Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
vmhost and costmin 2.2 reinstall after removal
Message
<blockquote data-quote="Sheri Evenson" data-source="post: 225692" data-attributes="member: 24890"><p>Thanks for the response. The test is below. Also, 'WinXpert' from this community has started a new conversation with me, requesting a copy of the vmhost.exe file. There was no 'upload a file' on that conversation, should I attach it here?</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014</p><p>Ran by sheri at 2014-07-12 07:01:06</p><p>Running from C:\Users\sheri\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}</p><p>AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)</p><p>Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)</p><p>Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)</p><p>Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)</p><p>Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)</p><p>Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden</p><p>Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)</p><p>ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)</p><p>ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)</p><p>ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)</p><p>ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)</p><p>ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)</p><p>ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)</p><p>ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)</p><p>ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)</p><p>AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)</p><p>AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)</p><p>ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION</p><p>CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)</p><p>Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)</p><p>Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)</p><p>Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)</p><p>Common Desktop Agent (Version: 1.62.0 - OEM) Hidden</p><p>Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p>Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p>Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p>Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)</p><p>CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: - )</p><p>CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)</p><p>CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden</p><p>CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)</p><p>CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Download Manager and Options (HKLM\...\Download_Manager_and_Options) (Version: 1.0 - Download Manager and Options)</p><p>EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation)</p><p>ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)</p><p>Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)</p><p>Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)</p><p>Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)</p><p>Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)</p><p>Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)</p><p>Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden</p><p>Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden</p><p>H&R Block Basic + Efile 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.02.7803 - HRB Technology, LLC.)</p><p>H&R Block Deluxe + Efile 2013 (HKLM-x32\...\{AD9F55C5-93F8-4CAB-A311-77C195912CA4}) (Version: 13.04.6502 - HRB Technology, LLC.)</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.220 - SurfRight B.V.)</p><p>HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)</p><p>Home Plan Pro version 5.2.25.14 (HKLM-x32\...\{D95AA4F4-9FCF-4BD8-AC07-AB1912A202E2}_is1) (Version: - Home Plan Software)</p><p>Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)</p><p>iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)</p><p>Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version: - )</p><p>Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)</p><p>Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)</p><p>Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden</p><p>Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden</p><p>Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)</p><p>Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)</p><p>Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.3 - Motorola Mobility)</p><p>Motorola Device Software Update (x32 Version: 13.07.3101 - Motorola Mobility) Hidden</p><p>Motorola Mobile Drivers Installation 6.2.0 (HKLM\...\{8EC78F02-5C36-4C97-AAC4-95A3D742A285}) (Version: 6.2.0 - Motorola Inc.)</p><p>Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)</p><p>MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden</p><p>MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden</p><p>MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)</p><p>Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)</p><p>Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden</p><p>Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden</p><p>Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden</p><p>paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)</p><p>PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)</p><p>QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)</p><p>REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0175 - REALTEK Semiconductor Corp.)</p><p>Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)</p><p>Samsung CLX-4190 Series (HKLM-x32\...\Samsung CLX-4190 Series) (Version: 1.07 (1/7/2013) - Samsung Electronics Co., Ltd.)</p><p>Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.04.21 (12/10/2012) - Samsung Electronics Co., Ltd.)</p><p>Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.84.01(12/11/2012) - Samsung Electronics Co., Ltd.)</p><p>Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.06.34 (9/4/2012) - Samsung Electronics Co., Ltd.)</p><p>Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.05 (7/10/2012) - Samsung Electronics Co., Ltd.)</p><p>Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)</p><p>Samsung Scan Process Machine (x32 Version: 1.00.20.03 - Samsung Electronics Co., Ltd.) Hidden</p><p>SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)</p><p>Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)</p><p>swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden</p><p>syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)</p><p>Tax Forms Helper 2012 10.5 (HKLM-x32\...\Tax Forms Helper 2012_is1) (Version: - )</p><p>Tax Forms Helper 2013 11.0 (HKLM-x32\...\Tax Forms Helper 2013_is1) (Version: - )</p><p>Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)</p><p>Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden</p><p>Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)</p><p>VIP Stitch Artist (HKLM-x32\...\{05CDEA78-F955-4128-A0FB-1094A6A2C20E}) (Version: 1.00.0000 - Emnet Software Ltd.)</p><p>Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)</p><p>Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden</p><p>Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden</p><p>Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p>Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden</p><p>Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden</p><p>Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)</p><p>Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)</p><p>用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p>適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p></p><p>==================== Restore Points =========================</p><p></p><p>09-07-2014 00:44:17 Revo Uninstaller Pro's restore point - costmin</p><p>09-07-2014 11:46:48 Revo Uninstaller Pro's restore point - Ask Toolbar</p><p>09-07-2014 12:08:54 Revo Uninstaller Pro's restore point - SaveOn</p><p>09-07-2014 12:52:25 Revo Uninstaller Pro's restore point - Ask Toolbar</p><p>09-07-2014 12:55:02 Windows Update</p><p>10-07-2014 15:52:48 Revo Uninstaller Pro's restore point - Google Chrome</p><p>10-07-2014 16:04:37 Revo Uninstaller Pro's restore point - Dropbox</p><p>10-07-2014 16:11:32 Revo Uninstaller Pro's restore point - Java 7 Update 60</p><p>10-07-2014 16:12:28 Removed Java 7 Update 60</p><p>10-07-2014 17:17:59 Revo Uninstaller Pro's restore point - chrome</p><p>11-07-2014 00:41:25 Checkpoint by HitmanPro</p><p>11-07-2014 00:42:51 Checkpoint by HitmanPro</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>Task: {011E4EB5-09B8-4E8B-9A57-DA91A3D848CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {0206B888-5641-4DD7-BA50-35E55326B3C9} - \FF Watcher {5C3AEA23-296F-4F46-83CB-DBDD6624E8D7} No Task File <==== ATTENTION</p><p>Task: {0E170835-29A9-44CF-B9A1-94573D708D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)</p><p>Task: {185509F3-CB76-41F6-8DF0-C0E45C7F862F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)</p><p>Task: {20E12FE9-7F70-4E65-AA9B-3C025BB11DA1} - \APSnotifierPP3 No Task File <==== ATTENTION</p><p>Task: {4082C7C1-D7FF-49F7-99D9-EE0C1D0BEEC2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)</p><p>Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)</p><p>Task: {4E23EB63-0643-4058-AE7D-1B163AA5824E} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)</p><p>Task: {4FF79F63-6651-4148-9502-906B6287070D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)</p><p>Task: {90FD8397-C43F-4ED4-8CEF-2EBE01ABE240} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)</p><p>Task: {9F827025-5EA0-4775-87A6-279E6FEB4EFF} - \Microsoft\Windows\Maintenance\Idle-Crawler Update No Task File <==== ATTENTION</p><p>Task: {A5A4189D-12F1-477D-B244-B5AA4B038969} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()</p><p>Task: {A5F7A4D2-C94D-4782-BE72-D0A7F1CF66A2} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)</p><p>Task: {C58CE1B7-E231-429C-A7E1-242715EB6E5A} - \APSnotifierPP2 No Task File <==== ATTENTION</p><p>Task: {D0D9D433-01EF-4B68-8F4E-F6ED92C31B72} - System32\Tasks\pick up Jake</p><p>Task: {D2DCC199-992D-4BE5-A563-A63664BCF34C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()</p><p>Task: {D85ED685-0662-41EE-8DE1-D1942B54B12C} - \Idle-Crawler Runner No Task File <==== ATTENTION</p><p>Task: {E9DCBAFA-3166-47EA-8770-62A7A73D578E} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)</p><p>Task: {EDE6218E-3677-4BAD-8AD0-2A6BEC959E0A} - \APSnotifierPP1 No Task File <==== ATTENTION</p><p>Task: {F93E3557-D301-4563-8EF3-CBE4FDB91804} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION</p><p>Task: {FAC2409E-3B98-422B-91A2-DDDC52A1CCA6} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)</p><p>Task: {FCE38BCE-FF2C-4541-AE4A-F980729B6608} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()</p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2012-09-10 13:09 - 2012-07-31 11:31 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll</p><p>2012-12-09 17:28 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll</p><p>2013-09-19 11:20 - 2012-02-09 06:28 - 00034304 _____ () C:\Windows\System32\ssy4clm.dll</p><p>2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll</p><p>2014-07-12 06:35 - 2014-05-20 12:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll</p><p>2012-02-20 22:23 - 2012-02-20 22:23 - 00456704 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe</p><p>2012-02-20 22:23 - 2012-02-20 22:23 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll</p><p>2011-04-02 00:49 - 2010-09-17 04:52 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll</p><p>2011-04-02 00:49 - 2010-09-17 04:52 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll</p><p>2014-07-11 09:55 - 2014-07-12 06:28 - 00353792 _____ () C:\ProgramData\UpdateTask\vmhost.exe</p><p>2014-03-19 07:27 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll</p><p>2011-12-06 16:21 - 2011-12-06 16:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll</p><p>1998-08-28 03:42 - 1998-08-28 03:42 - 00138752 _____ () D:\lotus\organize\ormprot.dll</p><p>1998-08-28 03:42 - 1998-08-28 03:42 - 00220160 _____ () D:\lotus\organize\ormutil.dll</p><p>1998-08-28 03:42 - 1998-08-28 03:42 - 00153088 _____ () D:\lotus\organize\ormmime.dll</p><p>2007-07-12 11:11 - 2007-07-12 11:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll</p><p>2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2009-11-02 17:20 - 2009-11-02 17:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll</p><p>2009-11-02 17:23 - 2009-11-02 17:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll</p><p>2013-06-20 17:35 - 2013-06-20 17:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll</p><p>2014-07-10 20:49 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll</p><p>2014-07-10 20:49 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll</p><p>2014-07-10 20:49 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll</p><p>2014-07-10 20:49 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll</p><p>2014-07-10 20:49 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll</p><p>2014-07-10 07:29 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\sheri\AppData\Local\Google\Chrome\User </p><p>Data\PepperFlash\14.0.0.145\pepflashplayer.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>AlternateDataStreams: C:\ProgramData\Temp:56E2E879</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe</p><p>MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"</p><p>MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: Teredo Tunneling Pseudo-Interface</p><p>Description: Microsoft Teredo Tunneling Adapter</p><p>Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}</p><p>Manufacturer: Microsoft</p><p>Service: tunnel</p><p>Problem: : This device cannot start. (Code10)</p><p>Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.</p><p>On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (07/12/2014 06:19:31 AM) (Source: ESENT) (EventID: 447) (User: )</p><p>Description: Catalog Database (1136) Catalog Database: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 9, PgnoRoot: 39) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb (6672 => 6690, Catalog Database0).</p><p></p><p>Error: (07/11/2014 07:39:08 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )</p><p>Description: Subscription licensing service failed: -1073415161</p><p></p><p>Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 11856</p><p></p><p>Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 11856</p><p></p><p>Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 4524</p><p></p><p>Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 4524</p><p></p><p>Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 3338</p><p></p><p>Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 3338</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (07/12/2014 06:19:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The PMEM service failed to start due to the following error: </p><p>%%1275</p><p></p><p>Error: (07/12/2014 06:19:46 AM) (Source: Application Popup) (EventID: 1060) (User: )</p><p>Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.</p><p></p><p>Error: (07/12/2014 06:18:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the SO_Sustainer service to connect.</p><p></p><p>Error: (07/11/2014 09:46:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The PMEM service failed to start due to the following error: </p><p>%%1275</p><p></p><p>Error: (07/11/2014 09:46:09 AM) (Source: Application Popup) (EventID: 1060) (User: )</p><p>Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.</p><p></p><p>Error: (07/11/2014 09:44:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the SO_Sustainer service to connect.</p><p></p><p>Error: (07/11/2014 08:44:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The PMEM service failed to start due to the following error: </p><p>%%1275</p><p></p><p>Error: (07/11/2014 08:44:54 AM) (Source: Application Popup) (EventID: 1060) (User: )</p><p>Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.</p><p></p><p>Error: (07/11/2014 08:43:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the SO_Sustainer service to connect.</p><p></p><p>Error: (07/11/2014 08:41:19 AM) (Source: Service Control Manager) (EventID: 7032) (User: )</p><p>Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: </p><p>%%1056</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (07/12/2014 06:19:31 AM) (Source: ESENT) (EventID: 447) (User: )</p><p>Description: Catalog Database1136Catalog Database: -327939C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb667266906689</p><p></p><p>Error: (07/11/2014 07:39:08 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )</p><p>Description: Subscription licensing service failed: -1073415161</p><p></p><p>Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 11856</p><p></p><p>Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 11856</p><p></p><p>Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 4524</p><p></p><p>Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 4524</p><p></p><p>Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 3338</p><p></p><p>Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 3338</p><p></p><p></p><p>CodeIntegrity Errors:</p><p>===================================</p><p> Date: 2014-07-12 06:28:10.360</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-07-12 06:19:46.921</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-07-12 06:19:46.762</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-07-12 06:17:29.136</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-07-11 10:20:56.085</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-07-11 09:55:53.241</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-07-11 09:46:09.266</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-07-11 09:46:09.032</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-07-11 09:44:02.292</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-07-11 09:22:24.669</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 38%</p><p>Total physical RAM: 5922.21 MB</p><p>Available physical RAM: 3639.43 MB</p><p>Total Pagefile: 11842.61 MB</p><p>Available Pagefile: 9273.16 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.86 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:118.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive d: (DATA) (Fixed) (Total:332.7 GB) (Free:331.85 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: AA9693FE)</p><p>Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)</p><p>Partition 2: (Active) - (Size=238 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=333 GB) - (Type=OF Extended)</p><p></p><p>==================== End Of Log ============================</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014</p><p>Ran by sheri (administrator) on SHERI-PC on 12-07-2014 06:59:19</p><p>Running from C:\Users\sheri\Downloads</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p></p><p>The only official download link for FRST:</p><p>Download link for 32-Bit version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/</a> </p><p>Download link for 64-Bit Version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/</a> </p><p>Download link from any site other than Bleeping Computer is unpermitted or outdated.</p><p>See tutorial for FRST: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe</p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe</p><p>(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe</p><p>(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe</p><p>(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe</p><p>(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe</p><p>(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe</p><p>(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe</p><p>(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe</p><p>(Lotus Development Corporation) D:\lotus\organize\easyclip.exe</p><p>(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe</p><p>(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe</p><p>(ASUS) C:\Windows\AsScrPro.exe</p><p>(CenturyLink Inc) C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Lotus Development Corporation.) D:\lotus\smartctr\suitest.exe</p><p>(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE</p><p>(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE</p><p>(VM Host Corporation) C:\ProgramData\MediaDev\1404309117\mediadev.exe</p><p>(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe</p><p>(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe</p><p>(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe</p><p>(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe</p><p>(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe</p><p>(VM Host Corporation) C:\ProgramData\UpdateServer\1404331945\webdev.exe</p><p>(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>() C:\ProgramData\UpdateTask\vmhost.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>() C:\ProgramData\UpdateTask\vmhost.exe</p><p>(Farbar) C:\Users\sheri\Downloads\FRST64 (1).exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)</p><p>HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)</p><p>HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)</p><p>HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)</p><p>HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)</p><p>HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)</p><p>HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd</p><p>HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] ()</p><p>HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)</p><p>HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)</p><p>HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)</p><p>HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)</p><p>HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)</p><p>HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)</p><p>HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)</p><p>HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [] => [X]</p><p>HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)</p><p>HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)</p><p>HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"</p><p>HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"</p><p>HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [49008 2013-09-24] (CenturyLink Inc)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-1049442813-3991357132-1231262002-1000\...\Run: [EPSON Artisan 800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\1\E_IATIEMA.EXE /FU "C:\Windows\TEMP\E_S71B7.tmp" /EF "HKCU"</p><p>HKU\S-1-5-21-1049442813-3991357132-1231262002-1000\...\MountPoints2: {9d95d695-d9ca-11e2-bce8-5404a603f35f} - F:\MotorolaDeviceManagerSetup.exe -a</p><p>HKU\S-1-5-21-1049442813-3991357132-1231262002-1000\...\MountPoints2: {bfd27893-e413-11e3-8b84-5404a603f35f} - F:\MotorolaDeviceManagerSetup.exe -a</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk</p><p>ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk</p><p>ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk</p><p>ShortcutTarget: Lotus Organizer EasyClip.lnk -> D:\lotus\organize\easyclip.exe (Lotus Development Corporation)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk</p><p>ShortcutTarget: Lotus QuickStart.lnk -> D:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SmartCenter.lnk</p><p>ShortcutTarget: Lotus SmartCenter.lnk -> D:\lotus\smartctr\smartctr.exe (Lotus Development Corporation.)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SuiteStart.lnk</p><p>ShortcutTarget: Lotus SuiteStart.lnk -> D:\lotus\smartctr\suitest.exe (Lotus Development Corporation.)</p><p>ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File</p><p>ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File</p><p>ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File</p><p>ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)</p><p>ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File</p><p>ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File</p><p>ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File</p><p>GroupPolicy: Group Policy on Chrome detected <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://asus.msn.com" target="_blank">http://asus.msn.com</a></p><p>SearchScopes: HKLM-x32 - DefaultScope value is missing.</p><p>SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = <a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT</a></p><p>SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)</p><p>BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)</p><p>BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)</p><p>BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)</p><p>BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)</p><p>BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)</p><p>BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)</p><p>BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)</p><p>BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)</p><p>Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)</p><p>Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)</p><p>Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)</p><p>Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)</p><p>Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\sheri\AppData\Roaming\Mozilla\Firefox\Profiles\lrmasvi1.default-1405036654838</p><p>FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()</p><p>FF Plugin: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF Plugin-x32: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)</p><p>FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\sheri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)</p><p>FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\sheri\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)</p><p>FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension</p><p>FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-04-02]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: </p><p>CHR Plugin: (Widevine Content Decryption Module) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()</p><p>CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()</p><p>CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer</p><p>CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()</p><p>CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()</p><p>CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)</p><p>CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)</p><p>CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File</p><p>CHR Plugin: (Java(TM) Platform SE 7 U60) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File</p><p>CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)</p><p>CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)</p><p>CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)</p><p>CHR Plugin: (Unity Player) - C:\Users\sheri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)</p><p>CHR Plugin: (Catalina Savings Printer) - C:\Users\sheri\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)</p><p>CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)</p><p>CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File</p><p>CHR Extension: (Google Docs) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-11]</p><p>CHR Extension: (Google Drive) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-11]</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]</p><p>CHR Extension: (YouTube) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-11]</p><p>CHR Extension: (Search) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-11]</p><p>CHR Extension: (CostMin) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokekgnfmegppabphahifeaihcfdjdoe [2014-07-02]</p><p>CHR Extension: (User Agent Switcher) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2014-07-02]</p><p>CHR Extension: (Google Wallet) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]</p><p>CHR Extension: (Gmail) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-11]</p><p>CHR Extension: (CostMin) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokekgnfmegppabphahifeaihcfdjdoe\2.2 [2014-07-02]</p><p>CHR HKLM-x32\...\Chrome\Extension: [aaaappmhgaaggeoepicjahnbofmjacog] - C:\Users\sheri\AppData\Local\APN\GoogleCRXs\aaaappmhgaaggeoepicjahnbofmjacog_7.15.4.0.crx [2014-07-02]</p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)</p><p>R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]</p><p>R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-10] (SurfRight B.V.)</p><p>R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-10] (SurfRight B.V.)</p><p>R2 MediaDevSrv; C:\ProgramData\MediaDev\1404309117\mediadev.exe [366952 2014-07-02] (VM Host Corporation)</p><p>R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)</p><p>R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]</p><p>R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [239616 2012-09-17] (Samsung Electronics Co., Ltd.) [File not signed]</p><p>R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)</p><p>R2 WinDevSrv; C:\ProgramData\UpdateServer\1404331945\webdev.exe [389992 2014-07-02] (VM Host Corporation)</p><p>S2 29850aa3; "C:\Windows\system32\rundll32.exe" "c:\progra~2\so_boo~1\AssistantSvc.dll",service</p><p>S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]</p><p>S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-10] ()</p><p>R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )</p><p>S2 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]</p><p>R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)</p><p>R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)</p><p>R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)</p><p>R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)</p><p>S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2014-07-12 06:59 - 2014-07-12 07:00 - 00027147 _____ () C:\Users\sheri\Downloads\FRST.txt</p><p>2014-07-12 06:57 - 2014-07-12 06:57 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64 (1).exe</p><p>2014-07-12 06:52 - 2014-07-12 06:59 - 00000000 ____D () C:\FRST</p><p>2014-07-12 06:52 - 2014-07-12 06:52 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64.exe</p><p>2014-07-11 08:33 - 2014-07-11 08:33 - 01348263 _____ () C:\Users\sheri\Downloads\AdwCleaner.exe</p><p>2014-07-10 20:49 - 2014-07-10 20:49 - 00895120 _____ (Google Inc.) C:\Users\sheri\Downloads\ChromeSetup.exe</p><p>2014-07-10 20:49 - 2014-07-10 20:49 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2014-07-10 20:49 - 2014-07-10 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>2014-07-10 20:43 - 2014-07-10 20:43 - 00008998 _____ () C:\Windows\system32\.crusader</p><p>2014-07-10 20:16 - 2014-07-10 20:16 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-07-10 20:15 - 2014-07-10 20:44 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2014-07-10 20:14 - 2014-07-10 20:15 - 11185664 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hitmanpro_x64.exe</p><p>2014-07-10 20:13 - 2014-07-12 07:00 - 00000000 ____D () C:\Windows\CryptoGuard</p><p>2014-07-10 20:13 - 2014-07-11 06:24 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert</p><p>2014-07-10 20:13 - 2014-07-10 20:50 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll</p><p>2014-07-10 20:13 - 2014-07-10 20:50 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll</p><p>2014-07-10 20:13 - 2014-07-10 20:50 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys</p><p>2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert</p><p>2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert</p><p>2014-07-10 20:12 - 2014-07-10 20:12 - 01889616 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hmpalert.exe</p><p>2014-07-10 10:32 - 2014-07-10 10:33 - 01086056 _____ () C:\Users\sheri\Downloads\jvlsetup (1).exe</p><p>2014-07-09 07:28 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll</p><p>2014-07-09 07:28 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll</p><p>2014-07-09 07:28 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2014-07-09 07:28 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2014-07-09 07:28 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll</p><p>2014-07-09 07:28 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2014-07-09 07:28 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2014-07-09 07:28 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll</p><p>2014-07-09 07:28 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll</p><p>2014-07-09 07:28 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2014-07-09 07:28 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll</p><p>2014-07-09 07:28 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll</p><p>2014-07-09 07:28 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll</p><p>2014-07-09 07:28 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2014-07-09 07:28 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2014-07-09 07:28 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2014-07-09 07:28 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe</p><p>2014-07-09 07:28 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe</p><p>2014-07-09 07:28 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2014-07-09 07:28 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll</p><p>2014-07-09 07:28 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll</p><p>2014-07-09 07:28 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll</p><p>2014-07-09 07:28 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll</p><p>2014-07-09 07:28 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll</p><p>2014-07-09 07:28 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll</p><p>2014-07-09 07:28 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll</p><p>2014-07-09 07:28 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll</p><p>2014-07-09 07:28 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll</p><p>2014-07-09 07:28 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</p><p>2014-07-09 07:28 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll</p><p>2014-07-09 07:28 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll</p><p>2014-07-09 07:28 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll</p><p>2014-07-09 07:28 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll</p><p>2014-07-09 07:28 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll</p><p>2014-07-09 07:28 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll</p><p>2014-07-09 07:28 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys</p><p>2014-07-09 07:27 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll</p><p>2014-07-09 07:27 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2014-07-09 07:27 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll</p><p>2014-07-09 07:27 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2014-07-09 07:27 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2014-07-09 07:27 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2014-07-09 07:27 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll</p><p>2014-07-09 07:27 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2014-07-09 07:27 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2014-07-09 07:27 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2014-07-09 07:27 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe</p><p>2014-07-09 07:27 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll</p><p>2014-07-09 07:27 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe</p><p>2014-07-09 07:27 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2014-07-09 07:27 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2014-07-09 07:27 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2014-07-09 07:27 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2014-07-09 07:27 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2014-07-09 07:27 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll</p><p>2014-07-09 07:27 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2014-07-09 07:27 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll</p><p>2014-07-09 07:27 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2014-07-09 07:27 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2014-07-09 07:27 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll</p><p>2014-07-09 07:27 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2014-07-09 07:27 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2014-07-09 07:27 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2014-07-09 07:27 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2014-07-09 07:27 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2014-07-09 07:27 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll</p><p>2014-07-09 07:25 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll</p><p>2014-07-09 07:25 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll</p><p>2014-07-09 07:25 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll</p><p>2014-07-08 20:34 - 2014-07-10 11:47 - 00001236 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk</p><p>2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\sheri\AppData\Local\VS Revo Group</p><p>2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro</p><p>2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group</p><p>2014-07-08 20:34 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys</p><p>2014-07-08 19:33 - 2014-07-08 19:33 - 07921688 _____ (VS Revo Group ) C:\Users\sheri\Downloads\RevoUninProSetup259.exe</p><p>2014-07-08 16:10 - 2014-07-08 16:10 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510 (1).xls</p><p>2014-07-08 09:12 - 2014-07-08 09:16 - 109632768 _____ (Microsoft Corporation) C:\Users\sheri\Downloads\msert.exe</p><p>2014-07-07 13:42 - 2014-07-07 13:42 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510.xls</p><p>2014-07-06 10:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll</p><p>2014-07-06 10:48 - 2014-07-11 08:40 - 00000000 ____D () C:\AdwCleaner</p><p>2014-07-06 10:48 - 2014-07-06 10:48 - 01346519 _____ () C:\Users\sheri\Downloads\adwcleaner_3.214.exe</p><p>2014-07-06 10:45 - 2014-07-06 10:45 - 00011643 _____ () C:\Users\sheri\Desktop\JRT.txt</p><p>2014-07-06 10:13 - 2014-07-06 10:13 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT (1).exe</p><p>2014-07-06 10:05 - 2014-07-06 10:05 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT.exe</p><p>2014-07-06 10:05 - 2014-07-06 10:05 - 00000000 ____D () C:\Windows\ERUNT</p><p>2014-07-04 20:45 - 2014-07-12 06:30 - 00000000 ____D () C:\Users\sheri\AppData\Local\Deployment</p><p>2014-07-04 09:55 - 2014-07-04 09:55 - 00001178 _____ () C:\Users\Public\Desktop\paint.net.lnk</p><p>2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 40510.crdownload</p><p>2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 272783.crdownload</p><p>2014-07-03 18:06 - 2014-07-03 18:06 - 03231552 _____ () C:\Users\sheri\Downloads\SamsungPrinterInstaller.exe</p><p>2014-07-03 12:51 - 2014-07-03 12:51 - 00000000 ____D () C:\ProgramData\CenturyLink</p><p>2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink</p><p>2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\Qwest</p><p>2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\CenturyLink</p><p>2014-07-03 12:42 - 2014-07-03 12:42 - 02562904 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(2).exe</p><p>2014-07-03 12:34 - 2014-07-03 12:34 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(1).exe</p><p>2014-07-03 12:27 - 2014-07-03 12:50 - 00002383 _____ () C:\Windows\CenturyLinkInstallerSetup.log</p><p>2014-07-03 12:27 - 2014-07-03 12:27 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup.exe</p><p>2014-07-02 20:10 - 2014-07-02 20:10 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60 (1).exe</p><p>2014-07-02 16:12 - 2014-07-02 16:12 - 00000000 ____D () C:\ProgramData\UpdateServer</p><p>2014-07-02 15:25 - 2014-07-11 08:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-07-02 15:25 - 2014-07-11 08:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-07-02 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2014-07-02 13:43 - 2014-07-02 13:44 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log</p><p>2014-07-02 13:41 - 2014-07-02 13:41 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60.exe</p><p>2014-07-02 12:21 - 2014-07-02 12:21 - 00000000 ____D () C:\Windows\Sun</p><p>2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default\AppData\Local\Google</p><p>2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google</p><p>2014-07-02 09:51 - 2014-07-02 09:51 - 00000000 ____D () C:\ProgramData\MediaDev</p><p>2014-07-02 09:46 - 2014-07-12 06:28 - 00000000 ____D () C:\ProgramData\UpdateTask</p><p>2014-07-02 09:40 - 2014-07-02 09:40 - 00001152 _____ () C:\Users\Guest\Desktop\YouTube Accelerator.lnk</p><p>2014-07-02 09:39 - 2014-07-10 20:43 - 00000000 ____D () C:\Users\sheri\AppData\Local\Idle-Crawler</p><p>2014-07-02 09:39 - 2014-07-09 08:09 - 00000000 ____D () C:\ProgramData\InstallMate</p><p>2014-07-02 09:39 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000258 __RSH () C:\ProgramData\ntuser.pol</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Packages</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Comodo</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\ProgramData\SearchModule</p><p>2014-07-02 09:37 - 2014-07-02 09:52 - 00000000 ____D () C:\ProgramData\UpdateCommon</p><p>2014-07-02 08:19 - 2014-07-02 15:56 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\serv</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00057168 _____ (Microsoft Corporation) C:\Windows\system32\vcomp100.dll</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00051024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp100.dll</p><p>2014-06-20 13:41 - 2014-06-20 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox</p><p>2014-06-19 22:12 - 2014-07-02 11:21 - 00000000 ____D () C:\Windows\Minidump</p><p>2014-06-19 16:40 - 2014-06-19 16:41 - 00000664 _____ () C:\Users\Guest\Downloads\server.properties</p><p>2014-06-19 16:40 - 2014-06-19 16:41 - 00000000 ____D () C:\Users\Guest\Downloads\world</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 10000357 _____ () C:\Users\Guest\Downloads\minecraft_server.1.7.9.exe</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\whitelist.json</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\usercache.json</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\ops.json</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-players.json</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-ips.json</p><p>2014-06-19 16:39 - 2014-06-19 16:39 - 00675988 _____ () C:\Users\Guest\Downloads\Minecraft.exe</p><p>2014-06-19 16:39 - 2014-06-19 16:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia</p><p>2014-06-17 07:47 - 2014-06-17 07:47 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ASUS WebStorage</p><p>2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla</p><p>2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla</p><p>2014-06-17 07:09 - 2014-06-17 07:09 - 00001204 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</p><p>2014-06-17 07:09 - 2014-06-17 07:09 - 00001196 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk</p><p>2014-06-17 07:09 - 2014-06-17 07:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla Firefox</p><p>2014-06-17 07:08 - 2014-06-19 16:39 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\.minecraft</p><p>2014-06-17 07:06 - 2014-06-17 07:06 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts</p><p>2014-06-17 07:05 - 2014-06-17 07:05 - 00121880 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList</p><p>2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList</p><p>2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia</p><p>2014-06-17 07:02 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google</p><p>2014-06-17 07:02 - 2014-06-17 07:26 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Samsung</p><p>2014-06-17 07:02 - 2014-06-17 07:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ArcSoft</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00002257 _____ () C:\Users\Guest\Desktop\Internet Browser.lnk</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00001415 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Epson</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Power2Go</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\ArcSoft</p><p>2014-06-17 07:01 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest</p><p>2014-06-17 07:01 - 2014-06-17 07:01 - 00000020 ___SH () C:\Users\Guest\ntuser.ini</p><p>2014-06-17 07:01 - 2014-06-17 07:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Motorola Mobility</p><p>2014-06-17 07:01 - 2013-10-11 19:15 - 00002106 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk</p><p>2014-06-17 07:01 - 2011-09-17 21:21 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite</p><p>2014-06-17 07:01 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2014-06-17 07:01 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2014-07-12 07:00 - 2014-07-12 06:59 - 00027147 _____ () C:\Users\sheri\Downloads\FRST.txt</p><p>2014-07-12 07:00 - 2014-07-10 20:13 - 00000000 ____D () C:\Windows\CryptoGuard</p><p>2014-07-12 06:59 - 2014-07-12 06:52 - 00000000 ____D () C:\FRST</p><p>2014-07-12 06:57 - 2014-07-12 06:57 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64 (1).exe</p><p>2014-07-12 06:52 - 2014-07-12 06:52 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64.exe</p><p>2014-07-12 06:37 - 2013-10-11 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15</p><p>2014-07-12 06:30 - 2014-07-04 20:45 - 00000000 ____D () C:\Users\sheri\AppData\Local\Deployment</p><p>2014-07-12 06:28 - 2014-07-02 09:46 - 00000000 ____D () C:\ProgramData\UpdateTask</p><p>2014-07-12 06:27 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-07-12 06:27 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-07-12 06:25 - 2011-09-17 21:05 - 01538459 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-07-12 06:23 - 2012-07-15 23:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2014-07-12 06:18 - 2013-01-16 15:58 - 00000000 ____D () C:\Temp</p><p>2014-07-12 06:18 - 2012-07-14 07:07 - 00000000 ___HD () C:\ASUS.DAT</p><p>2014-07-12 06:18 - 2011-04-02 00:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-07-12 06:17 - 2011-04-02 00:17 - 00795246 _____ () C:\Windows\PFRO.log</p><p>2014-07-12 06:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-07-12 06:17 - 2009-07-14 00:51 - 00177143 _____ () C:\Windows\setupact.log</p><p>2014-07-12 00:06 - 2011-04-02 00:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2014-07-11 08:49 - 2014-07-02 15:25 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-07-11 08:48 - 2014-07-02 15:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-07-11 08:40 - 2014-07-06 10:48 - 00000000 ____D () C:\AdwCleaner</p><p>2014-07-11 08:33 - 2014-07-11 08:33 - 01348263 _____ () C:\Users\sheri\Downloads\AdwCleaner.exe</p><p>2014-07-11 06:24 - 2014-07-10 20:13 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert</p><p>2014-07-10 20:50 - 2014-07-10 20:13 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll</p><p>2014-07-10 20:50 - 2014-07-10 20:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll</p><p>2014-07-10 20:50 - 2014-07-10 20:13 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys</p><p>2014-07-10 20:49 - 2014-07-10 20:49 - 00895120 _____ (Google Inc.) C:\Users\sheri\Downloads\ChromeSetup.exe</p><p>2014-07-10 20:49 - 2014-07-10 20:49 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2014-07-10 20:49 - 2014-07-10 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>2014-07-10 20:49 - 2011-04-02 00:36 - 00000000 ____D () C:\Program Files (x86)\Google</p><p>2014-07-10 20:46 - 2011-09-17 21:19 - 00001776 _____ () C:\Windows\system32\ServiceFilter.ini</p><p>2014-07-10 20:44 - 2014-07-10 20:15 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2014-07-10 20:43 - 2014-07-10 20:43 - 00008998 _____ () C:\Windows\system32\.crusader</p><p>2014-07-10 20:43 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Idle-Crawler</p><p>2014-07-10 20:16 - 2014-07-10 20:16 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-07-10 20:15 - 2014-07-10 20:14 - 11185664 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hitmanpro_x64.exe</p><p>2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert</p><p>2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert</p><p>2014-07-10 20:12 - 2014-07-10 20:12 - 01889616 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hmpalert.exe</p><p>2014-07-10 19:30 - 2012-12-12 19:08 - 00735744 ___SH () C:\Users\sheri\Downloads\Thumbs.db</p><p>2014-07-10 19:24 - 2009-07-14 01:13 - 00820280 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-07-10 16:00 - 2013-12-30 14:33 - 00000000 ____D () C:\Users\sheri\Documents\Outlook Files</p><p>2014-07-10 14:55 - 2012-09-10 13:11 - 00000000 ____D () C:\Users\sheri\AppData\Local\CutePDF Writer</p><p>2014-07-10 11:47 - 2014-07-08 20:34 - 00001236 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk</p><p>2014-07-10 10:53 - 2012-09-07 15:28 - 00000000 ___RD () C:\Users\sheri\Dropbox</p><p>2014-07-10 10:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\TAPI</p><p>2014-07-10 10:33 - 2014-07-10 10:32 - 01086056 _____ () C:\Users\sheri\Downloads\jvlsetup (1).exe</p><p>2014-07-09 19:56 - 2013-09-19 11:50 - 00000099 _____ () C:\Users\Public\LMDebug.log</p><p>2014-07-09 09:15 - 2009-07-14 00:45 - 00468272 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-07-09 09:12 - 2014-05-05 20:14 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p>2014-07-09 09:12 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal</p><p>2014-07-09 09:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism</p><p>2014-07-09 09:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism</p><p>2014-07-09 09:08 - 2014-01-14 11:45 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-07-09 09:02 - 2012-08-29 07:54 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-07-09 08:23 - 2012-07-15 23:47 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-07-09 08:23 - 2012-07-15 23:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2014-07-09 08:23 - 2012-07-15 23:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2014-07-09 08:09 - 2014-07-02 09:39 - 00000000 ____D () C:\ProgramData\InstallMate</p><p>2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\sheri\AppData\Local\VS Revo Group</p><p>2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro</p><p>2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group</p><p>2014-07-08 19:33 - 2014-07-08 19:33 - 07921688 _____ (VS Revo Group ) C:\Users\sheri\Downloads\RevoUninProSetup259.exe</p><p>2014-07-08 16:10 - 2014-07-08 16:10 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510 (1).xls</p><p>2014-07-08 09:16 - 2014-07-08 09:12 - 109632768 _____ (Microsoft Corporation) C:\Users\sheri\Downloads\msert.exe</p><p>2014-07-07 13:42 - 2014-07-07 13:42 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510.xls</p><p>2014-07-07 11:22 - 2014-02-20 16:53 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\.minecraft</p><p>2014-07-07 09:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache</p><p>2014-07-07 07:22 - 2012-12-10 07:58 - 00629760 ___SH () C:\Users\sheri\Desktop\Thumbs.db</p><p>2014-07-06 10:48 - 2014-07-06 10:48 - 01346519 _____ () C:\Users\sheri\Downloads\adwcleaner_3.214.exe</p><p>2014-07-06 10:45 - 2014-07-06 10:45 - 00011643 _____ () C:\Users\sheri\Desktop\JRT.txt</p><p>2014-07-06 10:31 - 2012-08-30 16:48 - 00000000 ____D () C:\Users\sheri\AppData\Local\CrashDumps</p><p>2014-07-06 10:13 - 2014-07-06 10:13 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT (1).exe</p><p>2014-07-06 10:05 - 2014-07-06 10:05 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT.exe</p><p>2014-07-06 10:05 - 2014-07-06 10:05 - 00000000 ____D () C:\Windows\ERUNT</p><p>2014-07-05 14:23 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google</p><p>2014-07-05 10:24 - 2012-07-14 07:07 - 00045056 _____ () C:\Windows\system32\acovcnt.exe</p><p>2014-07-05 10:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Branding</p><p>2014-07-04 20:45 - 2012-12-09 17:05 - 00000000 ____D () C:\Users\sheri\AppData\Local\Apps\2.0</p><p>2014-07-04 10:00 - 2012-12-09 18:01 - 00000000 ____D () C:\Users\sheri\AppData\Local\Paint.NET</p><p>2014-07-04 09:55 - 2014-07-04 09:55 - 00001178 _____ () C:\Users\Public\Desktop\paint.net.lnk</p><p>2014-07-04 09:55 - 2012-12-09 18:02 - 00001190 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk</p><p>2014-07-04 09:55 - 2012-12-09 18:02 - 00000000 ____D () C:\Program Files\Paint.NET</p><p>2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 40510.crdownload</p><p>2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 272783.crdownload</p><p>2014-07-04 07:50 - 2011-09-17 21:19 - 00002896 _____ () C:\Windows\system32\AutoRunFilter.ini</p><p>2014-07-03 18:06 - 2014-07-03 18:06 - 03231552 _____ () C:\Users\sheri\Downloads\SamsungPrinterInstaller.exe</p><p>2014-07-03 12:58 - 2012-08-23 17:33 - 00816570 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2014-07-03 12:51 - 2014-07-03 12:51 - 00000000 ____D () C:\ProgramData\CenturyLink</p><p>2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink</p><p>2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\Qwest</p><p>2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\CenturyLink</p><p>2014-07-03 12:50 - 2014-07-03 12:27 - 00002383 _____ () C:\Windows\CenturyLinkInstallerSetup.log</p><p>2014-07-03 12:50 - 2011-09-17 21:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information</p><p>2014-07-03 12:42 - 2014-07-03 12:42 - 02562904 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(2).exe</p><p>2014-07-03 12:34 - 2014-07-03 12:34 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(1).exe</p><p>2014-07-03 12:27 - 2014-07-03 12:27 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup.exe</p><p>2014-07-03 11:58 - 2012-12-10 10:46 - 00000000 ____D () C:\Program Files (x86)\epson</p><p>2014-07-03 08:08 - 2012-07-14 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON</p><p>2014-07-03 08:07 - 2012-12-10 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software</p><p>2014-07-02 20:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF</p><p>2014-07-02 20:13 - 2013-11-15 17:11 - 00000000 ____D () C:\ProgramData\Oracle</p><p>2014-07-02 20:10 - 2014-07-02 20:10 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60 (1).exe</p><p>2014-07-02 16:12 - 2014-07-02 16:12 - 00000000 ____D () C:\ProgramData\UpdateServer</p><p>2014-07-02 15:57 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages</p><p>2014-07-02 15:56 - 2014-07-02 08:19 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\serv</p><p>2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-07-02 15:25 - 2012-10-07 10:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2014-07-02 15:25 - 2012-10-07 10:01 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\Malwarebytes</p><p>2014-07-02 15:25 - 2012-10-07 10:01 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-07-02 15:25 - 2012-10-07 10:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2014-07-02 15:02 - 2013-09-08 16:17 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\Free Download Manager</p><p>2014-07-02 15:01 - 2011-04-02 00:36 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2014-07-02 15:01 - 2011-04-02 00:36 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2014-07-02 13:44 - 2014-07-02 13:43 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log</p><p>2014-07-02 13:41 - 2014-07-02 13:41 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60.exe</p><p>2014-07-02 13:19 - 2012-11-19 19:15 - 00000000 ____D () C:\ProgramData\Skype</p><p>2014-07-02 12:21 - 2014-07-02 12:21 - 00000000 ____D () C:\Windows\Sun</p><p>2014-07-02 12:10 - 2012-11-19 19:15 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\Skype</p><p>2014-07-02 11:21 - 2014-06-19 22:12 - 00000000 ____D () C:\Windows\Minidump</p><p>2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default\AppData\Local\Google</p><p>2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google</p><p>2014-07-02 10:23 - 2011-09-17 21:20 - 00000000 ____D () C:\ProgramData\Temp</p><p>2014-07-02 09:52 - 2014-07-02 09:37 - 00000000 ____D () C:\ProgramData\UpdateCommon</p><p>2014-07-02 09:51 - 2014-07-02 09:51 - 00000000 ____D () C:\ProgramData\MediaDev</p><p>2014-07-02 09:40 - 2014-07-02 09:40 - 00001152 _____ () C:\Users\Guest\Desktop\YouTube Accelerator.lnk</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000258 __RSH () C:\ProgramData\ntuser.pol</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Packages</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Comodo</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo</p><p>2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\ProgramData\SearchModule</p><p>2014-07-02 09:39 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google</p><p>2014-07-02 09:39 - 2012-07-14 07:11 - 00000000 ____D () C:\Users\sheri\AppData\Local\Google</p><p>2014-07-02 09:39 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy</p><p>2014-07-02 09:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy</p><p>2014-06-30 12:54 - 2013-11-02 08:48 - 00000000 ____D () C:\Users\sheri\Desktop\Recipes</p><p>2014-06-29 22:09 - 2014-07-09 07:28 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll</p><p>2014-06-29 22:04 - 2014-07-09 07:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00057168 _____ (Microsoft Corporation) C:\Windows\system32\vcomp100.dll</p><p>2014-06-24 13:19 - 2014-06-24 13:19 - 00051024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp100.dll</p><p>2014-06-22 06:55 - 2012-07-14 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2014-06-20 16:14 - 2014-07-09 07:28 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2014-06-20 15:39 - 2014-07-09 07:27 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll</p><p>2014-06-20 13:42 - 2014-06-20 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox</p><p>2014-06-19 16:41 - 2014-06-19 16:40 - 00000664 _____ () C:\Users\Guest\Downloads\server.properties</p><p>2014-06-19 16:41 - 2014-06-19 16:40 - 00000000 ____D () C:\Users\Guest\Downloads\world</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 10000357 _____ () C:\Users\Guest\Downloads\minecraft_server.1.7.9.exe</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\whitelist.json</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\usercache.json</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\ops.json</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-players.json</p><p>2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-ips.json</p><p>2014-06-19 16:39 - 2014-06-19 16:39 - 00675988 _____ () C:\Users\Guest\Downloads\Minecraft.exe</p><p>2014-06-19 16:39 - 2014-06-19 16:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia</p><p>2014-06-19 16:39 - 2014-06-17 07:08 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\.minecraft</p><p>2014-06-18 21:39 - 2014-07-09 07:27 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2014-06-18 21:06 - 2014-07-09 07:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2014-06-18 21:06 - 2014-07-09 07:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll</p><p>2014-06-18 20:48 - 2014-07-09 07:27 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2014-06-18 20:42 - 2014-07-09 07:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2014-06-18 20:42 - 2014-07-09 07:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2014-06-18 20:41 - 2014-07-09 07:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll</p><p>2014-06-18 20:41 - 2014-07-09 07:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll</p><p>2014-06-18 20:32 - 2014-07-09 07:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2014-06-18 20:31 - 2014-07-09 07:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2014-06-18 20:26 - 2014-07-09 07:27 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2014-06-18 20:24 - 2014-07-09 07:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2014-06-18 20:24 - 2014-07-09 07:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe</p><p>2014-06-18 20:23 - 2014-07-09 07:27 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll</p><p>2014-06-18 20:16 - 2014-07-09 07:28 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2014-06-18 20:14 - 2014-07-09 07:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe</p><p>2014-06-18 20:09 - 2014-07-09 07:27 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2014-06-18 19:59 - 2014-07-09 07:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll</p><p>2014-06-18 19:56 - 2014-07-09 07:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2014-06-18 19:53 - 2014-07-09 07:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2014-06-18 19:51 - 2014-07-09 07:27 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2014-06-18 19:50 - 2014-07-09 07:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2014-06-18 19:48 - 2014-07-09 07:27 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2014-06-18 19:39 - 2014-07-09 07:27 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2014-06-18 19:38 - 2014-07-09 07:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2014-06-18 19:37 - 2014-07-09 07:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2014-06-18 19:36 - 2014-07-09 07:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll</p><p>2014-06-18 19:35 - 2014-07-09 07:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll</p><p>2014-06-18 19:33 - 2014-07-09 07:27 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2014-06-18 19:32 - 2014-07-09 07:27 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2014-06-18 19:28 - 2014-07-09 07:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2014-06-18 19:28 - 2014-07-09 07:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2014-06-18 19:27 - 2014-07-09 07:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2014-06-18 19:27 - 2014-07-09 07:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll</p><p>2014-06-18 19:25 - 2014-07-09 07:27 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2014-06-18 19:23 - 2014-07-09 07:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2014-06-18 19:22 - 2014-07-09 07:28 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll</p><p>2014-06-18 19:12 - 2014-07-09 07:28 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll</p><p>2014-06-18 19:06 - 2014-07-09 07:28 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll</p><p>2014-06-18 19:01 - 2014-07-09 07:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll</p><p>2014-06-18 18:59 - 2014-07-09 07:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2014-06-18 18:58 - 2014-07-09 07:27 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2014-06-18 18:58 - 2014-07-09 07:27 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll</p><p>2014-06-18 18:52 - 2014-07-09 07:27 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2014-06-18 18:51 - 2014-07-09 07:27 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2014-06-18 18:49 - 2014-07-09 07:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2014-06-18 18:46 - 2014-07-09 07:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll</p><p>2014-06-18 18:45 - 2014-07-09 07:27 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2014-06-18 18:35 - 2014-07-09 07:27 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2014-06-18 18:34 - 2014-07-09 07:27 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2014-06-18 18:15 - 2014-07-09 07:27 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2014-06-18 18:13 - 2014-07-09 07:27 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2014-06-18 18:09 - 2014-07-09 07:28 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2014-06-18 18:07 - 2014-07-09 07:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll</p><p>2014-06-17 22:18 - 2014-07-09 07:28 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe</p><p>2014-06-17 21:51 - 2014-07-09 07:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe</p><p>2014-06-17 21:10 - 2014-07-09 07:28 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2014-06-17 07:47 - 2014-06-17 07:47 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ASUS WebStorage</p><p>2014-06-17 07:26 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Samsung</p><p>2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla</p><p>2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla</p><p>2014-06-17 07:09 - 2014-06-17 07:09 - 00001204 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</p><p>2014-06-17 07:09 - 2014-06-17 07:09 - 00001196 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk</p><p>2014-06-17 07:09 - 2014-06-17 07:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla Firefox</p><p>2014-06-17 07:06 - 2014-06-17 07:06 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts</p><p>2014-06-17 07:05 - 2014-06-17 07:05 - 00121880 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList</p><p>2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList</p><p>2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia</p><p>2014-06-17 07:03 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ArcSoft</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00002257 _____ () C:\Users\Guest\Desktop\Internet Browser.lnk</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00001415 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Epson</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Power2Go</p><p>2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\ArcSoft</p><p>2014-06-17 07:02 - 2014-06-17 07:01 - 00000000 ____D () C:\Users\Guest</p><p>2014-06-17 07:02 - 2011-04-02 00:49 - 00000000 ____D () C:\ProgramData\Trend Micro</p><p>2014-06-17 07:01 - 2014-06-17 07:01 - 00000020 ___SH () C:\Users\Guest\ntuser.ini</p><p>2014-06-17 07:01 - 2014-06-17 07:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Motorola Mobility</p><p>2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Guest\AppData\Local\Temp\6_Offer_17.exe</p><p>C:\Users\Guest\AppData\Local\Temp\f.exe</p><p>C:\Users\Guest\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe</p><p>C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite.dll</p><p>C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite21241.dll</p><p>C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite44912.dll</p><p>C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite94343.dll</p><p>C:\Users\sheri\AppData\Local\Temp\APNSetup.exe</p><p>C:\Users\sheri\AppData\Local\Temp\cabex.dll</p><p>C:\Users\sheri\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnhwqfm.dll</p><p>C:\Users\sheri\AppData\Local\Temp\paint.net.4.0.install.exe</p><p>C:\Users\sheri\AppData\Local\Temp\Quarantine.exe</p><p>C:\Users\sheri\AppData\Local\Temp\unelevate.exe</p><p>C:\Users\sheri\AppData\Local\Temp\v-bates.exe</p><p>C:\Users\sheri\AppData\Local\Temp\VARemove.exe</p><p>C:\Users\sheri\AppData\Local\Temp\youtubeAccelerator_partnerobr_setup.exe</p><p>C:\Users\sheri\AppData\Local\Temp\_is1825.exe</p><p>C:\Users\sheri\AppData\Local\Temp\_is2407.exe</p><p>C:\Users\sheri\AppData\Local\Temp\_isA812.exe</p><p>C:\Users\sheri\AppData\Local\Temp\_isD4C.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-07-07 09:11</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Sheri Evenson, post: 225692, member: 24890"] Thanks for the response. The test is below. Also, 'WinXpert' from this community has started a new conversation with me, requesting a copy of the vmhost.exe file. There was no 'upload a file' on that conversation, should I attach it here? Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014 Ran by sheri at 2014-07-12 07:01:06 Running from C:\Users\sheri\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902} AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS) ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS) ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.) AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: - ) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.) CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Download Manager and Options (HKLM\...\Download_Manager_and_Options) (Version: 1.0 - Download Manager and Options) EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation) ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS) Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden H&R Block Basic + Efile 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.02.7803 - HRB Technology, LLC.) H&R Block Deluxe + Efile 2013 (HKLM-x32\...\{AD9F55C5-93F8-4CAB-A311-77C195912CA4}) (Version: 13.04.6502 - HRB Technology, LLC.) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.220 - SurfRight B.V.) HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.) Home Plan Pro version 5.2.25.14 (HKLM-x32\...\{D95AA4F4-9FCF-4BD8-AC07-AB1912A202E2}_is1) (Version: - Home Plan Software) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation) iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version: - ) Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.3 - Motorola Mobility) Motorola Device Software Update (x32 Version: 13.07.3101 - Motorola Mobility) Hidden Motorola Mobile Drivers Installation 6.2.0 (HKLM\...\{8EC78F02-5C36-4C97-AAC4-95A3D742A285}) (Version: 6.2.0 - Motorola Inc.) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0175 - REALTEK Semiconductor Corp.) Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.) Samsung CLX-4190 Series (HKLM-x32\...\Samsung CLX-4190 Series) (Version: 1.07 (1/7/2013) - Samsung Electronics Co., Ltd.) Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.04.21 (12/10/2012) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.84.01(12/11/2012) - Samsung Electronics Co., Ltd.) Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.06.34 (9/4/2012) - Samsung Electronics Co., Ltd.) Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.05 (7/10/2012) - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (x32 Version: 1.00.20.03 - Samsung Electronics Co., Ltd.) Hidden SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables) Tax Forms Helper 2012 10.5 (HKLM-x32\...\Tax Forms Helper 2012_is1) (Version: - ) Tax Forms Helper 2013 11.0 (HKLM-x32\...\Tax Forms Helper 2013_is1) (Version: - ) Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.) Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) VIP Stitch Artist (HKLM-x32\...\{05CDEA78-F955-4128-A0FB-1094A6A2C20E}) (Version: 1.00.0000 - Emnet Software Ltd.) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS) Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS) 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation) 適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Restore Points ========================= 09-07-2014 00:44:17 Revo Uninstaller Pro's restore point - costmin 09-07-2014 11:46:48 Revo Uninstaller Pro's restore point - Ask Toolbar 09-07-2014 12:08:54 Revo Uninstaller Pro's restore point - SaveOn 09-07-2014 12:52:25 Revo Uninstaller Pro's restore point - Ask Toolbar 09-07-2014 12:55:02 Windows Update 10-07-2014 15:52:48 Revo Uninstaller Pro's restore point - Google Chrome 10-07-2014 16:04:37 Revo Uninstaller Pro's restore point - Dropbox 10-07-2014 16:11:32 Revo Uninstaller Pro's restore point - Java 7 Update 60 10-07-2014 16:12:28 Removed Java 7 Update 60 10-07-2014 17:17:59 Revo Uninstaller Pro's restore point - chrome 11-07-2014 00:41:25 Checkpoint by HitmanPro 11-07-2014 00:42:51 Checkpoint by HitmanPro ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {011E4EB5-09B8-4E8B-9A57-DA91A3D848CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {0206B888-5641-4DD7-BA50-35E55326B3C9} - \FF Watcher {5C3AEA23-296F-4F46-83CB-DBDD6624E8D7} No Task File <==== ATTENTION Task: {0E170835-29A9-44CF-B9A1-94573D708D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.) Task: {185509F3-CB76-41F6-8DF0-C0E45C7F862F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation) Task: {20E12FE9-7F70-4E65-AA9B-3C025BB11DA1} - \APSnotifierPP3 No Task File <==== ATTENTION Task: {4082C7C1-D7FF-49F7-99D9-EE0C1D0BEEC2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS) Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.) Task: {4E23EB63-0643-4058-AE7D-1B163AA5824E} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS) Task: {4FF79F63-6651-4148-9502-906B6287070D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {90FD8397-C43F-4ED4-8CEF-2EBE01ABE240} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation) Task: {9F827025-5EA0-4775-87A6-279E6FEB4EFF} - \Microsoft\Windows\Maintenance\Idle-Crawler Update No Task File <==== ATTENTION Task: {A5A4189D-12F1-477D-B244-B5AA4B038969} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] () Task: {A5F7A4D2-C94D-4782-BE72-D0A7F1CF66A2} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.) Task: {C58CE1B7-E231-429C-A7E1-242715EB6E5A} - \APSnotifierPP2 No Task File <==== ATTENTION Task: {D0D9D433-01EF-4B68-8F4E-F6ED92C31B72} - System32\Tasks\pick up Jake Task: {D2DCC199-992D-4BE5-A563-A63664BCF34C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] () Task: {D85ED685-0662-41EE-8DE1-D1942B54B12C} - \Idle-Crawler Runner No Task File <==== ATTENTION Task: {E9DCBAFA-3166-47EA-8770-62A7A73D578E} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS) Task: {EDE6218E-3677-4BAD-8AD0-2A6BEC959E0A} - \APSnotifierPP1 No Task File <==== ATTENTION Task: {F93E3557-D301-4563-8EF3-CBE4FDB91804} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION Task: {FAC2409E-3B98-422B-91A2-DDDC52A1CCA6} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS) Task: {FCE38BCE-FF2C-4541-AE4A-F980729B6608} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-09-10 13:09 - 2012-07-31 11:31 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll 2012-12-09 17:28 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2013-09-19 11:20 - 2012-02-09 06:28 - 00034304 _____ () C:\Windows\System32\ssy4clm.dll 2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2014-07-12 06:35 - 2014-05-20 12:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2012-02-20 22:23 - 2012-02-20 22:23 - 00456704 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2012-02-20 22:23 - 2012-02-20 22:23 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2011-04-02 00:49 - 2010-09-17 04:52 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll 2011-04-02 00:49 - 2010-09-17 04:52 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll 2014-07-11 09:55 - 2014-07-12 06:28 - 00353792 _____ () C:\ProgramData\UpdateTask\vmhost.exe 2014-03-19 07:27 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2011-12-06 16:21 - 2011-12-06 16:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 1998-08-28 03:42 - 1998-08-28 03:42 - 00138752 _____ () D:\lotus\organize\ormprot.dll 1998-08-28 03:42 - 1998-08-28 03:42 - 00220160 _____ () D:\lotus\organize\ormutil.dll 1998-08-28 03:42 - 1998-08-28 03:42 - 00153088 _____ () D:\lotus\organize\ormmime.dll 2007-07-12 11:11 - 2007-07-12 11:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2009-11-02 17:20 - 2009-11-02 17:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 17:23 - 2009-11-02 17:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2013-06-20 17:35 - 2013-06-20 17:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2014-07-10 20:49 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll 2014-07-10 20:49 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll 2014-07-10 20:49 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-07-10 20:49 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-07-10 20:49 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-07-10 07:29 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\sheri\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:56E2E879 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/12/2014 06:19:31 AM) (Source: ESENT) (EventID: 447) (User: ) Description: Catalog Database (1136) Catalog Database: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 9, PgnoRoot: 39) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb (6672 => 6690, Catalog Database0). Error: (07/11/2014 07:39:08 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11856 Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11856 Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4524 Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4524 Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3338 Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3338 System errors: ============= Error: (07/12/2014 06:19:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PMEM service failed to start due to the following error: %%1275 Error: (07/12/2014 06:19:46 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/12/2014 06:18:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SO_Sustainer service to connect. Error: (07/11/2014 09:46:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PMEM service failed to start due to the following error: %%1275 Error: (07/11/2014 09:46:09 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/11/2014 09:44:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SO_Sustainer service to connect. Error: (07/11/2014 08:44:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PMEM service failed to start due to the following error: %%1275 Error: (07/11/2014 08:44:54 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/11/2014 08:43:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SO_Sustainer service to connect. Error: (07/11/2014 08:41:19 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: %%1056 Microsoft Office Sessions: ========================= Error: (07/12/2014 06:19:31 AM) (Source: ESENT) (EventID: 447) (User: ) Description: Catalog Database1136Catalog Database: -327939C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb667266906689 Error: (07/11/2014 07:39:08 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11856 Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11856 Error: (07/11/2014 00:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4524 Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4524 Error: (07/11/2014 00:26:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3338 Error: (07/11/2014 00:25:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3338 CodeIntegrity Errors: =================================== Date: 2014-07-12 06:28:10.360 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-12 06:19:46.921 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-12 06:19:46.762 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-12 06:17:29.136 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 10:20:56.085 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 09:55:53.241 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 09:46:09.266 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-11 09:46:09.032 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-11 09:44:02.292 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-07-11 09:22:24.669 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 5922.21 MB Available physical RAM: 3639.43 MB Total Pagefile: 11842.61 MB Available Pagefile: 9273.16 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:118.45 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:332.7 GB) (Free:331.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: AA9693FE) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=238 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=333 GB) - (Type=OF Extended) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014 Ran by sheri (administrator) on SHERI-PC on 12-07-2014 06:59:19 Running from C:\Users\sheri\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/[/url] Download link for 64-Bit Version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/[/url] Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Lotus Development Corporation) D:\lotus\organize\easyclip.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (ASUS) C:\Windows\AsScrPro.exe (CenturyLink Inc) C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Lotus Development Corporation.) D:\lotus\smartctr\suitest.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (VM Host Corporation) C:\ProgramData\MediaDev\1404309117\mediadev.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (VM Host Corporation) C:\ProgramData\UpdateServer\1404331945\webdev.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\ProgramData\UpdateTask\vmhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\ProgramData\UpdateTask\vmhost.exe (Farbar) C:\Users\sheri\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor) HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] () HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme) HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe" HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [49008 2013-09-24] (CenturyLink Inc) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1049442813-3991357132-1231262002-1000\...\Run: [EPSON Artisan 800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\1\E_IATIEMA.EXE /FU "C:\Windows\TEMP\E_S71B7.tmp" /EF "HKCU" HKU\S-1-5-21-1049442813-3991357132-1231262002-1000\...\MountPoints2: {9d95d695-d9ca-11e2-bce8-5404a603f35f} - F:\MotorolaDeviceManagerSetup.exe -a HKU\S-1-5-21-1049442813-3991357132-1231262002-1000\...\MountPoints2: {bfd27893-e413-11e3-8b84-5404a603f35f} - F:\MotorolaDeviceManagerSetup.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk ShortcutTarget: Lotus Organizer EasyClip.lnk -> D:\lotus\organize\easyclip.exe (Lotus Development Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk ShortcutTarget: Lotus QuickStart.lnk -> D:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SmartCenter.lnk ShortcutTarget: Lotus SmartCenter.lnk -> D:\lotus\smartctr\smartctr.exe (Lotus Development Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SuiteStart.lnk ShortcutTarget: Lotus SuiteStart.lnk -> D:\lotus\smartctr\suitest.exe (Lotus Development Corporation.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://asus.msn.com[/url] SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = [url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT[/url] SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226 FireFox: ======== FF ProfilePath: C:\Users\sheri\AppData\Roaming\Mozilla\Firefox\Profiles\lrmasvi1.default-1405036654838 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\sheri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\sheri\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-04-02] Chrome: ======= CHR HomePage: CHR Plugin: (Widevine Content Decryption Module) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 7 U60) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\sheri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Catalina Savings Printer) - C:\Users\sheri\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File CHR Extension: (Google Docs) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-11] CHR Extension: (Google Drive) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-11] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20] CHR Extension: (YouTube) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-11] CHR Extension: (Search) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-11] CHR Extension: (CostMin) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokekgnfmegppabphahifeaihcfdjdoe [2014-07-02] CHR Extension: (User Agent Switcher) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2014-07-02] CHR Extension: (Google Wallet) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-11] CHR Extension: (CostMin) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokekgnfmegppabphahifeaihcfdjdoe\2.2 [2014-07-02] CHR HKLM-x32\...\Chrome\Extension: [aaaappmhgaaggeoepicjahnbofmjacog] - C:\Users\sheri\AppData\Local\APN\GoogleCRXs\aaaappmhgaaggeoepicjahnbofmjacog_7.15.4.0.crx [2014-07-02] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-10] (SurfRight B.V.) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-10] (SurfRight B.V.) R2 MediaDevSrv; C:\ProgramData\MediaDev\1404309117\mediadev.exe [366952 2014-07-02] (VM Host Corporation) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [239616 2012-09-17] (Samsung Electronics Co., Ltd.) [File not signed] R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.) R2 WinDevSrv; C:\ProgramData\UpdateServer\1404331945\webdev.exe [389992 2014-07-02] (VM Host Corporation) S2 29850aa3; "C:\Windows\system32\rundll32.exe" "c:\progra~2\so_boo~1\AssistantSvc.dll",service S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X] ==================== Drivers (Whitelisted) ==================== R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-10] () R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S2 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed] R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.) R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.) R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.) S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-12 06:59 - 2014-07-12 07:00 - 00027147 _____ () C:\Users\sheri\Downloads\FRST.txt 2014-07-12 06:57 - 2014-07-12 06:57 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64 (1).exe 2014-07-12 06:52 - 2014-07-12 06:59 - 00000000 ____D () C:\FRST 2014-07-12 06:52 - 2014-07-12 06:52 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64.exe 2014-07-11 08:33 - 2014-07-11 08:33 - 01348263 _____ () C:\Users\sheri\Downloads\AdwCleaner.exe 2014-07-10 20:49 - 2014-07-10 20:49 - 00895120 _____ (Google Inc.) C:\Users\sheri\Downloads\ChromeSetup.exe 2014-07-10 20:49 - 2014-07-10 20:49 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-10 20:49 - 2014-07-10 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-10 20:43 - 2014-07-10 20:43 - 00008998 _____ () C:\Windows\system32\.crusader 2014-07-10 20:16 - 2014-07-10 20:16 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\Program Files\HitmanPro 2014-07-10 20:15 - 2014-07-10 20:44 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-07-10 20:14 - 2014-07-10 20:15 - 11185664 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hitmanpro_x64.exe 2014-07-10 20:13 - 2014-07-12 07:00 - 00000000 ____D () C:\Windows\CryptoGuard 2014-07-10 20:13 - 2014-07-11 06:24 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert 2014-07-10 20:13 - 2014-07-10 20:50 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll 2014-07-10 20:13 - 2014-07-10 20:50 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll 2014-07-10 20:13 - 2014-07-10 20:50 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys 2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2014-07-10 20:12 - 2014-07-10 20:12 - 01889616 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hmpalert.exe 2014-07-10 10:32 - 2014-07-10 10:33 - 01086056 _____ () C:\Users\sheri\Downloads\jvlsetup (1).exe 2014-07-09 07:28 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-09 07:28 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-09 07:28 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 07:28 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 07:28 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 07:28 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 07:28 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 07:28 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 07:28 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 07:28 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 07:28 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 07:28 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 07:28 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 07:28 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 07:28 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 07:28 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 07:28 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 07:28 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 07:28 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 07:28 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 07:28 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 07:28 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-09 07:28 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-09 07:28 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-09 07:28 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-09 07:28 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-09 07:28 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-09 07:28 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-09 07:28 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-09 07:28 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-09 07:28 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-09 07:28 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-09 07:28 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-09 07:28 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-09 07:28 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-09 07:28 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 07:27 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 07:27 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 07:27 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 07:27 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 07:27 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 07:27 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 07:27 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 07:27 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 07:27 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 07:27 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 07:27 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 07:27 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 07:27 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 07:27 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 07:27 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 07:27 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 07:27 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 07:27 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 07:27 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 07:27 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 07:27 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 07:27 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 07:27 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 07:27 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 07:27 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 07:27 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 07:27 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 07:27 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 07:27 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 07:27 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 07:27 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 07:27 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 07:27 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 07:27 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 07:27 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 07:27 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 07:27 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 07:27 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 07:27 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 07:27 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 07:27 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 07:27 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 07:25 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 07:25 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 07:25 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-08 20:34 - 2014-07-10 11:47 - 00001236 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\sheri\AppData\Local\VS Revo Group 2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-07-08 20:34 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2014-07-08 19:33 - 2014-07-08 19:33 - 07921688 _____ (VS Revo Group ) C:\Users\sheri\Downloads\RevoUninProSetup259.exe 2014-07-08 16:10 - 2014-07-08 16:10 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510 (1).xls 2014-07-08 09:12 - 2014-07-08 09:16 - 109632768 _____ (Microsoft Corporation) C:\Users\sheri\Downloads\msert.exe 2014-07-07 13:42 - 2014-07-07 13:42 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510.xls 2014-07-06 10:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-06 10:48 - 2014-07-11 08:40 - 00000000 ____D () C:\AdwCleaner 2014-07-06 10:48 - 2014-07-06 10:48 - 01346519 _____ () C:\Users\sheri\Downloads\adwcleaner_3.214.exe 2014-07-06 10:45 - 2014-07-06 10:45 - 00011643 _____ () C:\Users\sheri\Desktop\JRT.txt 2014-07-06 10:13 - 2014-07-06 10:13 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT (1).exe 2014-07-06 10:05 - 2014-07-06 10:05 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT.exe 2014-07-06 10:05 - 2014-07-06 10:05 - 00000000 ____D () C:\Windows\ERUNT 2014-07-04 20:45 - 2014-07-12 06:30 - 00000000 ____D () C:\Users\sheri\AppData\Local\Deployment 2014-07-04 09:55 - 2014-07-04 09:55 - 00001178 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 40510.crdownload 2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 272783.crdownload 2014-07-03 18:06 - 2014-07-03 18:06 - 03231552 _____ () C:\Users\sheri\Downloads\SamsungPrinterInstaller.exe 2014-07-03 12:51 - 2014-07-03 12:51 - 00000000 ____D () C:\ProgramData\CenturyLink 2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink 2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\Qwest 2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\CenturyLink 2014-07-03 12:42 - 2014-07-03 12:42 - 02562904 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(2).exe 2014-07-03 12:34 - 2014-07-03 12:34 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(1).exe 2014-07-03 12:27 - 2014-07-03 12:50 - 00002383 _____ () C:\Windows\CenturyLinkInstallerSetup.log 2014-07-03 12:27 - 2014-07-03 12:27 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup.exe 2014-07-02 20:10 - 2014-07-02 20:10 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60 (1).exe 2014-07-02 16:12 - 2014-07-02 16:12 - 00000000 ____D () C:\ProgramData\UpdateServer 2014-07-02 15:25 - 2014-07-11 08:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-02 15:25 - 2014-07-11 08:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-02 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-02 13:43 - 2014-07-02 13:44 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log 2014-07-02 13:41 - 2014-07-02 13:41 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60.exe 2014-07-02 12:21 - 2014-07-02 12:21 - 00000000 ____D () C:\Windows\Sun 2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default\AppData\Local\Google 2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google 2014-07-02 09:51 - 2014-07-02 09:51 - 00000000 ____D () C:\ProgramData\MediaDev 2014-07-02 09:46 - 2014-07-12 06:28 - 00000000 ____D () C:\ProgramData\UpdateTask 2014-07-02 09:40 - 2014-07-02 09:40 - 00001152 _____ () C:\Users\Guest\Desktop\YouTube Accelerator.lnk 2014-07-02 09:39 - 2014-07-10 20:43 - 00000000 ____D () C:\Users\sheri\AppData\Local\Idle-Crawler 2014-07-02 09:39 - 2014-07-09 08:09 - 00000000 ____D () C:\ProgramData\InstallMate 2014-07-02 09:39 - 2014-07-05 14:23 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-07-02 09:39 - 2014-07-02 09:39 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Packages 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Comodo 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\ProgramData\SearchModule 2014-07-02 09:37 - 2014-07-02 09:52 - 00000000 ____D () C:\ProgramData\UpdateCommon 2014-07-02 08:19 - 2014-07-02 15:56 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\serv 2014-06-24 13:19 - 2014-06-24 13:19 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll 2014-06-24 13:19 - 2014-06-24 13:19 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2014-06-24 13:19 - 2014-06-24 13:19 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll 2014-06-24 13:19 - 2014-06-24 13:19 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2014-06-24 13:19 - 2014-06-24 13:19 - 00057168 _____ (Microsoft Corporation) C:\Windows\system32\vcomp100.dll 2014-06-24 13:19 - 2014-06-24 13:19 - 00051024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp100.dll 2014-06-20 13:41 - 2014-06-20 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-19 22:12 - 2014-07-02 11:21 - 00000000 ____D () C:\Windows\Minidump 2014-06-19 16:40 - 2014-06-19 16:41 - 00000664 _____ () C:\Users\Guest\Downloads\server.properties 2014-06-19 16:40 - 2014-06-19 16:41 - 00000000 ____D () C:\Users\Guest\Downloads\world 2014-06-19 16:40 - 2014-06-19 16:40 - 10000357 _____ () C:\Users\Guest\Downloads\minecraft_server.1.7.9.exe 2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\whitelist.json 2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\usercache.json 2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\ops.json 2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-players.json 2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-ips.json 2014-06-19 16:39 - 2014-06-19 16:39 - 00675988 _____ () C:\Users\Guest\Downloads\Minecraft.exe 2014-06-19 16:39 - 2014-06-19 16:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia 2014-06-17 07:47 - 2014-06-17 07:47 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ASUS WebStorage 2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla 2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla 2014-06-17 07:09 - 2014-06-17 07:09 - 00001204 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-17 07:09 - 2014-06-17 07:09 - 00001196 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk 2014-06-17 07:09 - 2014-06-17 07:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla Firefox 2014-06-17 07:08 - 2014-06-19 16:39 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\.minecraft 2014-06-17 07:06 - 2014-06-17 07:06 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts 2014-06-17 07:05 - 2014-06-17 07:05 - 00121880 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList 2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList 2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia 2014-06-17 07:02 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-06-17 07:02 - 2014-06-17 07:26 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Samsung 2014-06-17 07:02 - 2014-06-17 07:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ArcSoft 2014-06-17 07:02 - 2014-06-17 07:02 - 00002257 _____ () C:\Users\Guest\Desktop\Internet Browser.lnk 2014-06-17 07:02 - 2014-06-17 07:02 - 00001415 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Epson 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Power2Go 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\ArcSoft 2014-06-17 07:01 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest 2014-06-17 07:01 - 2014-06-17 07:01 - 00000020 ___SH () C:\Users\Guest\ntuser.ini 2014-06-17 07:01 - 2014-06-17 07:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Motorola Mobility 2014-06-17 07:01 - 2013-10-11 19:15 - 00002106 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2014-06-17 07:01 - 2011-09-17 21:21 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2014-06-17 07:01 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-17 07:01 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys ==================== One Month Modified Files and Folders ======= 2014-07-12 07:00 - 2014-07-12 06:59 - 00027147 _____ () C:\Users\sheri\Downloads\FRST.txt 2014-07-12 07:00 - 2014-07-10 20:13 - 00000000 ____D () C:\Windows\CryptoGuard 2014-07-12 06:59 - 2014-07-12 06:52 - 00000000 ____D () C:\FRST 2014-07-12 06:57 - 2014-07-12 06:57 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64 (1).exe 2014-07-12 06:52 - 2014-07-12 06:52 - 02084864 _____ (Farbar) C:\Users\sheri\Downloads\FRST64.exe 2014-07-12 06:37 - 2013-10-11 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-07-12 06:30 - 2014-07-04 20:45 - 00000000 ____D () C:\Users\sheri\AppData\Local\Deployment 2014-07-12 06:28 - 2014-07-02 09:46 - 00000000 ____D () C:\ProgramData\UpdateTask 2014-07-12 06:27 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-12 06:27 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-12 06:25 - 2011-09-17 21:05 - 01538459 _____ () C:\Windows\WindowsUpdate.log 2014-07-12 06:23 - 2012-07-15 23:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-12 06:18 - 2013-01-16 15:58 - 00000000 ____D () C:\Temp 2014-07-12 06:18 - 2012-07-14 07:07 - 00000000 ___HD () C:\ASUS.DAT 2014-07-12 06:18 - 2011-04-02 00:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-12 06:17 - 2011-04-02 00:17 - 00795246 _____ () C:\Windows\PFRO.log 2014-07-12 06:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-12 06:17 - 2009-07-14 00:51 - 00177143 _____ () C:\Windows\setupact.log 2014-07-12 00:06 - 2011-04-02 00:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-11 08:49 - 2014-07-02 15:25 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-11 08:48 - 2014-07-02 15:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-11 08:40 - 2014-07-06 10:48 - 00000000 ____D () C:\AdwCleaner 2014-07-11 08:33 - 2014-07-11 08:33 - 01348263 _____ () C:\Users\sheri\Downloads\AdwCleaner.exe 2014-07-11 06:24 - 2014-07-10 20:13 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert 2014-07-10 20:50 - 2014-07-10 20:13 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll 2014-07-10 20:50 - 2014-07-10 20:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll 2014-07-10 20:50 - 2014-07-10 20:13 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys 2014-07-10 20:49 - 2014-07-10 20:49 - 00895120 _____ (Google Inc.) C:\Users\sheri\Downloads\ChromeSetup.exe 2014-07-10 20:49 - 2014-07-10 20:49 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-10 20:49 - 2014-07-10 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-10 20:49 - 2011-04-02 00:36 - 00000000 ____D () C:\Program Files (x86)\Google 2014-07-10 20:46 - 2011-09-17 21:19 - 00001776 _____ () C:\Windows\system32\ServiceFilter.ini 2014-07-10 20:44 - 2014-07-10 20:15 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-07-10 20:43 - 2014-07-10 20:43 - 00008998 _____ () C:\Windows\system32\.crusader 2014-07-10 20:43 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Idle-Crawler 2014-07-10 20:16 - 2014-07-10 20:16 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-07-10 20:16 - 2014-07-10 20:16 - 00000000 ____D () C:\Program Files\HitmanPro 2014-07-10 20:15 - 2014-07-10 20:14 - 11185664 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hitmanpro_x64.exe 2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2014-07-10 20:13 - 2014-07-10 20:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2014-07-10 20:12 - 2014-07-10 20:12 - 01889616 _____ (SurfRight B.V.) C:\Users\sheri\Downloads\hmpalert.exe 2014-07-10 19:30 - 2012-12-12 19:08 - 00735744 ___SH () C:\Users\sheri\Downloads\Thumbs.db 2014-07-10 19:24 - 2009-07-14 01:13 - 00820280 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-10 16:00 - 2013-12-30 14:33 - 00000000 ____D () C:\Users\sheri\Documents\Outlook Files 2014-07-10 14:55 - 2012-09-10 13:11 - 00000000 ____D () C:\Users\sheri\AppData\Local\CutePDF Writer 2014-07-10 11:47 - 2014-07-08 20:34 - 00001236 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-07-10 10:53 - 2012-09-07 15:28 - 00000000 ___RD () C:\Users\sheri\Dropbox 2014-07-10 10:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\TAPI 2014-07-10 10:33 - 2014-07-10 10:32 - 01086056 _____ () C:\Users\sheri\Downloads\jvlsetup (1).exe 2014-07-09 19:56 - 2013-09-19 11:50 - 00000099 _____ () C:\Users\Public\LMDebug.log 2014-07-09 09:15 - 2009-07-14 00:45 - 00468272 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 09:12 - 2014-05-05 20:14 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-09 09:12 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 09:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-09 09:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-09 09:08 - 2014-01-14 11:45 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 09:02 - 2012-08-29 07:54 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-09 08:23 - 2012-07-15 23:47 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-09 08:23 - 2012-07-15 23:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-09 08:23 - 2012-07-15 23:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-09 08:09 - 2014-07-02 09:39 - 00000000 ____D () C:\ProgramData\InstallMate 2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\sheri\AppData\Local\VS Revo Group 2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-07-08 19:33 - 2014-07-08 19:33 - 07921688 _____ (VS Revo Group ) C:\Users\sheri\Downloads\RevoUninProSetup259.exe 2014-07-08 16:10 - 2014-07-08 16:10 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510 (1).xls 2014-07-08 09:16 - 2014-07-08 09:12 - 109632768 _____ (Microsoft Corporation) C:\Users\sheri\Downloads\msert.exe 2014-07-07 13:42 - 2014-07-07 13:42 - 00017920 _____ () C:\Users\sheri\Downloads\Invoice 1132 Valor 1510.xls 2014-07-07 11:22 - 2014-02-20 16:53 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\.minecraft 2014-07-07 09:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-07-07 07:22 - 2012-12-10 07:58 - 00629760 ___SH () C:\Users\sheri\Desktop\Thumbs.db 2014-07-06 10:48 - 2014-07-06 10:48 - 01346519 _____ () C:\Users\sheri\Downloads\adwcleaner_3.214.exe 2014-07-06 10:45 - 2014-07-06 10:45 - 00011643 _____ () C:\Users\sheri\Desktop\JRT.txt 2014-07-06 10:31 - 2012-08-30 16:48 - 00000000 ____D () C:\Users\sheri\AppData\Local\CrashDumps 2014-07-06 10:13 - 2014-07-06 10:13 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT (1).exe 2014-07-06 10:05 - 2014-07-06 10:05 - 01016261 _____ (Thisisu) C:\Users\sheri\Downloads\JRT.exe 2014-07-06 10:05 - 2014-07-06 10:05 - 00000000 ____D () C:\Windows\ERUNT 2014-07-05 14:23 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-07-05 10:24 - 2012-07-14 07:07 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2014-07-05 10:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Branding 2014-07-04 20:45 - 2012-12-09 17:05 - 00000000 ____D () C:\Users\sheri\AppData\Local\Apps\2.0 2014-07-04 10:00 - 2012-12-09 18:01 - 00000000 ____D () C:\Users\sheri\AppData\Local\Paint.NET 2014-07-04 09:55 - 2014-07-04 09:55 - 00001178 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-07-04 09:55 - 2012-12-09 18:02 - 00001190 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk 2014-07-04 09:55 - 2012-12-09 18:02 - 00000000 ____D () C:\Program Files\Paint.NET 2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 40510.crdownload 2014-07-04 08:54 - 2014-07-04 08:54 - 00124723 _____ () C:\Users\sheri\Downloads\Unconfirmed 272783.crdownload 2014-07-04 07:50 - 2011-09-17 21:19 - 00002896 _____ () C:\Windows\system32\AutoRunFilter.ini 2014-07-03 18:06 - 2014-07-03 18:06 - 03231552 _____ () C:\Users\sheri\Downloads\SamsungPrinterInstaller.exe 2014-07-03 12:58 - 2012-08-23 17:33 - 00816570 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-07-03 12:51 - 2014-07-03 12:51 - 00000000 ____D () C:\ProgramData\CenturyLink 2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink 2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\Qwest 2014-07-03 12:50 - 2014-07-03 12:50 - 00000000 ____D () C:\Program Files (x86)\CenturyLink 2014-07-03 12:50 - 2014-07-03 12:27 - 00002383 _____ () C:\Windows\CenturyLinkInstallerSetup.log 2014-07-03 12:50 - 2011-09-17 21:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-03 12:42 - 2014-07-03 12:42 - 02562904 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(2).exe 2014-07-03 12:34 - 2014-07-03 12:34 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup(1).exe 2014-07-03 12:27 - 2014-07-03 12:27 - 02562896 _____ () C:\Users\sheri\Downloads\CenturyLinkInstallerSetup.exe 2014-07-03 11:58 - 2012-12-10 10:46 - 00000000 ____D () C:\Program Files (x86)\epson 2014-07-03 08:08 - 2012-07-14 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-07-03 08:07 - 2012-12-10 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software 2014-07-02 20:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-02 20:13 - 2013-11-15 17:11 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-02 20:10 - 2014-07-02 20:10 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60 (1).exe 2014-07-02 16:12 - 2014-07-02 16:12 - 00000000 ____D () C:\ProgramData\UpdateServer 2014-07-02 15:57 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages 2014-07-02 15:56 - 2014-07-02 08:19 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\serv 2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-02 15:25 - 2014-07-02 15:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-02 15:25 - 2012-10-07 10:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-02 15:25 - 2012-10-07 10:01 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\Malwarebytes 2014-07-02 15:25 - 2012-10-07 10:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-02 15:25 - 2012-10-07 10:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-07-02 15:02 - 2013-09-08 16:17 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\Free Download Manager 2014-07-02 15:01 - 2011-04-02 00:36 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-07-02 15:01 - 2011-04-02 00:36 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-07-02 13:44 - 2014-07-02 13:43 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log 2014-07-02 13:41 - 2014-07-02 13:41 - 00918952 _____ (Oracle Corporation) C:\Users\sheri\Downloads\chromeinstall-7u60.exe 2014-07-02 13:19 - 2012-11-19 19:15 - 00000000 ____D () C:\ProgramData\Skype 2014-07-02 12:21 - 2014-07-02 12:21 - 00000000 ____D () C:\Windows\Sun 2014-07-02 12:10 - 2012-11-19 19:15 - 00000000 ____D () C:\Users\sheri\AppData\Roaming\Skype 2014-07-02 11:21 - 2014-06-19 22:12 - 00000000 ____D () C:\Windows\Minidump 2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default\AppData\Local\Google 2014-07-02 10:35 - 2014-07-02 10:35 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google 2014-07-02 10:23 - 2011-09-17 21:20 - 00000000 ____D () C:\ProgramData\Temp 2014-07-02 09:52 - 2014-07-02 09:37 - 00000000 ____D () C:\ProgramData\UpdateCommon 2014-07-02 09:51 - 2014-07-02 09:51 - 00000000 ____D () C:\ProgramData\MediaDev 2014-07-02 09:40 - 2014-07-02 09:40 - 00001152 _____ () C:\Users\Guest\Desktop\YouTube Accelerator.lnk 2014-07-02 09:39 - 2014-07-02 09:39 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Packages 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\sheri\AppData\Local\Comodo 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\ProgramData\SearchModule 2014-07-02 09:39 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-07-02 09:39 - 2012-07-14 07:11 - 00000000 ____D () C:\Users\sheri\AppData\Local\Google 2014-07-02 09:39 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-07-02 09:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-06-30 12:54 - 2013-11-02 08:48 - 00000000 ____D () C:\Users\sheri\Desktop\Recipes 2014-06-29 22:09 - 2014-07-09 07:28 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-29 22:04 - 2014-07-09 07:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-24 13:19 - 2014-06-24 13:19 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll 2014-06-24 13:19 - 2014-06-24 13:19 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2014-06-24 13:19 - 2014-06-24 13:19 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll 2014-06-24 13:19 - 2014-06-24 13:19 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2014-06-24 13:19 - 2014-06-24 13:19 - 00057168 _____ (Microsoft Corporation) C:\Windows\system32\vcomp100.dll 2014-06-24 13:19 - 2014-06-24 13:19 - 00051024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp100.dll 2014-06-22 06:55 - 2012-07-14 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-20 16:14 - 2014-07-09 07:28 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-20 15:39 - 2014-07-09 07:27 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-06-20 13:42 - 2014-06-20 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-19 16:41 - 2014-06-19 16:40 - 00000664 _____ () C:\Users\Guest\Downloads\server.properties 2014-06-19 16:41 - 2014-06-19 16:40 - 00000000 ____D () C:\Users\Guest\Downloads\world 2014-06-19 16:40 - 2014-06-19 16:40 - 10000357 _____ () C:\Users\Guest\Downloads\minecraft_server.1.7.9.exe 2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\whitelist.json 2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\usercache.json 2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\ops.json 2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-players.json 2014-06-19 16:40 - 2014-06-19 16:40 - 00000002 _____ () C:\Users\Guest\Downloads\banned-ips.json 2014-06-19 16:39 - 2014-06-19 16:39 - 00675988 _____ () C:\Users\Guest\Downloads\Minecraft.exe 2014-06-19 16:39 - 2014-06-19 16:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia 2014-06-19 16:39 - 2014-06-17 07:08 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\.minecraft 2014-06-18 21:39 - 2014-07-09 07:27 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-18 21:06 - 2014-07-09 07:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-18 21:06 - 2014-07-09 07:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-18 20:48 - 2014-07-09 07:27 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-18 20:42 - 2014-07-09 07:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-18 20:42 - 2014-07-09 07:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-18 20:41 - 2014-07-09 07:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-18 20:41 - 2014-07-09 07:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-06-18 20:32 - 2014-07-09 07:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-18 20:31 - 2014-07-09 07:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-18 20:26 - 2014-07-09 07:27 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-18 20:24 - 2014-07-09 07:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-18 20:24 - 2014-07-09 07:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-18 20:23 - 2014-07-09 07:27 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-18 20:16 - 2014-07-09 07:28 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-18 20:14 - 2014-07-09 07:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-18 20:09 - 2014-07-09 07:27 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-18 19:59 - 2014-07-09 07:28 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-18 19:56 - 2014-07-09 07:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-18 19:53 - 2014-07-09 07:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-18 19:51 - 2014-07-09 07:27 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-18 19:50 - 2014-07-09 07:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-18 19:48 - 2014-07-09 07:27 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-18 19:39 - 2014-07-09 07:27 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-18 19:38 - 2014-07-09 07:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-18 19:37 - 2014-07-09 07:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-18 19:36 - 2014-07-09 07:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-18 19:35 - 2014-07-09 07:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-06-18 19:33 - 2014-07-09 07:27 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-18 19:32 - 2014-07-09 07:27 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-18 19:28 - 2014-07-09 07:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-18 19:28 - 2014-07-09 07:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-18 19:27 - 2014-07-09 07:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-18 19:27 - 2014-07-09 07:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-18 19:25 - 2014-07-09 07:27 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-18 19:23 - 2014-07-09 07:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-18 19:22 - 2014-07-09 07:28 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-18 19:12 - 2014-07-09 07:28 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-18 19:06 - 2014-07-09 07:28 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-18 19:01 - 2014-07-09 07:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-18 18:59 - 2014-07-09 07:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-18 18:58 - 2014-07-09 07:27 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-18 18:58 - 2014-07-09 07:27 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-18 18:52 - 2014-07-09 07:27 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-18 18:51 - 2014-07-09 07:27 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-18 18:49 - 2014-07-09 07:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-18 18:46 - 2014-07-09 07:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-18 18:45 - 2014-07-09 07:27 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-18 18:35 - 2014-07-09 07:27 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-18 18:34 - 2014-07-09 07:27 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-18 18:15 - 2014-07-09 07:27 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-18 18:13 - 2014-07-09 07:27 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-18 18:09 - 2014-07-09 07:28 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-18 18:07 - 2014-07-09 07:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-17 22:18 - 2014-07-09 07:28 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-06-17 21:51 - 2014-07-09 07:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-06-17 21:10 - 2014-07-09 07:28 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-06-17 07:47 - 2014-06-17 07:47 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ASUS WebStorage 2014-06-17 07:26 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Samsung 2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla 2014-06-17 07:14 - 2014-06-17 07:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla 2014-06-17 07:09 - 2014-06-17 07:09 - 00001204 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-17 07:09 - 2014-06-17 07:09 - 00001196 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk 2014-06-17 07:09 - 2014-06-17 07:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla Firefox 2014-06-17 07:06 - 2014-06-17 07:06 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts 2014-06-17 07:05 - 2014-06-17 07:05 - 00121880 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList 2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList 2014-06-17 07:04 - 2014-06-17 07:04 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia 2014-06-17 07:03 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\ArcSoft 2014-06-17 07:02 - 2014-06-17 07:02 - 00002257 _____ () C:\Users\Guest\Desktop\Internet Browser.lnk 2014-06-17 07:02 - 2014-06-17 07:02 - 00001415 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Epson 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\Power2Go 2014-06-17 07:02 - 2014-06-17 07:02 - 00000000 ____D () C:\Users\Guest\AppData\Local\ArcSoft 2014-06-17 07:02 - 2014-06-17 07:01 - 00000000 ____D () C:\Users\Guest 2014-06-17 07:02 - 2011-04-02 00:49 - 00000000 ____D () C:\ProgramData\Trend Micro 2014-06-17 07:01 - 2014-06-17 07:01 - 00000020 ___SH () C:\Users\Guest\ntuser.ini 2014-06-17 07:01 - 2014-06-17 07:01 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Motorola Mobility 2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys Some content of TEMP: ==================== C:\Users\Guest\AppData\Local\Temp\6_Offer_17.exe C:\Users\Guest\AppData\Local\Temp\f.exe C:\Users\Guest\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite21241.dll C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite44912.dll C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite94343.dll C:\Users\sheri\AppData\Local\Temp\APNSetup.exe C:\Users\sheri\AppData\Local\Temp\cabex.dll C:\Users\sheri\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnhwqfm.dll C:\Users\sheri\AppData\Local\Temp\paint.net.4.0.install.exe C:\Users\sheri\AppData\Local\Temp\Quarantine.exe C:\Users\sheri\AppData\Local\Temp\unelevate.exe C:\Users\sheri\AppData\Local\Temp\v-bates.exe C:\Users\sheri\AppData\Local\Temp\VARemove.exe C:\Users\sheri\AppData\Local\Temp\youtubeAccelerator_partnerobr_setup.exe C:\Users\sheri\AppData\Local\Temp\_is1825.exe C:\Users\sheri\AppData\Local\Temp\_is2407.exe C:\Users\sheri\AppData\Local\Temp\_isA812.exe C:\Users\sheri\AppData\Local\Temp\_isD4C.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-07 09:11 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top