Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by dave (administrator) on DAVE-PC on 22-04-2015 18:40:35
Running from C:\Users\dave\Desktop
Loaded Profiles: dave (Available profiles: dave)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-03-04] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-14] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4147425092-1161352190-3810661310-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4147425092-1161352190-3810661310-1000\...\Run: [EPSON NX110 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE [223232 2008-09-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4147425092-1161352190-3810661310-1000\...\Run: [731C174AC52A506918168B6EF4F6B9556AD48452._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-4147425092-1161352190-3810661310-1000\...\Run: [PennyBee] => C:\Users\dave\AppData\Local\PennyBee\PennyBeeW.exe
HKU\S-1-5-21-4147425092-1161352190-3810661310-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe -update activex
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-07-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-07-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4147425092-1161352190-3810661310-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
msn
HKU\S-1-5-21-4147425092-1161352190-3810661310-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
msn
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-4147425092-1161352190-3810661310-1000 -> DefaultScope {B0B39825-EDE9-4871-B8E3-5B41F0855369} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbc_14_49_other_na01&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEtDtA0AzytCyEzyzyyD0BtN0D0Tzu0StCtDyBtCtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyB0D0EzyzyyC0FzytG0EyCyBzytG0AyEyB0EtG0ByB0BtCtGyB0F0D0D0C0D0D0F0AtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzyzyyC0C0FtCtBtGtCzytB0AtGyEyB0EzytG0B0CtC0AtG0C0EyE0DyDtBtCyDyEyCyC0C2Q&cr=492562483&ir=
SearchScopes: HKU\S-1-5-21-4147425092-1161352190-3810661310-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4147425092-1161352190-3810661310-1000 -> {B0B39825-EDE9-4871-B8E3-5B41F0855369} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbc_14_49_other_na01&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEtDtA0AzytCyEzyzyyD0BtN0D0Tzu0StCtDyBtCtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyB0D0EzyzyyC0FzytG0EyCyBzytG0AyEyB0EtG0ByB0BtCtGyB0F0D0D0C0D0D0F0AtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzyzyyC0C0FtCtBtGtCzytB0AtGyEyB0EzytG0B0CtC0AtG0C0EyE0DyDtBtCyDyEyCyC0C2Q&cr=492562483&ir=
SearchScopes: HKU\S-1-5-21-4147425092-1161352190-3810661310-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://www.google.com/search?q={searchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-22] (Sun Microsystems, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2013-01-15] (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll No File
Toolbar: HKU\S-1-5-21-4147425092-1161352190-3810661310-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-4147425092-1161352190-3810661310-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644}
https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_39 -> C:\Windows\SysWOW64\npdeployJava1.dll [2013-01-15] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2013-01-15] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-24]
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3326235&octid=EB_ORIGINAL_CTID&ISID=M761BEBB4-9A5D-4CEB-8EC0-8E10B8CE36CC&SearchSource=55&CUI=&UM=6&UP=SP61BB1358-C5E5-4C13-9A3E-ACD76727AAA2&SSPV=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ggbc_14_49_other_na01&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEtDtA0AzytCyEzyzyyD0BtN0D0Tzu0StCtDyBtCtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyB0D0EzyzyyC0FzytG0EyCyBzytG0AyEyB0EtG0ByB0BtCtGyB0F0D0D0C0D0D0F0AtCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzyzyyC0C0FtCtBtGtCzytB0AtGyEyB0EzytG0B0CtC0AtG0C0EyE0DyDtBtCyDyEyCyC0C2Q&cr=492562483&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google

ageClassification}{google:searchVersion}{google:sessionToken}{google

refetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (V9.0 Flixtor 1.1) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldlebdchfchnclgjhehlijjdeagejfh [2014-07-31]
CHR Extension: (Bookmark Manager) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [732160 2009-04-11] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [361472 2012-07-06] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2012-07-06] (Alcatel-Lucent) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [732160 2009-04-11] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [56528 2014-11-19] (NetFilterSDK.com)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== Three Months Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-22 14:58 - 2015-04-22 18:40 - 00015640 _____ () C:\Users\dave\Desktop\FRST.txt
2015-04-22 14:58 - 2015-04-22 14:58 - 00026336 _____ () C:\Users\dave\Desktop\Addition.txt
2015-04-21 13:14 - 2015-04-22 18:40 - 00000000 ____D () C:\FRST
2015-04-21 13:12 - 2015-04-21 13:12 - 02099712 _____ (Farbar) C:\Users\dave\Desktop\FRST64.exe
2015-04-21 12:59 - 2015-04-21 12:59 - 00000000 _____ () C:\Users\dave\Sti_Trace.log
2015-04-20 19:07 - 2015-04-20 19:07 - 00000053 _____ () C:\Users\dave\Desktop\Windows Vista Forums.url
2015-04-19 18:11 - 2015-04-19 18:11 - 532281938 _____ () C:\Users\dave\Desktop\myregistrybackup.reg
2015-04-16 03:14 - 2015-03-04 19:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 03:14 - 2015-03-04 18:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 03:13 - 2015-03-13 19:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 03:13 - 2015-03-13 19:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 03:13 - 2015-03-12 18:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 03:13 - 2015-03-12 18:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 03:13 - 2015-03-12 18:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 03:13 - 2015-03-12 18:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 03:13 - 2015-03-12 18:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 03:13 - 2015-03-12 18:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 03:13 - 2015-03-12 18:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 03:13 - 2015-03-12 17:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 03:13 - 2015-03-12 17:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 03:13 - 2015-03-12 17:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 03:09 - 2015-04-16 03:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-16 03:09 - 2015-04-16 03:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 03:02 - 2015-03-04 19:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 03:02 - 2015-03-04 19:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 03:02 - 2015-03-04 18:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 03:01 - 2015-03-08 18:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 03:01 - 2015-03-08 17:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 15:53 - 2015-03-09 17:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 15:53 - 2015-03-09 17:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 15:53 - 2015-03-09 17:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 15:53 - 2015-03-09 17:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 15:53 - 2015-03-09 17:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 15:53 - 2015-03-09 17:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 15:53 - 2015-03-09 17:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 15:53 - 2015-03-09 17:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 15:53 - 2015-03-09 17:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 15:53 - 2015-03-09 17:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 15:53 - 2015-03-09 17:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 15:53 - 2015-03-09 17:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 15:53 - 2015-03-09 17:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 15:53 - 2015-03-09 17:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 15:53 - 2015-03-09 17:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 15:53 - 2015-03-09 17:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 15:53 - 2015-03-09 17:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 15:53 - 2015-03-09 17:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 15:53 - 2015-03-09 17:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 15:53 - 2015-03-09 17:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 15:53 - 2015-03-09 17:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 15:53 - 2015-03-09 17:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-15 15:53 - 2015-03-09 16:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 15:53 - 2015-03-09 16:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 15:53 - 2015-03-09 16:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 15:53 - 2015-03-09 16:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 15:53 - 2015-03-09 15:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 15:53 - 2015-03-09 15:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 15:53 - 2015-03-09 15:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 15:53 - 2015-03-09 15:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 15:53 - 2015-03-09 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 15:53 - 2015-03-09 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 15:53 - 2015-03-09 15:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-15 15:53 - 2015-03-09 15:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 15:53 - 2015-03-09 15:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 15:53 - 2015-03-09 15:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 15:53 - 2015-03-09 15:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 15:53 - 2015-03-09 15:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 15:53 - 2015-03-09 15:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 15:53 - 2015-03-09 15:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 15:53 - 2015-03-09 15:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 15:53 - 2015-03-09 15:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-15 15:53 - 2015-03-09 15:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-15 15:53 - 2015-03-09 15:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-12 15:40 - 2015-02-19 19:03 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 15:40 - 2015-02-19 18:44 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 15:40 - 2015-02-19 17:39 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 15:40 - 2015-02-19 17:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 06:49 - 2014-10-12 18:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-03-11 06:49 - 2014-10-12 17:56 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-11 06:48 - 2015-01-28 18:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 06:48 - 2015-01-28 18:33 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 06:47 - 2015-02-25 17:31 - 02792960 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 06:47 - 2015-01-20 19:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 06:47 - 2015-01-20 18:42 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 06:46 - 2015-02-17 19:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 06:46 - 2015-02-17 18:42 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 06:30 - 2015-01-28 18:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 06:30 - 2015-01-28 18:33 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 06:29 - 2015-01-08 18:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 06:29 - 2015-01-08 17:29 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 06:23 - 2015-03-05 21:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 06:23 - 2015-03-05 20:35 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-24 14:34 - 2015-04-20 06:36 - 00000468 _____ () C:\Users\dave\Desktop\Oceanside, CA 10 Day Weather Forecast - weather.com.website
2015-02-11 21:35 - 2014-12-07 18:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 21:35 - 2014-12-07 18:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 21:34 - 2014-11-25 19:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 21:34 - 2014-11-25 18:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 21:29 - 2015-01-14 23:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 21:29 - 2015-01-14 21:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-04 12:23 - 2015-02-04 12:23 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-02-04 12:13 - 2015-02-04 12:13 - 00869536 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-22 18:38 - 2014-09-05 19:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-22 18:19 - 2014-12-04 15:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 18:11 - 2009-07-22 15:42 - 01809422 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 18:08 - 2014-12-04 15:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 18:08 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-22 18:08 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-22 18:08 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-22 16:34 - 2006-11-02 08:42 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-22 15:57 - 2013-08-24 06:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-22 13:28 - 2012-04-21 15:43 - 00000489 _____ () C:\Users\dave\Desktop\ESPN.com.website
2015-04-21 21:29 - 2011-09-14 14:05 - 00003678 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{09130A64-EC41-4E6D-B01F-A3CA201FD816}
2015-04-21 12:59 - 2010-12-20 10:32 - 00000000 ____D () C:\Users\dave
2015-04-16 19:21 - 2010-12-30 16:25 - 00007052 _____ () C:\Users\dave\AppData\Local\d3d9caps.dat
2015-04-16 03:11 - 2014-02-26 14:55 - 00752894 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 03:10 - 2006-11-02 05:46 - 00752894 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 03:09 - 2014-06-28 13:46 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-16 03:09 - 2013-08-16 06:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 03:09 - 2010-12-20 14:42 - 00000000 ____D () C:\ProgramData\Skype
2015-04-16 03:02 - 2006-11-02 05:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-15 15:57 - 2013-08-24 06:24 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 15:57 - 2013-08-24 06:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 15:57 - 2013-08-24 06:24 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 15:19 - 2013-04-27 12:45 - 00000488 _____ () C:\Users\dave\Desktop\San Diego Chargers.website
2015-04-03 05:54 - 2013-12-15 21:51 - 00000552 _____ () C:\Users\dave\Desktop\5-Day Forecast for Oceanside, California - FastWeather.com.website
2015-03-24 21:21 - 2013-12-15 21:49 - 00000550 _____ () C:\Users\dave\Desktop\Oceanside Weather Forecasts Maps News - Yahoo! Weather.website
==================== Files in the root of some directories =======
2014-11-16 10:42 - 2014-11-16 10:42 - 6000640 _____ () C:\Program Files (x86)\GUT4DD2.tmp
2010-12-30 16:25 - 2015-04-16 19:21 - 0007052 _____ () C:\Users\dave\AppData\Local\d3d9caps.dat
2011-08-01 20:17 - 2014-09-18 07:09 - 0018944 _____ () C:\Users\dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-27 12:47 - 2014-07-27 12:49 - 0437440 _____ () C:\Users\dave\AppData\Local\dd_vcredistMSI3629.txt
2014-07-27 12:47 - 2014-07-27 12:49 - 0021870 _____ () C:\Users\dave\AppData\Local\dd_vcredistUI3629.txt
2010-12-20 14:47 - 2010-12-20 14:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some content of TEMP:
====================
C:\Users\dave\AppData\Local\Temp\4891uninstall.exe
C:\Users\dave\AppData\Local\Temp\ICReinstall_OpenofficeSetup.exe
C:\Users\dave\AppData\Local\Temp\InstallFlashPlayer.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-12-21 13:47] - [2009-04-11 00:11] - 0732160 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\rpcss.dll No Company Name <===== ATTENTION!
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-22 18:14
==================== End Of Log ============================