Hello and happy Easter/hanukkah holiday,
I have an annoying malware which is hi-jacking my Chrome Searches. Not affecting IE/FF/Iron browsers.
I have managed to spread the malware from my Laptop (64bit) to my desktop (32bit) so it may have attached itself to my google profile (maybe?). It arrived on my laptop with an entire fruit salad of malware when Iinadvertentlyclicked on a link. I managed to get rid of all others, but this keeps recurring.
Leaving aside the Laptop, I am concentrating on cleaning the desktop, so here is the FRST log for the desktop, 32bit running Windows 7Ultimate.
PC appears to be running okay, I just can't use Google search on Chrome reliably.
Thanks
Jane
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by StudyDesktop (administrator) on STUDYDESKTOP-PC on 05-04-2015 10:43:44
Running from C:\Users\StudyDesktop\Downloads
Loaded Profiles: StudyDesktop (Available profiles: StudyDesktop)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brother Help\BrotherHelp.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Jumping Bytes) C:\Program Files\PureSync\PureSyncTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(VoipConnect) C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [EEventManager] => C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-31] (Avast Software s.r.o.)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [SoftAuto.exe] => C:\Program Files\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [PureSync] => C:\Program Files\PureSync\PureSyncTray.exe [923312 2015-03-17] (Jumping Bytes)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe [31445088 2015-03-27] (VoipConnect)
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\StudyDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cantinone.eu/
HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-31] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-14] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6EC76178-A5A5-470E-87DB-8583CCCB8BDA}: [NameServer] 192.168.7.1
FireFox:
========
FF ProfilePath: C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://it.yahoo.com?fr=hp-avast&type=avastbcl
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default\searchplugins\yahoo-avast.xml [2014-06-07]
FF Extension: Google Bookmarks for Firefox - C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default\Extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}.xpi [2011-03-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-25]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.dalani.it/014-oldengland-house/?&utm_source=evening-newsletter&utm_medium=da-newsletter&utm_content=old_england&utm_campaign=evening-nl-20140408&utm_term=no-special-tg
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-23]
CHR Extension: (Google Search) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-23]
CHR Extension: (ZenMate) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-06-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (ADTelly PRO Watch BBC iPlayer & ITV abroad) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijiggndnopldglgelamfhfhicjbfdam [2014-10-05]
CHR Extension: (Google Wallet) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Watch UK TV Online with Adtelly.tv) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjjcnhdfjhfmkpilggjhhkgafmflld [2014-12-22]
CHR Extension: (Gmail) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-31] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-03-31] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-31] (Avast Software)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 CTDevice_Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [33080 2015-03-04] (The OpenVPN Project)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-31] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-03-31] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-31] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2015-03-31] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-31] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-31] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-31] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-03-31] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-31] ()
R3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-14] (Atheros Communications, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-31] (Avast Software)
R3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-05 10:43 - 2015-04-05 10:44 - 00021790 _____ () C:\Users\StudyDesktop\Downloads\FRST.txt
2015-04-05 10:43 - 2015-04-05 10:43 - 00000000 ____D () C:\FRST
2015-04-05 10:41 - 2015-04-05 10:42 - 01135104 _____ (Farbar) C:\Users\StudyDesktop\Downloads\FRST.exe
2015-04-05 03:01 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 18:02 - 2015-04-04 18:03 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Dad Photos
2015-04-04 09:11 - 2015-04-05 09:13 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{89A3AE9B-2C55-4990-9691-5859511F08CA}
2015-04-03 09:48 - 2015-04-03 09:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-02 21:49 - 2015-04-03 09:49 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{B45EE6D0-E69C-4346-B663-A17CD9A67327}
2015-04-02 09:47 - 2015-04-02 09:47 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{5C75646C-702D-48DB-87A1-1990492D77F0}
2015-04-01 08:27 - 2015-04-01 08:27 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{A5686405-5E83-4EC2-B5CD-8589641CD2F2}
2015-04-01 08:18 - 2015-04-04 08:22 - 00000224 _____ () C:\Windows\setupact.log
2015-04-01 08:18 - 2015-04-01 08:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-31 19:25 - 2015-03-31 19:25 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{4D546993-C0F3-43C1-9624-6981D174518F}
2015-03-31 18:43 - 2015-03-31 18:46 - 44832392 _____ (SRWare ) C:\Users\StudyDesktop\Documents\srware_iron.exe
2015-03-31 17:41 - 2015-03-31 17:41 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-31 17:29 - 2015-03-31 17:29 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-31 16:28 - 2015-03-31 16:28 - 00002063 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-03-31 16:28 - 2015-03-31 16:28 - 00002003 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-03-31 16:24 - 2015-03-31 16:23 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-31 16:24 - 2015-03-31 16:23 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-03-31 16:23 - 2015-03-31 16:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-31 16:22 - 2015-03-31 16:22 - 00271248 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-03-31 07:24 - 2015-03-31 07:24 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{CF53DB2E-AAD4-43AA-936C-97916890309C}
2015-03-30 11:43 - 2015-03-30 11:43 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{88776E74-FA59-49D4-816A-672479FB1A47}
2015-03-28 10:34 - 2015-03-29 10:37 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{53B999B5-EDBB-4D3F-85BC-BC180A5AFB21}
2015-03-26 10:16 - 2015-03-27 10:17 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{54E05E47-D11A-422A-832F-DBEF9516A15F}
2015-03-24 07:58 - 2015-03-24 07:59 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{B3E68C9C-D3F6-4EBF-98E9-EB80699DBA3F}
2015-03-23 11:38 - 2015-03-23 11:38 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{E164BEE7-124B-47C6-839E-EBA66DBB5EC4}
2015-03-23 09:32 - 2015-03-23 09:32 - 00000895 _____ () C:\Users\Public\Desktop\PureSync.lnk
2015-03-23 09:32 - 2015-03-23 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync
2015-03-23 09:32 - 2015-03-23 09:32 - 00000000 ____D () C:\Program Files\PureSync
2015-03-23 09:32 - 2015-03-23 09:32 - 00000000 ____D () C:\Program Files\Common Files\Jumping Bytes
2015-03-22 23:35 - 2015-03-22 23:37 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{78E5EDD5-C222-4DB6-8B18-3A724DEA6CE5}
2015-03-22 18:24 - 2015-03-22 18:25 - 00000580 __RSH () C:\Users\StudyDesktop\ntuser.pol
2015-03-22 16:51 - 2015-03-22 16:51 - 00001065 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-03-22 16:48 - 2015-03-22 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-03-22 16:48 - 2015-03-22 16:51 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-03-22 16:48 - 2015-03-22 16:51 - 00000000 ____D () C:\Program Files\OpenVPN
2015-03-22 16:48 - 2015-03-22 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-03-22 10:11 - 2015-03-22 10:11 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{A4B45DC3-A20B-4BC0-8423-8E36D79B5CB2}
2015-03-20 10:07 - 2015-03-20 10:07 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{48B8C162-FF57-468F-89D8-4680FE41E8C9}
2015-03-19 08:48 - 2015-03-19 08:48 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{524461A2-0BBA-428A-9F5D-4CC20E060C7F}
2015-03-18 10:58 - 2015-03-18 10:58 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{35A38611-FF44-4079-A6A5-26456ACD5059}
2015-03-17 08:44 - 2015-03-17 08:44 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{C13D3E7E-ECC1-4B18-8878-9C3D404B920C}
2015-03-15 12:04 - 2015-03-15 12:04 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{43BC7C2F-8B1E-4CDA-94CD-ED7860B71252}
2015-03-12 10:15 - 2015-03-13 10:18 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{7AAEC3D4-0BBA-48FA-95E2-8349F7757B22}
2015-03-11 21:45 - 2015-03-11 21:46 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{C54A25DB-06AF-4722-91B0-8049080B98A3}
2015-03-11 10:09 - 2015-03-11 10:09 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{6867D099-6974-49BC-8FAB-536766541082}
2015-03-11 09:10 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:10 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 09:10 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 09:10 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 09:10 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 09:10 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 09:10 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 09:10 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 09:10 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 09:10 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 09:10 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 09:10 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 09:10 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 09:10 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 09:10 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:10 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:10 - 2015-01-31 05:32 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 09:10 - 2015-01-31 04:52 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 09:10 - 2015-01-31 04:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 09:10 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:09 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 09:09 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 09:09 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 09:09 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 09:09 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 09:09 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 09:09 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 09:09 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 09:09 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 09:09 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 09:09 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 09:09 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 09:09 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 09:09 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 09:09 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 09:09 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 09:09 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 09:08 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 09:08 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 09:08 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 09:08 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 09:08 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 09:08 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 09:08 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 09:08 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 09:08 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 09:08 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 09:08 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:08 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:07 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:07 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 09:07 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 09:07 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 09:07 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 09:07 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 09:07 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 09:07 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 09:07 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 09:07 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 09:07 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 09:07 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 09:07 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 09:07 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 09:07 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 09:07 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 09:07 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:07 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 09:07 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 09:07 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-09 10:05 - 2015-03-10 22:08 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{EC90BD9F-6513-40C5-B0DB-088D5256BBF1}
2015-03-08 13:39 - 2015-03-08 13:39 - 00000000 ___RD () C:\Users\StudyDesktop\AppData\Roaming\Brother
2015-03-08 11:26 - 2015-03-08 11:26 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{2A1D0CBD-C241-46FC-B8D6-EF12F8BA7256}
2015-03-07 09:26 - 2015-03-07 09:26 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{7866DA0D-2F34-45E3-BBE9-8E4FAFA1D7FC}
2015-03-06 17:35 - 2015-03-06 17:38 - 06208736 _____ (Tim Kosse) C:\Users\StudyDesktop\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-06 10:43 - 2015-03-06 10:43 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\{6AF648DE-2C4D-4525-A11B-46A512165CA1}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-05 10:37 - 2012-03-23 16:46 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-05 10:37 - 2012-03-23 16:46 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-05 10:26 - 2014-02-26 16:32 - 00000000 ____D () C:\Users\StudyDesktop\MoneySunset
2015-04-05 10:24 - 2011-03-26 15:48 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\Skype
2015-04-05 10:04 - 2012-04-17 08:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-05 09:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2015-04-05 09:24 - 2011-03-26 15:48 - 00000000 ___RD () C:\Program Files\Skype
2015-04-05 09:24 - 2011-03-26 15:48 - 00000000 ____D () C:\ProgramData\Skype
2015-04-05 03:21 - 2011-03-24 13:34 - 01505575 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 18:02 - 2009-08-26 11:16 - 00000000 ____D () C:\Users\StudyDesktop\Documents\General
2015-04-04 17:55 - 2005-04-25 23:07 - 00000000 ____D () C:\Users\StudyDesktop\Documents\CVS
2015-04-04 12:19 - 2014-11-17 17:29 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\ControlCenter4
2015-04-04 11:50 - 2013-07-22 09:45 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Beauclerc Road Ltd
2015-04-04 11:27 - 2011-03-24 12:42 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 09:39 - 2015-02-07 11:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2015-04-04 09:39 - 2012-07-30 08:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-04 09:11 - 2011-05-28 11:32 - 00000000 ____D () C:\Users\StudyDesktop\Tracing
2015-04-04 08:30 - 2009-07-14 06:34 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 08:30 - 2009-07-14 06:34 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 08:22 - 2011-06-12 20:17 - 04325376 _____ () C:\Windows\system32\Ikeext.etl
2015-04-04 08:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 09:16 - 2008-01-13 11:32 - 00000000 ____D () C:\Users\StudyDesktop\Documents\B&B Receipts
2015-04-01 17:09 - 2014-01-16 13:49 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Personal Finance
2015-03-31 17:42 - 2014-11-14 08:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-31 17:41 - 2014-11-14 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-31 17:41 - 2014-11-14 08:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-31 17:21 - 2009-07-14 06:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-31 16:24 - 2014-06-03 15:55 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-31 16:24 - 2014-06-03 15:55 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-31 16:24 - 2013-04-25 12:35 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-31 16:23 - 2013-04-25 12:35 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-30 12:42 - 2008-01-13 11:29 - 00000000 ____D () C:\Users\StudyDesktop\Documents\B&B Guest Info
2015-03-27 10:24 - 2015-01-12 13:56 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-23 16:25 - 2008-11-21 18:19 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Personal Income
2015-03-23 13:28 - 2014-11-17 17:19 - 00007891 _____ () C:\Windows\BRRBCOM.INI
2015-03-23 09:32 - 2015-01-03 14:13 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\Jumping Bytes
2015-03-22 18:20 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-22 16:29 - 2011-05-09 09:30 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\ObviousIdea
2015-03-22 16:27 - 2014-09-29 16:58 - 00000032 _____ () C:\Users\StudyDesktop\AppData\Local\Images.fl
2015-03-18 17:56 - 2008-11-19 11:31 - 00000000 ____D () C:\Users\StudyDesktop\Documents\x_19b Sycamore
2015-03-18 17:56 - 2008-11-19 11:31 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Beauclerc Road 34
2015-03-18 17:53 - 2013-01-20 15:38 - 00000000 ____D () C:\Users\StudyDesktop\Documents\GSE Accounts
2015-03-18 17:49 - 2011-06-30 11:10 - 00000000 ___SD () C:\Users\StudyDesktop\Documents\My Web Sites
2015-03-18 17:45 - 2008-05-06 15:18 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Cantinone Website Notes
2015-03-18 12:49 - 2011-03-29 19:37 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Local\Adobe
2015-03-18 11:42 - 2009-02-18 15:36 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Accoglie
2015-03-18 11:12 - 2012-04-17 08:49 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-18 11:12 - 2011-06-24 19:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-15 13:11 - 2014-01-11 16:30 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Adtelly
2015-03-13 18:30 - 2005-04-25 23:13 - 00000000 ____D () C:\Users\StudyDesktop\Documents\B&B Regulations
2015-03-13 18:29 - 2013-04-09 17:17 - 00000000 ____D () C:\Users\StudyDesktop\Documents\Online Bills
2015-03-13 11:42 - 2013-04-25 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-12 10:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 21:42 - 2009-07-14 06:33 - 00306080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 20:33 - 2011-06-07 15:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 20:31 - 2013-07-26 23:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 20:21 - 2011-04-30 07:26 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-06 18:46 - 2011-08-29 13:58 - 00000000 ____D () C:\Users\StudyDesktop\AppData\Roaming\FileZilla
==================== Files in the root of some directories =======
2013-10-05 11:52 - 2013-10-05 11:52 - 4188160 _____ () C:\Program Files\GUTB76F.tmp
2014-10-07 18:46 - 2014-10-07 18:46 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\howto
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\Vocals
2014-10-07 18:48 - 2014-10-07 18:48 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\WebServer
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\Users\StudyDesktop\AppData\Roaming\Widgets
2013-04-03 10:49 - 2014-12-09 16:36 - 0005632 _____ () C:\Users\StudyDesktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-29 16:58 - 2015-03-22 16:27 - 0000032 _____ () C:\Users\StudyDesktop\AppData\Local\Images.fl
2011-12-29 12:21 - 2014-11-13 16:52 - 0007626 _____ () C:\Users\StudyDesktop\AppData\Local\Resmon.ResmonCfg
2011-03-26 16:07 - 2011-03-26 16:07 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-10-07 18:46 - 2014-10-07 18:47 - 0000012 ___RH () C:\ProgramData\manual
2014-10-07 18:46 - 2014-10-07 18:46 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-10-07 18:48 - 2014-10-07 19:04 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-10-07 18:47 - 2014-10-25 17:30 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-10-07 18:47 - 2014-10-07 18:47 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-10-07 18:48 - 2014-10-07 18:48 - 0000012 ___RH () C:\ProgramData\vhosts
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\ProgramData\Woodwinds
2014-10-07 18:48 - 2014-10-07 18:48 - 0000268 ___RH () C:\ProgramData\Work - Home
2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 ___RH () C:\ProgramData\Workflows
Some content of TEMP:
====================
C:\Users\StudyDesktop\AppData\Local\Temp\SkypeSetup.exe
C:\Users\StudyDesktop\AppData\Local\Temp\WDAutoUpdate.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 08:51
==================== End Of Log ============================