOWS\PFRO.log
2014-10-03 12:21 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-03 12:20 - 2013-08-22 07:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-03 12:19 - 2014-03-04 14:54 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-03 12:19 - 2014-03-04 14:54 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-03 12:19 - 2013-07-07 15:28 - 00001003 _____ () C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-02 12:48 - 2014-08-29 12:48 - 00070144 _____ () C:\WINDOWS\SysWOW64\tasks.dll
2014-10-01 17:30 - 2014-03-18 04:03 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-01 17:25 - 2014-05-28 14:43 - 00014848 ___SH () C:\Users\Robert\Desktop\Thumbs.db
2014-10-01 17:23 - 2014-08-28 12:49 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-01 17:23 - 2013-08-22 08:44 - 00493432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-01 17:22 - 2014-03-04 14:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-01 17:15 - 2014-07-23 11:43 - 00000003 _____ () C:\Users\Robert\AppData\Local\proxy.log
2014-10-01 17:15 - 2013-08-22 09:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-10-01 11:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-30 09:52 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-30 09:40 - 2014-08-20 12:00 - 00632050 _____ () C:\Users\Robert\Downloads\OTL.Txt
2014-09-30 09:39 - 2014-08-28 12:49 - 00000000 ____D () C:\ProgramData\7f6d81c074eda3b0
2014-09-30 09:19 - 2013-08-22 08:46 - 00300272 _____ () C:\WINDOWS\setupact.log
2014-09-30 06:42 - 2014-03-18 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-30 06:42 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-30 06:42 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-30 06:42 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-30 06:42 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-30 06:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-30 06:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-30 06:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-30 06:42 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-30 06:42 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-30 06:31 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-29 19:41 - 2014-08-19 14:37 - 00000000 ____D () C:\Users\Robert
2014-09-29 17:29 - 2013-08-28 18:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-29 17:12 - 2014-09-01 21:35 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-15 16:24 - 2014-08-19 16:16 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-15 16:24 - 2014-08-19 16:16 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-15 16:24 - 2014-08-19 16:16 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-15 16:24 - 2014-08-19 16:16 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-15 16:24 - 2014-08-19 16:16 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-15 16:24 - 2014-08-19 16:16 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-15 16:24 - 2014-08-19 16:16 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-15 16:24 - 2014-08-19 16:16 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-15 16:24 - 2014-08-19 16:16 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-15 16:24 - 2014-08-19 16:16 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-15 16:24 - 2014-08-19 16:16 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-15 16:24 - 2014-08-19 16:16 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-15 16:24 - 2014-08-19 16:16 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-15 16:24 - 2014-08-19 16:16 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-15 16:24 - 2014-08-19 15:58 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-15 16:24 - 2014-08-19 15:58 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-15 16:23 - 2013-08-06 21:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-15 16:17 - 2013-07-11 19:45 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-15 15:03 - 2014-05-06 17:54 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-08 15:28 - 2013-04-24 15:00 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-08 15:28 - 2012-08-03 18:02 - 00000000 ____D () C:\SWSetup

Some content of TEMP:
====================
C:\Users\Robert\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-03 13:30

==================== End Of Log ============================


  • 0

#22
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi. Ok lets try and sort out the issue with Malwarebytes not running.

First...

FRST Fix

If FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached and save it to your desktop <<< very important - it must be in the same location as FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Next...


Remove Norton/Symantec

  • Please download the Norton Removal Tool from here and save it to your desktop.
  • Right click the Norton_Removal_Tool.exe and follow the prompts
  • Once completed, allow it to restart your PC.

Then...

Remove Malwarebytes

Download Malwarebytes' Anti-Malware from Here or Here

And retry the installation.

  • Please download the Malwarebytes Removal Tool from here or here and save it to your desktop.
  • Right click the mbam-clean-x.x.x.xxxx.exe (x.x.x.xxxx represents the current version number) and follow the prompts
  • Once completed, allow it to restart your PC.

Next..

 

Enable Windows defender, instructions can be found here.

And retry installing and running Malwarebytes.

 

How have you got on?


  • 0

#23
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Please ignore these lines as they got mixed up in my post. They should have been at the end but somehow ended up halfway up the page.. oops

Download Malwarebytes' Anti-Malware from Here or Here

And retry the installation.

  • 0

#24
TheAlpinist

TheAlpinist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by Robert at 2014-10-08 15:40:38 Run:3
Running from C:\Users\Robert\Desktop
Loaded Profile: Robert (Available profiles: Robert)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CHR RestoreOnStartup: Default -> "hxxp://search.conduit.com/?ctid=CT3309350&SearchSource=48&CUI=UN29219282661603511&UM=2"
CHR NewTab: Default -> "chrome-extension://iigplimlmgilpobjilfbfeilnpiigpgl/Search/NewTabPages/html/new_tab.html"
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR DefaultSearchProvider: Default -> Conduit
CHR DefaultSearchURL: Default -> http://search.condui...=CT3309350&UM=2
CHR DefaultSuggestURL: Default -> http://suggest.searc...2661603511&UM=2
CHR Extension: (No Name) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-29]
emptytemp:
end
*****************

Chrome RestoreOnStartup deleted successfully.
Chrome NewTab deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Conduit ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => Moved successfully.
EmptyTemp: => Removed 57.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

In addition, Norton has been removed, windows defender enabled and Malware bytes removed, reinstalled and as a consequence is able to be run. I will proceed following your next set of instructions, and a huge thank you for all of your assistance and patience.


Edited by TheAlpinist, 08 October 2014 - 05:15 PM.

  • 0

#25
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi. Firstly, you will need to manually reset Chrome default search engine. Instructions can be found here

 

Also could you disable your antivirus when performing the ESET scan mentioned below.

 

And no problem, we are here to help :D

Step 1

Run Malwarebytes' Anti-Malware
Start Malwarebytes

  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish,so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


    Step 2

    Please run a free online scan with the ESET Online Scanner
  • Click Run Eset Online Scanner

    Runscan.png


    Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
    Important: Please disable your existing AV software for the duration of the scan. If you need instructions on how to disable it, please check out this site: http://www.bleepingc...lware-programs/
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:
    eset-selections.png
  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

    eset-selections.png
  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Items I need to see in your next post:


  • Malwarebytes Log
  • ESET Scan Log

  • 0

Advertisements


#26
TheAlpinist

TheAlpinist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Do you want me to download the Chrome browser or just adjust it to be my default browser?


  • 0

#27
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

It has a setting within Chrome already to set the default engine it uses when you perform a search. That is what needs to be changed.

Set your default search engine

Click the Chrome menu Chrome menu on the browser toolbar.
Select Settings
In the "Search" section, select the search engine that you want to use from the menu.(< Currently not set to a mainstream engine like google or bing)
Click the Make Default button that appears in the row.

Then click the cross to the right of the incorrect search engines.


  • 0

#28
TheAlpinist

TheAlpinist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

I have checked under settings and Google is already the default, when I select Google again the Make Default button does not appear. I don't imagine that's a problem, should I proceed with Malware bytes?


  • 0

#29
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Yes carry on with the rest thanks.


  • 0

#30
TheAlpinist

TheAlpinist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/9/2014
Scan Time: 11:09:29 AM
Logfile: MBAMlog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.09.08
Rootkit Database: v2014.10.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Robert

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356210
Time Elapsed: 25 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.Highlightly, HKU\S-1-5-21-3973067536-1798800631-1438657387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [e7618e844339c96d18840f8eba48d12f],
PUP.Optional.Highlightly, HKU\S-1-5-21-3973067536-1798800631-1438657387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [e7618e844339c96d18840f8eba48d12f],
PUP.Optional.Highlightly, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [e7618e844339c96d18840f8eba48d12f],
PUP.Optional.Highlightly, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}, Quarantined, [e7618e844339c96d18840f8eba48d12f],
PUP.Optional.CostMin, HKLM\SOFTWARE\CLASSES\cosstminn.cosstminn, Quarantined, [6edac949cdafae88b74ab76a877c49b7],
PUP.Optional.CostMin, HKLM\SOFTWARE\CLASSES\cosstminn.cosstminn.2.0, Quarantined, [133548ca2b5143f333ce849d5ba8738d],
PUP.Optional.Highlightly, HKLM\SOFTWARE\WOW6432NODE\Highlightly, Quarantined, [5eea31e1f48845f134b086ee3cc83ac6],
PUP.Optional.CostMin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cosstminn.cosstminn, Quarantined, [a4a47a98225a8aace21f30f1d52e659b],
PUP.Optional.CostMin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cosstminn.cosstminn.2.0, Quarantined, [ab9d19f9f18b7eb86b9650d1f80b8f71],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3973067536-1798800631-1438657387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TidyNetwork.com, Quarantined, [9bad32e0ea92d16553271e1e8b7921df],
PUP.Optional.FastStart.A, HKU\S-1-5-21-3973067536-1798800631-1438657387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [c5839b778bf14fe792cd4fc7d62de41c],

Registry Values: 2
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, Quarantined, [311740d2b5c788ae4070ccb283810df3]
PUP.Optional.FastStart.A, HKU\S-1-5-21-3973067536-1798800631-1438657387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, [email protected], Quarantined, [c5839b778bf14fe792cd4fc7d62de41c]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.BrowserPlus.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iigplimlmgilpobjilfbfeilnpiigpgl, Quarantined, [054336dc81fb2b0bb7575bb4897aa759],
PUP.Optional.BrowserPlus.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_iigplimlmgilpobjilfbfeilnpiigpgl_0, Quarantined, [4404ed25abd1a591f21d43cc897a20e0],

Files: 18
PUP.Optional.AirInstaller, C:\Users\Robert\Downloads\java.exe, Quarantined, [1335f1212c5040f635836cdda06135cb],
PUP.Optional.Montiera.I, C:\Users\Robert\Downloads\HD_Player__MTCD4349_77903fa12b3a5be9cc9d869b89cc11db.exe, Quarantined, [460239d94f2dd363015312e6a65e916f],
PUP.Optional.InstalleRex, C:\Users\Robert\Downloads\Setup(1).exe, Quarantined, [98b0030fbebe83b301cfab1d867bb848],
PUP.Optional.Solimba, C:\Users\Robert\Downloads\Setup.exe, Quarantined, [82c6de34f389cb6b7b8028f051b0c63a],
PUP.Optional.AirAdInstaller, C:\Users\Robert\Downloads\SoftwareUpdate.exe, Quarantined, [044470a23745e84ec97856e418e813ed],
PUP.Optional.FullSpectrumAdmin, C:\Users\Robert\Downloads\uplayermediaplayer-setup.exe, Quarantined, [eb5d8c86631964d2fa5705cc43c145bb],
PUP.Optional.GetPrivateVPN, C:\Windows\System32\Tasks\GPUP, Quarantined, [2424a56dadcf4fe73398bb56709322de],
PUP.Optional.Proxy.A, C:\Users\Robert\AppData\Local\proxy.log, Quarantined, [2622ad65e5974cea8ae2a27aee15cf31],
PUP.Optional.BrowseSafe.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnbaolfhobbbokdcmfiplbokkokobjgc_0.localstorage, Quarantined, [a1a737db423ab185465d0618aa591de3],
PUP.Optional.BrowserPlus.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iigplimlmgilpobjilfbfeilnpiigpgl_0.localstorage, Quarantined, [c5830f03dd9f72c4fa010e76857f19e7],
PUP.Optional.BrowserPlus.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iigplimlmgilpobjilfbfeilnpiigpgl\000018.log, Quarantined, [054336dc81fb2b0bb7575bb4897aa759],
PUP.Optional.BrowserPlus.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iigplimlmgilpobjilfbfeilnpiigpgl\000019.sst, Quarantined, [054336dc81fb2b0bb7575bb4897aa759],
PUP.Optional.BrowserPlus.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iigplimlmgilpobjilfbfeilnpiigpgl\CURRENT, Quarantined, [054336dc81fb2b0bb7575bb4897aa759],
PUP.Optional.BrowserPlus.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iigplimlmgilpobjilfbfeilnpiigpgl\LOCK, Quarantined, [054336dc81fb2b0bb7575bb4897aa759],
PUP.Optional.BrowserPlus.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iigplimlmgilpobjilfbfeilnpiigpgl\LOG, Quarantined, [054336dc81fb2b0bb7575bb4897aa759],
PUP.Optional.BrowserPlus.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iigplimlmgilpobjilfbfeilnpiigpgl\LOG.old, Quarantined, [054336dc81fb2b0bb7575bb4897aa759],
PUP.Optional.BrowserPlus.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iigplimlmgilpobjilfbfeilnpiigpgl\MANIFEST-000016, Quarantined, [054336dc81fb2b0bb7575bb4897aa759],
PUP.Optional.BrowserPlus.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_iigplimlmgilpobjilfbfeilnpiigpgl_0\1, Quarantined, [4404ed25abd1a591f21d43cc897a20e0],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bbd48dbe7f3cf5469daf34d988385bfd
# engine=20526
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-10 06:30:15
# local_time=2014-10-10 12:30:15 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 4350745 0 0
# scanned=280716
# found=93
# cleaned=0
# scan_time=13882
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserPlus2\BrowserPlus2ToolbarHelper.exe.vir"
sh=2EE0AAF575D86EF5A93B01C7EC03EBF926CA4147 ft=1 fh=d82e726e69eec8ce vn="Win64/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserPlus2\hk64tbBrow.dll.vir"
sh=D4FEA02B7EEC13FA4944AA276F160B1FCE078AB3 ft=1 fh=901bf430c96d23b4 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserPlus2\hktbBrow.dll.vir"
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserPlus2\ldrtbBrow.dll.vir"
sh=C51D61A1083C6A927BE3AA91BFC7AA63BA68DAA0 ft=1 fh=c0f81c2205332fa9 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserPlus2\prxtbBrow.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserPlus2\tbBrow.dll.vir"
sh=B65A60A6911ADD1A78F25B7F06371D8FD27B0228 ft=1 fh=c71c0011c7200568 vn="a variant of Win32/AdWare.MultiPlug.AY application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\cosstminn\w583Ivkj.dll.vir"
sh=FE3733CEB8820428EA2B3A4F14BE3845FC85154E ft=1 fh=36f7c41ca85f16e1 vn="a variant of Win64/Adware.MultiPlug.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\cosstminn\w583Ivkj.x64.dll.vir"
sh=B8649797FFDEFC5141D3F49FFFB19673F2613D51 ft=1 fh=f3e98fad226a0ea4 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_us_171\freeSoftToday_widget.exe.vir"
sh=62D0BE49338710045137B293DBF4806E118B3A69 ft=1 fh=c71c0011e28c7f56 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CheapMeu\48dAw_Oi.dll.vir"
sh=C63301A772069643A48A5D3B2D15907079A004E0 ft=1 fh=c71c00110c92ec60 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CheapMeu\48dAw_Oi.exe.vir"
sh=3839324E2C1461AA49A2351F198E1A68775E9B56 ft=1 fh=2a51e5dcb7820310 vn="a variant of Win64/Adware.MultiPlug.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CheapMeu\48dAw_Oi.x64.dll.vir"
sh=47337B3024CDA81292FB14DCEC20F4DE5D29DB56 ft=1 fh=c71c0011132eb91e vn="a variant of Win32/AdWare.MultiPlug.AG application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\cosstminn\rBNlTudH3.exe.vir"
sh=ED6326A9A7F9A99A005E08C2AC730AF460F1A3C4 ft=1 fh=c71c0011628cf864 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\NewSaVer\MrU5HeCQkHZ4Nh.dll.vir"
sh=C414BCDCB28AD80FA7B86125C3066A1075D0CDD8 ft=1 fh=c71c00117c0b0bca vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\NewSaVer\MrU5HeCQkHZ4Nh.exe.vir"
sh=845D6225589504F98864E1605402B8B4A3457326 ft=1 fh=c9d59110c79d5e2d vn="a variant of Win64/Adware.MultiPlug.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\NewSaVer\MrU5HeCQkHZ4Nh.x64.dll.vir"
sh=48334E741ECC51CD8715CD12A511EAFE4BF5B24B ft=1 fh=bb59c663e6785d39 vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Browse Safe\gpedit.exe.vir"
sh=F23DB8CFCEF0485CB0FC3AC9CD66C3D2A27D26DB ft=1 fh=d3326b82ed547a50 vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Browse Safe\SoftwareDetector.exe.vir"
sh=E6518A880C5F3561340310F468A8FC3AE379C2DE ft=1 fh=a4ca820ae10b1ce4 vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Browse Safe\storageedit.exe.vir"
sh=38B42A28B359B9D0FD9EDE701508F03533F98020 ft=1 fh=6f24f998a81dd8c8 vn="a variant of Win32/Adware.EoRezo.AJ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\fst_us_171\upfst_us_171.exe.vir"
sh=A9177AEDB8649363873BF66CE50F4BD887902263 ft=1 fh=1fc6beeb1919abcb vn="Win32/AdWare.EoRezo.AW application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\fst_us_171\Download\majfstusau.exe.vir"
sh=F96DA94717A42485BFA09554472D1669B972A051 ft=1 fh=16edae702d5a3472 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\hk64tbBro0.dll.vir"
sh=89EFB95EA494B79655C7F863F1C1281CD2709657 ft=1 fh=e87f6ab06a9e2986 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\hk64tbBro2.dll.vir"
sh=2EE0AAF575D86EF5A93B01C7EC03EBF926CA4147 ft=1 fh=d82e726e69eec8ce vn="Win64/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\hk64tbBrow.dll.vir"
sh=BFFE5205E1E634259011D14420D2A522291DF4EE ft=1 fh=d361417ca891f53c vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\hktbBro0.dll.vir"
sh=AB06A99D1673ACFDB102B0E2A1A77589CFEBEB88 ft=1 fh=1adb5a7836c4d687 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\hktbBro2.dll.vir"
sh=D4FEA02B7EEC13FA4944AA276F160B1FCE078AB3 ft=1 fh=901bf430c96d23b4 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\hktbBrow.dll.vir"
sh=C2A322173BFE435CA8D1E821F5A0DCB97A5C7F2D ft=1 fh=a133df1df4cb7951 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\ldrtbBro0.dll.vir"
sh=4ED909DA6660CED26F0838A7C1233779B8A23013 ft=1 fh=779718076a3c51f7 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\ldrtbBro2.dll.vir"
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\ldrtbBrow.dll.vir"
sh=97D24FECAD3F726C56C0303CC66B4576877E9868 ft=1 fh=f7ae4dc8920ef0d0 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\prxtbBro0.dll.vir"
sh=B24E3DDDEBADE922CBBB4D910726576F58543587 ft=1 fh=7019312cd9cc83e2 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\prxtbBro2.dll.vir"
sh=2C8C04756C8636081C4FB6F69DE27B3557332E2C ft=1 fh=ad797af7d41bd8e7 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\sc64tbBro0.dll.vir"
sh=674BCA17C4E4192BFCE57D81897099D4BCC1BA82 ft=1 fh=b1e510e34f0c562c vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\sc64tbBro2.dll.vir"
sh=17F15B6FFEFF5A7159B9EEC646411103A4F1F0EE ft=1 fh=6743dc4722e8b4d4 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\sctbBro0.dll.vir"
sh=EA8B5BB5CB40733B2F431B23038B3B3F8BC931C3 ft=1 fh=3ceca46ce3595536 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\sctbBro2.dll.vir"
sh=F2D0E0D3645DDD751F293C391C560C4142FCD1D3 ft=1 fh=2fcbc68ed4edd523 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\tbBro0.dll.vir"
sh=9E0A96449BD16DB18E6E4418F677565712B8EBFF ft=1 fh=79d5711226c99797 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\tbBro1.dll.vir"
sh=0BEB96A71B86E22B0B605D512C47BB0BA5A9AA7F ft=1 fh=963ff6bc3d69b8f0 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\tbBro2.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\LocalLow\BrowserPlus2\tbBrow.dll.vir"
sh=B8E6BA69D75149795E4283A8A484B694CC50C001 ft=1 fh=7690bee84a2cb28f vn="Win32/VOPackage.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=312B4326F089F044FEFE73A81FD94223E3F36410 ft=1 fh=789dc111d976203c vn="a variant of Win32/VOPackage.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=61897FE467FE567D4E93C0E87AF1899DB5416CA2 ft=1 fh=2b4e98822df8a714 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=AAA29097B1E5A7098E19A38F1200E636EE1C3A1E ft=1 fh=6b75069f13c3f94c vn="Win64/AdvancedSystemProtector.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\sasnative64.exe.vir"
sh=0FADB783C6C38284E5819BCADED2A1C50503F7AF ft=1 fh=fcdd72b19b62f8d2 vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Bench\BService\1.1\bhelper.dll"
sh=CCFCD73F208F834C854E46E6F31DB11AADA5CF08 ft=1 fh=6a366370a714a51b vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Bench\BService\1.1\bservice.exe"
sh=58787F33433447F2727A8811B33168C18C28DB32 ft=1 fh=c71c001199b91430 vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Bench\NmHost\nmhost.exe"
sh=7BB9B28A48C61080F08A506BCE180EC51A3F36A7 ft=1 fh=973e2ab75d54163d vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Bench\Proxy\cl.exe"
sh=5785D6C6E75AA06C941AB3EADBEAE27621BD46B4 ft=1 fh=9ec2a58209724da4 vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Bench\Proxy\proc.exe"
sh=F6737481135233960131B48FA9BD074CB53DDCA1 ft=1 fh=c71c00118427ae51 vn="a variant of Win32/AdWare.SmartApps.E application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Bench\Proxy\pwdg.exe"
sh=558B9F18F39F980BB52F023D2AEFE3522591AAE9 ft=1 fh=44b5e41c0a9f2e66 vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Bench\Wd\wd.exe"
sh=394D1AEFF2BF1133BF885A95829BCA59182F4335 ft=1 fh=82b28d039ebe608c vn="a variant of MSIL/Adware.iBryte.F application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
sh=FFA71257AC72558AA4BE8F4D6AE52AFF254D4516 ft=1 fh=5778ae6b09ec6ef1 vn="a variant of MSIL/Adware.iBryte.G application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe"
sh=9482FEF6890593B22BD8BE5C9826F9D6F280C42D ft=1 fh=8ca44d1e5b246a83 vn="a variant of Win32/AdWare.Vitruvian.D application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Highlightly\Service\hlsvc.exe"
sh=E9D0E4A94B7CF2723CE5AA1547EFCB5573FE1284 ft=0 fh=0000000000000000 vn="Win32/AdWare.AddLyrics.T application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\LyricsParty\133.crx.xBAD"
sh=2E431F2F40B04F90718AFEC507B6678963627E7F ft=0 fh=0000000000000000 vn="Win32/AdWare.AddLyrics.T application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\LyricsParty\133.xpi.xBAD"
sh=18BB72942239E9453B1F1DD614626D875BCF3C04 ft=1 fh=c71c0011eb43edb3 vn="a variant of Win32/SProtector.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Supporter\Supporter.dll"
sh=6007434E9D98E0FFA81201819382E47D42D5DD1B ft=1 fh=c4e548e56c5d9a58 vn="a variant of Win32/SProtector.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Supporter\SupporterSvc.dll"
sh=135E3569852A727DC9BF87488605DB9ADBDE0A03 ft=1 fh=c71c0011f39dd73d vn="a variant of Win64/SProtector.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Supporter\Supporter_x64.dll"
sh=99F2F8DFF8294DAE591B347524BDC03C5663D27B ft=1 fh=2373e2a0e5c0b5f3 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll"
sh=CA6AEB2060DB3F3E21F47EE185868EEAFEE5978B ft=1 fh=aca5c1a0cb177df4 vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll"
sh=FA62DF4C98B18B3B46EDBE0BF13121D372F55310 ft=1 fh=19c254f1280bab12 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe"
sh=BC8A876A2E798409272E09EB3492C46A1F9B6F50 ft=1 fh=f63d5a54f4414774 vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\msvcp110.dll"
sh=A295A39CC0FE8CFEBE9E5AEB277F28FC27AA6A9F ft=1 fh=81f10b19df3b2c6f vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\msvcr110.dll"
sh=5AAD8A17745D537D26701296CBCDEA7F05AB8630 ft=1 fh=7dad1d1e5f75bdb1 vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe"
sh=FF7334712D4D70285BBACAA5CB9BB2C20EE33C80 ft=1 fh=1eee7598418b7884 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll"
sh=3BCB033BD064B4030970C704C2C1087A23B530F0 ft=1 fh=882be482dff039d4 vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll"
sh=2C72C2967E07E465C85E06D7DE9F53AE59FD524C ft=1 fh=818637f81cd0ffe9 vn="a variant of Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe"
sh=DC534EE9AC7785306C6076460E3DF9C7B0AD3799 ft=1 fh=97dff54846362986 vn="Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll"
sh=B051650620B7208DB1EFB626456679F3A4655610 ft=1 fh=61b01d47a49dec18 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe"
sh=A20C819D33D6FDD2C2E2494F1830B5E944682D6F ft=1 fh=27d75d479d096acd vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll"
sh=01761D4E33812C717FB9F2AD20472B5935268C2B ft=1 fh=375cdcdb3cf5c0ff vn="Win64/Thinknice.D potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll"
sh=DF72DCC61711D73EA1324145E853EC403532F804 ft=1 fh=c41e14535f54e08b vn="Win32/AdWare.Yontoo.E application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Web Cake\OptChrome.exe"
sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="a variant of MSIL/WebCake.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe"
sh=2C72C2967E07E465C85E06D7DE9F53AE59FD524C ft=1 fh=818637f81cd0ffe9 vn="a variant of Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\IePluginServices\PluginService.exe"
sh=39BBE49606478A8D9ABCDECA1E84040B4411F219 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\InstallMate\{A1902941-9E1F-4A9A-A871-D63D7A730BB7}\Custom.dll"
sh=9CA8EBFF024F34D076C7BFFF92B978D99251DC66 ft=1 fh=03cf8fdbea9a76d3 vn="a variant of Win32/ELEX.AM potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe"
sh=A558D3A21B17759A18351272BBA59A39A5D086CD ft=1 fh=50fa78154c30a83e vn="Win32/TrojanDownloader.Agent.AFD trojan" ac=I fn="C:\FRST\Quarantine\C\Support\couponsupport.exe"
sh=AB737825A7505AAC578969836E303623E95DF869 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Robert\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx.xBAD"
sh=8FB67113D692FD8EBE0F313AF5BB8EE49CC0A2B6 ft=1 fh=7251d3d44ebeaf95 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.16.70.1_0\plugins\ConduitChromeApiPlugin.dll"
sh=5C4422B8A162AFE9048E367C5B9C1932CCA25A9E ft=1 fh=2958be9b3cb0c285 vn="Win32/Toolbar.Conduit.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.16.70.1_0\plugins\TBVerifier.dll"
sh=8FB67113D692FD8EBE0F313AF5BB8EE49CC0A2B6 ft=1 fh=7251d3d44ebeaf95 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll"
sh=5C4422B8A162AFE9048E367C5B9C1932CCA25A9E ft=1 fh=2958be9b3cb0c285 vn="Win32/Toolbar.Conduit.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.16.70.501_0\plugins\TBVerifier.dll"
sh=03674041FB8A23702B68019383C998D5EF310113 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\FRST\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\odahgeaajkpopkhiakbpomdcehbmmkpg\1.125_0\contentscript.js"
sh=00AAD548B1427D66FA34E64267E52AA763F45211 ft=1 fh=f0a90eb21fec96e1 vn="Win32/OutBrowse.W potentially unwanted application" ac=I fn="C:\Users\Robert\Downloads\Adobe_Flash.exe"
sh=B9982BD75B19DBEFC409299ACEA60BBF922520E6 ft=1 fh=c71c00113b1530db vn="Win32/InstallCore.MM potentially unwanted application" ac=I fn="C:\Users\Robert\Downloads\iTunes_Setup(1).exe"
sh=B3A133D19AA7A8AD5EE9242D7F368C9AAAE2FA47 ft=1 fh=c71c00118c3b9728 vn="Win32/InstallCore.MM potentially unwanted application" ac=I fn="C:\Users\Robert\Downloads\iTunes_Setup(2).exe"
sh=87E319177607E255FCEF3273FDA737BFDA3D59BD ft=1 fh=c71c001108b287bb vn="Win32/InstallCore.MM potentially unwanted application" ac=I fn="C:\Users\Robert\Downloads\iTunes_Setup(3).exe"
sh=F43E1EC17DE6B24587F2565F71A0348629B593B9 ft=1 fh=c71c001127c5466c vn="Win32/InstallCore.MM potentially unwanted application" ac=I fn="C:\Users\Robert\Downloads\iTunes_Setup.exe"
sh=254AA7AB7883E7186C539F0CB6809855298533A9 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Installer\694d3.msi"
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP