oigap

Great, thanks again! Best, Houda

Hi Adam! I am no longer getting any more IP blocks, since resetting the browsers! Here is the fixlog! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014Ran by Houda K at 2014-11-15 19:38:28 Run:2Running from C:\Users\Houda K\DesktopLoaded Profile: Houda K (Available profiles: Houda K)Boot Mode: Normal============================================== Content of fixlist:*****************startC:\ProgramData\Microsoft\SecureEmptyTemp:end***************** C:\ProgramData\Microsoft\Secure => Moved successfully.EmptyTemp: => Removed 174.2 MB temporary data. The system needed a reboot. ==== End of Fixlog ====

Hello! The browsers both reset fine, and I've pasted the fixlog below: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014Ran by Houda K at 2014-11-15 18:54:02 Run:1Running from C:\Users\Houda K\DesktopLoaded Profile: Houda K (Available profiles: Houda K)Boot Mode: Normal============================================== Content of fixlist:*****************startHKLM-x32\...\Run: [] => [X]ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dllCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONAlternateDataStreams: C:\ProgramData\Temp:5C321E34HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46809759.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46809759.sys => ""="Driver"Folder: C:\Users\Houda K\AppData\Local\EmieBrowserModeListFolder: C:\ProgramData\Microsoft\SecureCMD: ipconfig /flushdnsCMD: netsh winsock reset allEmptyTemp:end***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully."HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => Key deleted successfully."HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.Could not move "C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll" => Scheduled to move on reboot."HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.C:\ProgramData\Temp => ":5C321E34" ADS removed successfully."HKLM\System\CurrentControlSet\Control\SafeBoot\Network\46809759.sys" => Key deleted successfully."HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\46809759.sys" => Key deleted successfully. ========================= Folder: C:\Users\Houda K\AppData\Local\EmieBrowserModeList ======================== 2014-11-13 23:47 - 2014-11-13 23:47 - 0000000 ___SH () C:\Users\Houda K\AppData\Local\EmieBrowserModeList\container.dat ====== End of Folder: ====== ========================= Folder: C:\ProgramData\Microsoft\Secure ======================== 2014-11-12 17:03 - 2014-11-15 12:38 - 0000000 ____D () C:\ProgramData\Microsoft\Secure\Icons2014-11-15 12:38 - 2014-11-15 12:38 - 2688512 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll2014-11-12 17:03 - 2014-11-12 17:03 - 3507200 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll2014-11-12 17:03 - 2014-11-12 17:08 - 0000000 ____D () C:\ProgramData\Microsoft\Secure\Icons\CachedIcons2014-11-12 17:08 - 2014-11-15 18:50 - 0004226 _____ () C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\zepplauncher.mif2014-11-12 17:03 - 2014-11-12 17:03 - 0000000 __SHD () C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\cache2014-11-12 17:03 - 2014-11-12 17:03 - 0000000 __SHD () C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data2014-11-12 17:03 - 2014-11-13 16:55 - 0000000 ____D () C:\ProgramData\Microsoft\Secure\Icons\temp2014-11-12 17:20 - 2014-11-12 17:20 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\{02D754FD-1C3F-DA07-2DD0-0ADE93BE7A1F}2014-11-12 17:34 - 2014-11-12 17:34 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5F63.tmp2014-11-13 11:17 - 2014-11-13 11:17 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmp62F.tmp2014-11-13 13:34 - 2014-11-13 13:34 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmp6D85.tmp2014-11-12 17:18 - 2014-11-12 17:18 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7A31.tmp2014-11-12 17:03 - 2014-11-12 17:03 - 0000000 _____ () C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB48D.tmp ====== End of Folder: ====== ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= EmptyTemp: => Removed 358.1 MB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-15 18:54:45)<= C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll => Is moved successfully. ==== End of Fixlog ====

Okay, here are all of the logs: 1. FRST.txt is pasted below: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014 Ran by Houda K (administrator) on LENOVO-YOGA on 15-11-2014 17:48:58Running from C:\Users\Houda K\DesktopLoaded Profile: Houda K (Available profiles: Houda K)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe() C:\Program Files\CyberLink\Shared files\RichVideo64.exe(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Intel Corporation) C:\Windows\System32\igfxTray.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe(Dropbox, Inc.) C:\Users\Houda K\AppData\Roaming\Dropbox\bin\Dropbox.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806000 2014-01-21] (Synaptics Incorporated)HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-06-07] ()HKLM\...\Run: [intelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2014-03-25] (Intel® Corporation)HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-06-07] (Lenovo(beijing) Limited)HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10973168 2014-06-07] (Lenovo(beijing) Limited)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)HKLM-x32\...\Run: [PaperCut MF Client] => C:\Program Files (x86)\PaperCut MF Client\pc-client.exe [274432 2014-02-12] ()HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-08-15] (Cisco Systems, Inc.)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-2698255820-4104015393-3068927692-1001\...\Run: [Google Update] => C:\Users\Houda K\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-12] (Google Inc.)HKU\S-1-5-21-2698255820-4104015393-3068927692-1001\...\Run: [MusicManager] => C:\Users\Houda K\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631360 2014-10-08] (Google Inc.)HKU\S-1-5-21-2698255820-4104015393-3068927692-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [19038360 2014-09-25] (Microsoft Corporation)Startup: C:\Users\Houda K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Houda K\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Houda K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)Startup: C:\Users\Houda K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJBHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJBHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.comSearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 163.1.2.1 129.67.1.1Tcpip\..\Interfaces\{22A344D4-3498-4B2C-85DF-DC17C533425B}: [NameServer] 8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{5DE58B9F-4EEF-4AB9-8D03-8DB8CCC31A28}: [NameServer] 8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{B0016F89-7ACE-4338-A7EB-7D495445965E}: [NameServer] 8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{C559969D-7911-48CB-A090-B2A14653097A}: [NameServer] 8.8.8.8,8.8.8.8 FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No FileFF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKU\S-1-5-21-2698255820-4104015393-3068927692-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Houda K\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-2698255820-4104015393-3068927692-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Houda K\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-16] Chrome: =======CHR HomePage: Default -> https://www.google.com/calendar/render?tab=mcCHR StartupUrls: Default -> "hxxp://new.wellesley.edu/"CHR Profile: C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-13]CHR Extension: (Google Drive) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-13]CHR Extension: (Purple flowers(Non-Aero)) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apifmdobolibbidmcdlofnnenabonodd [2014-08-13]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-13]CHR Extension: (Adguard AdBlocker) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2014-08-13]CHR Extension: (YouTube) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-13]CHR Extension: (Strict Workflow) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2014-09-02]CHR Extension: (Google Search) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-13]CHR Extension: (Dropbox) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-08-13]CHR Extension: (Boomerang for Gmail) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-08-13]CHR Extension: (Sunrise Calendar) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2014-10-03]CHR Extension: (Google Wallet) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-13]CHR Extension: (Evernote Web Clipper) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-08-12]CHR Extension: (Gmail) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-13]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2013-10-14] (Intel Corporation)R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [118728 2013-10-14] (Intel Corporation)R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-14] (Intel Corporation)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-13] (Intel Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-08-19] (LENOVO INCORPORATED.)S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-06-07] (Lenovo)R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8919 2014-08-17] () [File not signed]S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2014-01-07] (PointGrab LTD)R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [7834128 2014-03-25] (Intel Corporation)S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190192 2014-01-21] (Synaptics Incorporated)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-06-07] (Lenovo)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-02-04] (Motorola Solutions, Inc.)R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419064 2014-02-21] (Motorola Solutions, Inc.)R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-14] (Intel Corporation)R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [290256 2013-10-14] (Intel Corporation)R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494808 2013-10-14] (Intel Corporation)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] ()R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [187336 2014-05-13] (Intel Corporation)R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77456 2013-08-19] (Intel Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-15] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3433952 2014-02-18] (Intel Corporation)S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-01-21] (Synaptics Incorporated)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1527712 2013-12-31] (Sunplus)S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-07-21] (Cisco Systems, Inc.)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-15 17:48 - 2014-11-15 17:49 - 00026803 _____ () C:\Users\Houda K\Desktop\FRST.txt2014-11-15 17:48 - 2014-11-15 17:49 - 00000000 ____D () C:\FRST2014-11-15 17:48 - 2014-11-15 17:48 - 02116608 _____ (Farbar) C:\Users\Houda K\Desktop\FRST64.exe2014-11-15 13:24 - 2014-11-15 13:25 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster2014-11-15 13:24 - 2014-11-15 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster2014-11-15 13:24 - 2014-11-15 13:24 - 00000000 ____D () C:\ProgramData\Licenses2014-11-15 13:24 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL2014-11-15 13:20 - 2014-11-15 13:20 - 00000000 ____D () C:\Users\Houda K\AppData\Local\Secunia PSI2014-11-15 13:20 - 2014-11-15 13:20 - 00000000 ____D () C:\Program Files (x86)\Secunia2014-11-15 13:19 - 2014-11-15 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2014-11-15 13:19 - 2014-11-15 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit2014-11-15 13:19 - 2014-11-15 13:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit2014-11-15 13:09 - 2014-11-15 13:09 - 00001128 _____ () C:\DelFix.txt2014-11-15 13:09 - 2014-11-15 13:09 - 00000000 ____D () C:\windows\ERUNT2014-11-15 09:04 - 2014-11-15 09:04 - 00000000 ____D () C:\Program Files (x86)\ESET2014-11-14 23:31 - 2014-11-15 17:35 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-11-14 23:31 - 2014-11-14 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-14 23:31 - 2014-11-14 23:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-14 23:31 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-11-14 17:49 - 2014-11-14 17:50 - 00000749 _____ () C:\Users\Houda K\AppData\Local\CDXLExtendedShim.log2014-11-13 23:47 - 2014-11-13 23:47 - 00000000 __SHD () C:\Users\Houda K\AppData\Local\EmieBrowserModeList2014-11-13 15:10 - 2014-09-22 04:38 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll2014-11-13 15:08 - 2014-09-19 00:16 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll2014-11-13 15:07 - 2014-09-22 03:06 - 00258368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2014-11-13 15:06 - 2014-09-22 03:06 - 00114496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys2014-11-13 15:06 - 2014-09-22 02:49 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2014-11-13 15:05 - 2014-09-02 22:08 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\winshfhc.dll2014-11-13 15:05 - 2014-09-02 22:08 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\winshfhc.dll2014-11-13 14:53 - 2014-10-13 02:33 - 00116032 _____ (Microsoft Corporation) C:\windows\system32\consent.exe2014-11-13 14:53 - 2014-10-11 00:58 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll2014-11-13 14:53 - 2014-10-11 00:53 - 03607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll2014-11-13 14:53 - 2014-10-08 07:30 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll2014-11-13 14:53 - 2014-10-08 07:09 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll2014-11-13 14:53 - 2014-10-08 06:27 - 00325120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll2014-11-13 14:53 - 2014-10-08 05:32 - 02773504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll2014-11-13 14:53 - 2014-10-08 05:19 - 02459136 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll2014-11-12 23:26 - 2014-11-12 23:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-11-12 23:26 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-11-12 23:21 - 2014-09-27 07:13 - 00104336 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll2014-11-12 23:21 - 2014-09-27 05:24 - 00088800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll2014-11-12 23:21 - 2014-09-27 03:38 - 00426496 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-11-12 23:21 - 2014-09-27 03:30 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll2014-11-12 23:21 - 2014-09-27 03:17 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-11-12 23:20 - 2014-10-10 01:58 - 00177472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2014-11-12 23:20 - 2014-10-10 01:58 - 00027456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys2014-11-12 23:20 - 2014-10-10 01:44 - 00563976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys2014-11-12 23:20 - 2014-10-08 07:37 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll2014-11-12 23:20 - 2014-10-08 07:37 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll2014-11-12 23:20 - 2014-10-08 07:34 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll2014-11-12 23:20 - 2014-10-08 07:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll2014-11-12 23:20 - 2014-10-08 06:56 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll2014-11-12 23:20 - 2014-10-08 06:51 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll2014-11-12 23:20 - 2014-10-08 06:51 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll2014-11-12 23:20 - 2014-10-08 06:18 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll2014-11-12 23:20 - 2014-10-08 06:17 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-11-12 23:20 - 2014-10-08 05:23 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll2014-11-12 23:19 - 2014-10-31 05:28 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-11-12 23:19 - 2014-10-31 03:42 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-11-12 23:19 - 2014-10-18 09:55 - 00055776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2014-11-12 23:19 - 2014-10-18 08:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\wups.dll2014-11-12 23:19 - 2014-10-18 08:09 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll2014-11-12 23:19 - 2014-10-18 07:25 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll2014-11-12 23:19 - 2014-10-18 06:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll2014-11-12 23:19 - 2014-10-18 06:38 - 03557376 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2014-11-12 23:19 - 2014-10-18 06:27 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2014-11-12 23:19 - 2014-10-18 06:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2014-11-12 23:19 - 2014-10-18 06:23 - 00407552 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2014-11-12 23:19 - 2014-10-18 06:23 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2014-11-12 23:19 - 2014-10-18 06:21 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2014-11-12 23:19 - 2014-10-18 06:20 - 01714176 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2014-11-12 23:19 - 2014-10-18 06:14 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2014-11-12 23:19 - 2014-10-18 06:14 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2014-11-12 23:19 - 2014-10-18 06:12 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2014-11-12 23:19 - 2014-10-18 06:11 - 00723968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2014-11-12 23:19 - 2014-10-17 07:01 - 00789184 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll2014-11-12 23:19 - 2014-10-17 06:58 - 00602768 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll2014-11-12 23:18 - 2014-10-31 05:06 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-11-12 23:18 - 2014-10-31 05:05 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-11-12 23:18 - 2014-10-31 04:53 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-11-12 23:18 - 2014-10-31 04:51 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2014-11-12 23:18 - 2014-10-31 04:50 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-11-12 23:18 - 2014-10-31 04:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-11-12 23:18 - 2014-10-31 04:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll2014-11-12 23:18 - 2014-10-31 04:05 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-11-12 23:18 - 2014-10-31 03:59 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-11-12 23:18 - 2014-10-31 03:45 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-11-12 23:18 - 2014-10-31 03:44 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll2014-11-12 23:18 - 2014-10-31 03:32 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-11-12 23:18 - 2014-10-31 03:18 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-11-12 23:18 - 2014-10-31 03:13 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-11-12 23:18 - 2014-10-31 03:12 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2014-11-12 23:18 - 2014-10-31 03:11 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-11-12 23:18 - 2014-10-31 02:46 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-11-12 23:18 - 2014-10-31 02:46 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll2014-11-12 23:18 - 2014-10-31 02:40 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-11-12 23:18 - 2014-10-31 02:30 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-11-12 23:18 - 2014-10-31 02:17 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-11-12 23:18 - 2014-10-31 02:13 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-11-12 23:17 - 2014-10-31 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe2014-11-12 23:17 - 2014-10-31 05:12 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe2014-11-12 23:17 - 2014-10-31 05:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe2014-11-12 23:17 - 2014-10-31 05:09 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll2014-11-12 23:17 - 2014-10-31 05:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe2014-11-12 23:17 - 2014-10-31 05:06 - 00237568 _____ (Microsoft Corporation) C:\windows\system32\url.dll2014-11-12 23:17 - 2014-10-31 05:06 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-11-12 23:17 - 2014-10-31 05:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-11-12 23:17 - 2014-10-31 05:05 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec2014-11-12 23:17 - 2014-10-31 05:04 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-11-12 23:17 - 2014-10-31 04:57 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-11-12 23:17 - 2014-10-31 04:56 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-11-12 23:17 - 2014-10-31 04:54 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll2014-11-12 23:17 - 2014-10-31 04:52 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll2014-11-12 23:17 - 2014-10-31 04:51 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-11-12 23:17 - 2014-10-31 04:51 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-11-12 23:17 - 2014-10-31 04:40 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll2014-11-12 23:17 - 2014-10-31 04:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-11-12 23:17 - 2014-10-31 04:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-11-12 23:17 - 2014-10-31 04:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll2014-11-12 23:17 - 2014-10-31 04:29 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx2014-11-12 23:17 - 2014-10-31 04:28 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll2014-11-12 23:17 - 2014-10-31 04:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-11-12 23:17 - 2014-10-31 04:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-11-12 23:17 - 2014-10-31 04:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll2014-11-12 23:17 - 2014-10-31 04:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll2014-11-12 23:17 - 2014-10-31 04:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-11-12 23:17 - 2014-10-31 04:19 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll2014-11-12 23:17 - 2014-10-31 04:08 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll2014-11-12 23:17 - 2014-10-31 04:06 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-11-12 23:17 - 2014-10-31 04:05 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-11-12 23:17 - 2014-10-31 04:03 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-11-12 23:17 - 2014-10-31 03:42 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll2014-11-12 23:17 - 2014-10-31 03:28 - 00137728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe2014-11-12 23:17 - 2014-10-31 03:28 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe2014-11-12 23:17 - 2014-10-31 03:27 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe2014-11-12 23:17 - 2014-10-31 03:26 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll2014-11-12 23:17 - 2014-10-31 03:25 - 00011264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe2014-11-12 23:17 - 2014-10-31 03:24 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-11-12 23:17 - 2014-10-31 03:24 - 00235520 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll2014-11-12 23:17 - 2014-10-31 03:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-11-12 23:17 - 2014-10-31 03:23 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2014-11-12 23:17 - 2014-10-31 03:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-11-12 23:17 - 2014-10-31 03:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2014-11-12 23:17 - 2014-10-31 03:20 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-11-12 23:17 - 2014-10-31 03:16 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-11-12 23:17 - 2014-10-31 03:15 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-11-12 23:17 - 2014-10-31 03:14 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll2014-11-12 23:17 - 2014-10-31 03:13 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll2014-11-12 23:17 - 2014-10-31 03:12 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-11-12 23:17 - 2014-10-31 03:03 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll2014-11-12 23:17 - 2014-10-31 03:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-11-12 23:17 - 2014-10-31 02:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-11-12 23:17 - 2014-10-31 02:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll2014-11-12 23:17 - 2014-10-31 02:56 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll2014-11-12 23:17 - 2014-10-31 02:56 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx2014-11-12 23:17 - 2014-10-31 02:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-11-12 23:17 - 2014-10-31 02:53 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll2014-11-12 23:17 - 2014-10-31 02:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-11-12 23:17 - 2014-10-31 02:51 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll2014-11-12 23:17 - 2014-10-31 02:50 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-11-12 23:17 - 2014-10-31 02:48 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll2014-11-12 23:17 - 2014-10-31 02:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll2014-11-12 23:17 - 2014-10-31 02:40 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-11-12 23:17 - 2014-10-31 02:39 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-11-12 23:17 - 2014-10-31 02:26 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll2014-11-12 23:17 - 2014-10-31 02:24 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll2014-11-12 23:17 - 2014-10-31 02:11 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-11-12 23:17 - 2014-10-23 05:48 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\packager.dll2014-11-12 23:17 - 2014-10-23 05:05 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll2014-11-12 23:17 - 2014-10-07 06:28 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll2014-11-12 23:17 - 2014-10-07 06:27 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll2014-11-12 23:17 - 2014-10-07 06:27 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll2014-11-12 23:17 - 2014-10-07 06:27 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe2014-11-12 23:17 - 2014-10-07 06:27 - 00108432 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll2014-11-12 23:17 - 2014-10-07 03:34 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll2014-11-12 23:17 - 2014-10-07 03:34 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll2014-11-12 23:17 - 2014-10-07 03:33 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll2014-11-12 23:17 - 2014-10-07 03:30 - 04182016 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-11-12 23:17 - 2014-10-07 01:54 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll2014-11-12 23:17 - 2014-10-07 01:46 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll2014-11-12 23:17 - 2014-09-10 06:25 - 00474432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys2014-11-12 23:17 - 2014-09-08 03:07 - 02497344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2014-11-12 23:17 - 2014-09-08 03:07 - 00428864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS2014-11-12 23:17 - 2014-09-07 22:08 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml2014-11-12 23:17 - 2014-09-04 22:30 - 00822272 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll2014-11-12 23:17 - 2014-09-04 22:21 - 01053184 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll2014-11-12 23:17 - 2014-09-04 03:05 - 00836176 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll2014-11-12 23:17 - 2014-09-04 02:22 - 00670384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll2014-11-12 23:17 - 2014-09-04 01:01 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll2014-11-12 23:17 - 2014-09-04 00:32 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll2014-11-12 23:17 - 2014-08-31 00:17 - 00148800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS2014-11-12 23:17 - 2014-08-31 00:15 - 21197152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll2014-11-12 23:17 - 2014-08-30 22:59 - 18723112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll2014-11-12 23:17 - 2014-08-30 22:05 - 00615424 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll2014-11-12 23:17 - 2014-08-30 21:58 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll2014-11-12 23:17 - 2014-08-30 21:04 - 00941568 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll2014-11-12 23:17 - 2014-08-30 20:53 - 00239104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll2014-11-12 23:17 - 2014-08-30 20:17 - 00799744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll2014-11-12 23:17 - 2014-08-28 02:55 - 07484224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2014-11-12 23:17 - 2014-08-28 00:21 - 02480128 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll2014-11-12 23:17 - 2014-08-28 00:06 - 02030592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll2014-11-12 23:17 - 2014-08-23 05:18 - 02149376 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2014-11-12 23:17 - 2014-08-23 05:14 - 13424128 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll2014-11-12 23:17 - 2014-08-23 05:04 - 11820544 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll2014-11-12 23:17 - 2014-08-23 05:03 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2014-11-12 23:17 - 2014-08-23 04:50 - 02714112 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll2014-11-12 23:17 - 2014-08-02 00:51 - 00545792 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll2014-11-12 23:17 - 2014-08-02 00:35 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll2014-11-12 15:42 - 2014-11-14 17:59 - 00017262 _____ () C:\Users\Houda K\Documents\Movie List.xlsx2014-11-08 19:36 - 2014-11-08 19:36 - 00165240 _____ () C:\Users\Houda K\Documents\1mbo.pdb2014-10-25 19:05 - 2014-10-25 19:05 - 00000937 _____ () C:\Users\Houda K\Documents\Downloads - Shortcut.lnk2014-10-16 12:51 - 2014-09-04 00:10 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\winbici.dll2014-10-16 12:51 - 2014-09-03 23:57 - 00921600 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll2014-10-16 12:51 - 2014-09-03 23:49 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-15 17:44 - 2014-08-12 19:28 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2698255820-4104015393-3068927692-1001UA.job2014-11-15 17:07 - 2014-06-07 15:40 - 01351700 _____ () C:\windows\WindowsUpdate.log2014-11-15 17:02 - 2014-08-13 07:36 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2698255820-4104015393-3068927692-10012014-11-15 17:02 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\system32\sru2014-11-15 16:58 - 2014-08-13 01:51 - 00000000 ___RD () C:\Users\Houda K\Dropbox2014-11-15 16:57 - 2014-08-13 07:38 - 00000926 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-15 16:57 - 2014-08-13 01:50 - 00000000 ____D () C:\Users\Houda K\AppData\Roaming\Dropbox2014-11-15 16:57 - 2014-08-12 18:51 - 00000000 ___RD () C:\Users\Houda K\OneDrive2014-11-15 15:25 - 2014-06-07 15:46 - 06455856 _____ () C:\Users\Public\CAFADEBUG.log2014-11-15 14:54 - 2014-08-13 07:38 - 00000930 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-15 14:19 - 2014-08-13 07:30 - 00000000 ____D () C:\Users\Houda K2014-11-15 13:30 - 2014-08-16 23:54 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk2014-11-15 13:30 - 2014-08-16 23:54 - 00002241 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk2014-11-15 13:30 - 2014-08-16 23:54 - 00002080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk2014-11-15 13:26 - 2014-06-07 16:02 - 00000000 ____D () C:\ProgramData\Temp2014-11-15 12:37 - 2014-03-18 09:44 - 00024008 _____ () C:\windows\PFRO.log2014-11-15 12:37 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-11-15 12:37 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-11-15 12:37 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-11-15 12:37 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-11-15 12:37 - 2013-08-22 14:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-11-15 12:37 - 2013-08-22 13:25 - 00262144 ___SH () C:\windows\system32\config\BBI2014-11-15 11:02 - 2014-08-13 07:30 - 00000000 ____D () C:\Users\Houda K\AppData\Local\Packages2014-11-15 10:31 - 2014-08-15 01:29 - 01891840 ___SH () C:\Users\Houda K\Desktop\Thumbs.db2014-11-15 09:53 - 2014-08-13 08:20 - 00000000 ____D () C:\windows\system32\MRT2014-11-15 09:53 - 2013-08-22 15:20 - 00000000 ____D () C:\windows\CbsTemp2014-11-15 09:46 - 2014-08-13 08:20 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-11-15 08:58 - 2014-03-18 09:53 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI2014-11-15 08:57 - 2014-08-14 15:29 - 00000000 ____D () C:\Users\Houda K\AppData\Local\Adobe2014-11-15 08:52 - 2014-08-13 01:50 - 00000000 ____D () C:\Users\Houda K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-11-14 23:31 - 2014-08-13 22:03 - 00000000 ____D () C:\Users\Houda K\AppData\Roaming\Malwarebytes2014-11-14 23:31 - 2014-08-13 22:03 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-11-14 17:49 - 2014-08-13 07:38 - 00003902 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-11-14 17:49 - 2014-08-13 07:38 - 00003666 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-11-14 15:44 - 2014-08-12 19:28 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2698255820-4104015393-3068927692-1001Core.job2014-11-14 15:39 - 2014-08-12 19:28 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2698255820-4104015393-3068927692-1001UA2014-11-14 15:39 - 2014-08-12 19:28 - 00003510 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2698255820-4104015393-3068927692-1001Core2014-11-13 08:48 - 2013-08-22 14:44 - 05158216 _____ () C:\windows\system32\FNTCACHE.DAT2014-11-13 08:47 - 2013-08-22 15:36 - 00000000 ___RD () C:\windows\ToastData2014-11-13 08:47 - 2013-08-22 15:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel2014-11-12 22:12 - 2014-06-07 15:47 - 00000000 ____D () C:\Users\Public\Documents\Conexant2014-11-12 17:47 - 2014-08-13 07:30 - 00000000 ____D () C:\Users\Houda K\AppData\Roaming\Adobe2014-11-08 23:30 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\AppReadiness2014-11-03 15:55 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\system32\NDF2014-11-03 03:09 - 2014-08-15 01:28 - 00000000 ____D () C:\Users\Houda K\Documents\High School2014-11-02 19:27 - 2014-08-12 22:38 - 00000000 ____D () C:\Users\Houda K\AppData\Local\EvernoteNW2014-10-31 11:19 - 2014-08-14 05:00 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-10-30 11:25 - 2014-08-15 15:57 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe2014-10-30 00:55 - 2013-08-22 15:38 - 00714208 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-10-30 00:55 - 2013-08-22 15:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-10-19 16:51 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\rescache2014-10-18 13:03 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\MediaViewer2014-10-18 13:03 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\FileManager2014-10-18 13:03 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\Camera2014-10-17 12:02 - 2013-08-22 14:46 - 00026092 _____ () C:\windows\setupact.log Some content of TEMP:====================C:\Users\Houda K\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqmwgxz.dllC:\Users\Houda K\AppData\Local\Temp\Quarantine.exeC:\Users\Houda K\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-15 09:46 ==================== End Of Log ============================ 2. Addition.txt is attached because my post is too long 3. Protection log is attached Protection Log.txt Addition.txt

Actually, before you close the topic, I have one more question/concern: I'm actually getting the pop-ups from malwarebytes saying that it is blocking "malicious websites" with outgoing IP addresses since I turned malwarebytes back on (which I did immediately after I used DelFix).

Great, thank you again for your help! My computer is working great. Thanks Adam, and have a great day!

Hi Adam! My computer is running perfectly fine, and I followed all of your steps successfully. I am no longer getting the malwarebytes "malicious websites" pop-ups (which is the only way I could tell I was still infected), but that may just be due to the malwarebytes update. Thank you again for your help!! 1. TDSSKiller logs are attached 2. AdwCleaner log is copied here: # AdwCleaner v4.101 - Report created 15/11/2014 at 09:01:35# Updated 09/11/2014 by Xplode# Database : 2014-11-13.1 [Live]# Operating System : Windows 8.1 (64 bits)# Username : Houda K - LENOVO-YOGA# Running from : C:\Users\Houda K\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Public\Pokki ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Classes\pokkiKey Deleted : HKLM\SOFTWARE\PIPKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v38.0.2125.111 ************************* AdwCleaner[R0].txt - [975 octets] - [15/11/2014 08:58:17]AdwCleaner[s0].txt - [901 octets] - [15/11/2014 09:01:35] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [960 octets] ########## 3. ESET Online Scan log is copied here: C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll a variant of Win64/Sathurbot.A trojan C:\Users\Houda K\AppData\Local\Temp\NODC39C.tmp a variant of Win64/Sathurbot.A trojan cleaned by deleting (after the next restart) - quarantinedC:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll a variant of Win64/Sathurbot.A trojan cleaned by deleting (after the next restart) - quarantined TDSSKiller.3.0.0.41_15.11.2014_08.54.28_log.txt TDSSKiller.3.0.0.41_15.11.2014_08.52.58_log.txt

Hello Adam! Thank you for your help! My name is Houda I've followed all the steps sucessfully, and here is the information you asked for: 1. The Pokki programme uninstalled okay. A window in chrome opened up afterwards to ask why I uninstalled the program, but I didn't click anything in it and closed the tab. 2. Fixlog.txt copied here Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 02Ran by Houda K at 2014-11-14 23:19:00 Run:1Running from C:\Users\Houda K\DesktopLoaded Profile: Houda K (Available profiles: Houda K)Boot Mode: Normal============================================== Content of fixlist:*****************startHKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-2698255820-4104015393-3068927692-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatformC:\Users\Houda K\AppData\Local\PokkiSearchScopes: HKLM - DefaultScope {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = http://www.bing.com/...=IE11TR&pc=LCJBSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = http://www.bing.com/...=IE11TR&pc=LCJBSearchScopes: HKLM-x32 - DefaultScope {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = http://www.bing.com/...=IE11TR&pc=LCJBSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = http://www.bing.com/...=IE11TR&pc=LCJBSearchScopes: HKCU - DefaultScope {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = SearchScopes: HKCU - {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]C:\Users\Houda K\AppData\Local\Temp\20140812013436666jniverify.dllC:\Users\Houda K\AppData\Local\Temp\AAMHelper.exeC:\Users\Houda K\AppData\Local\Temp\AdobeApplicationManager.exeC:\Users\Houda K\AppData\Local\Temp\bassmod.dllC:\Users\Houda K\AppData\Local\Temp\CSDJavaInstaller.dllC:\Users\Houda K\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgcuwig.dllC:\Users\Houda K\AppData\Local\Temp\Risweb32.exeC:\Users\Houda K\AppData\Local\Temp\tmp96CC.exeCustomCLSID: HKU\S-1-5-21-2698255820-4104015393-3068927692-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Houda K\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileTask: {ADE56A1B-E5C8-4534-AF9E-91255C987D0D} - \Security Center Update - 96147470 No Task File <==== ATTENTIONCMD: ipconfig /flushdnsCMD: netsh winsock reset allHosts:EmptyTemp:end***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.HKU\S-1-5-21-2698255820-4104015393-3068927692-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => Value not found.C:\Users\Houda K\AppData\Local\Pokki => Moved successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully."HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{187E04AE-B0E1-4722-B9A9-6F4A40304DB6}" => Key deleted successfully."HKCR\CLSID\{187E04AE-B0E1-4722-B9A9-6F4A40304DB6}" => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{187E04AE-B0E1-4722-B9A9-6F4A40304DB6}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{187E04AE-B0E1-4722-B9A9-6F4A40304DB6}" => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{187E04AE-B0E1-4722-B9A9-6F4A40304DB6}" => Key deleted successfully."HKCR\CLSID\{187E04AE-B0E1-4722-B9A9-6F4A40304DB6}" => Key not found.McAPExe => Service deleted successfully.C:\Users\Houda K\AppData\Local\Temp\20140812013436666jniverify.dll => Moved successfully.C:\Users\Houda K\AppData\Local\Temp\AAMHelper.exe => Moved successfully.C:\Users\Houda K\AppData\Local\Temp\AdobeApplicationManager.exe => Moved successfully.C:\Users\Houda K\AppData\Local\Temp\bassmod.dll => Moved successfully.C:\Users\Houda K\AppData\Local\Temp\CSDJavaInstaller.dll => Moved successfully."C:\Users\Houda K\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgcuwig.dll" => File/Directory not found.C:\Users\Houda K\AppData\Local\Temp\Risweb32.exe => Moved successfully."C:\Users\Houda K\AppData\Local\Temp\tmp96CC.exe" => File/Directory not found."HKU\S-1-5-21-2698255820-4104015393-3068927692-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADE56A1B-E5C8-4534-AF9E-91255C987D0D}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADE56A1B-E5C8-4534-AF9E-91255C987D0D}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 96147470" => Key deleted successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully.Hosts was reset successfully.EmptyTemp: => Removed 1.2 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== 3. VirusTotal Results link here: https://www.virustotal.com/en/file/a5e8f54cff41cdbac6fc23263ec694dd23d2eaf0826a6543f9618c5caae9fe4d/analysis/1416007661/ 4. MBAM log copied here Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/14/2014Scan Time: 11:32:47 PMLogfile: Administrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.14.10Rootkit Database: v2014.11.12.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Houda K Scan Type: Threat ScanResult: CompletedObjects Scanned: 322425Time Elapsed: 10 min, 28 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)

Hello! I downloaded a video and stupidly installed a "codec" file from the download folder, which clearly had some sort of malware. Some was detected by malwarebytes (AcorIEHelper.dll and AodbeARMHelper.exe), and more by windows defender (which detected Backdoor:Win32/Simda, Backdoor:Win32/Simda.AT, PWS:Win32/Zbot.gen!plock, PWS:Win32/Zbot.gen!AP, and Trojan:Win64/Ropest.G). However, I think there's still something that hasn't been detected despite running full scans several times, because I am still getting pop-ups saying that malwarebytes is blocking outgoing sites. I've pasted my FRST log below, and attached the Addition log. Thank you!! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02Ran by Houda K (administrator) on LENOVO-YOGA on 13-11-2014 21:45:13Running from C:\Users\Houda K\DesktopLoaded Profile: Houda K (Available profiles: Houda K)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe() C:\Program Files\CyberLink\Shared files\RichVideo64.exe(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Intel Corporation) C:\Windows\System32\igfxTray.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Dropbox, Inc.) C:\Users\Houda K\AppData\Roaming\Dropbox\bin\Dropbox.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806000 2014-01-21] (Synaptics Incorporated)HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-06-07] ()HKLM\...\Run: [intelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2014-03-25] (Intel® Corporation)HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-06-07] (Lenovo(beijing) Limited)HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10973168 2014-06-07] (Lenovo(beijing) Limited)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-28] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)HKLM-x32\...\Run: [PaperCut MF Client] => C:\Program Files (x86)\PaperCut MF Client\pc-client.exe [274432 2014-02-12] ()HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-08-15] (Cisco Systems, Inc.)HKU\S-1-5-21-2698255820-4104015393-3068927692-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatformHKU\S-1-5-21-2698255820-4104015393-3068927692-1001\...\Run: [Google Update] => C:\Users\Houda K\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-12] (Google Inc.)HKU\S-1-5-21-2698255820-4104015393-3068927692-1001\...\Run: [MusicManager] => C:\Users\Houda K\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631360 2014-10-08] (Google Inc.)HKU\S-1-5-21-2698255820-4104015393-3068927692-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [19038360 2014-09-25] (Microsoft Corporation)Startup: C:\Users\Houda K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Houda K\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Houda K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)Startup: C:\Users\Houda K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJBHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJBHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.comSearchScopes: HKLM - DefaultScope {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJBSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJBSearchScopes: HKLM-x32 - DefaultScope {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJBSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJBSearchScopes: HKCU - DefaultScope {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = SearchScopes: HKCU - {187E04AE-B0E1-4722-B9A9-6F4A40304DB6} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 163.1.2.1 129.67.1.1Tcpip\..\Interfaces\{22A344D4-3498-4B2C-85DF-DC17C533425B}: [NameServer] 8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{5DE58B9F-4EEF-4AB9-8D03-8DB8CCC31A28}: [NameServer] 8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{B0016F89-7ACE-4338-A7EB-7D495445965E}: [NameServer] 8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{C559969D-7911-48CB-A090-B2A14653097A}: [NameServer] 8.8.8.8,8.8.8.8 FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No FileFF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKU\S-1-5-21-2698255820-4104015393-3068927692-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Houda K\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-2698255820-4104015393-3068927692-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Houda K\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-16] Chrome: =======CHR HomePage: Default -> https://www.google.com/calendar/render?tab=mcCHR StartupUrls: Default -> "hxxp://new.wellesley.edu/"CHR Profile: C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-13]CHR Extension: (Google Drive) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-13]CHR Extension: (Purple flowers(Non-Aero)) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apifmdobolibbidmcdlofnnenabonodd [2014-08-13]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-13]CHR Extension: (Adguard AdBlocker) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2014-08-13]CHR Extension: (YouTube) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-13]CHR Extension: (Strict Workflow) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2014-09-02]CHR Extension: (Google Search) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-13]CHR Extension: (Dropbox) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-08-13]CHR Extension: (Boomerang for Gmail) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-08-13]CHR Extension: (Sunrise Calendar) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2014-10-03]CHR Extension: (Google Wallet) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-13]CHR Extension: (Evernote Web Clipper) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-08-12]CHR Extension: (Gmail) - C:\Users\Houda K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-13]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2013-10-14] (Intel Corporation)R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [118728 2013-10-14] (Intel Corporation)R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-14] (Intel Corporation)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-13] (Intel Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-08-19] (LENOVO INCORPORATED.)S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-06-07] (Lenovo)R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8919 2014-08-17] () [File not signed]S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2014-01-07] (PointGrab LTD)R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [7834128 2014-03-25] (Intel Corporation)S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190192 2014-01-21] (Synaptics Incorporated)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-06-07] (Lenovo)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-02-04] (Motorola Solutions, Inc.)R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419064 2014-02-21] (Motorola Solutions, Inc.)R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-14] (Intel Corporation)R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [290256 2013-10-14] (Intel Corporation)R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494808 2013-10-14] (Intel Corporation)R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [187336 2014-05-13] (Intel Corporation)R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77456 2013-08-19] (Intel Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3433952 2014-02-18] (Intel Corporation)S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-01-21] (Synaptics Incorporated)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1527712 2013-12-31] (Sunplus)S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-07-21] (Cisco Systems, Inc.)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-13 21:45 - 2014-11-13 21:45 - 00027720 _____ () C:\Users\Houda K\Desktop\FRST.txt2014-11-13 21:43 - 2014-11-13 21:45 - 00000000 ____D () C:\FRST2014-11-13 21:43 - 2014-11-13 21:43 - 02116608 _____ (Farbar) C:\Users\Houda K\Desktop\FRST64.exe2014-11-12 23:43 - 2014-11-13 16:56 - 00001503 ___SH () C:\windows\system32\Drivers\etc\hosts.ac2014-11-12 23:26 - 2014-11-12 23:36 - 00000000 ____D () C:\Users\Houda K\Desktop\mbar2014-11-12 23:26 - 2014-11-12 23:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-11-12 23:26 - 2014-11-12 23:26 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-11-12 23:21 - 2014-09-27 07:13 - 00104336 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll2014-11-12 23:21 - 2014-09-27 05:24 - 00088800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll2014-11-12 23:21 - 2014-09-27 03:38 - 00426496 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-11-12 23:21 - 2014-09-27 03:30 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll2014-11-12 23:21 - 2014-09-27 03:17 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-11-12 23:20 - 2014-10-10 01:58 - 00177472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2014-11-12 23:20 - 2014-10-10 01:58 - 00027456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys2014-11-12 23:20 - 2014-10-10 01:44 - 00563976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys2014-11-12 23:20 - 2014-10-08 07:37 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll2014-11-12 23:20 - 2014-10-08 07:37 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll2014-11-12 23:20 - 2014-10-08 07:34 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll2014-11-12 23:20 - 2014-10-08 07:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll2014-11-12 23:20 - 2014-10-08 06:56 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll2014-11-12 23:20 - 2014-10-08 06:51 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll2014-11-12 23:20 - 2014-10-08 06:51 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll2014-11-12 23:20 - 2014-10-08 06:18 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll2014-11-12 23:20 - 2014-10-08 06:17 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-11-12 23:20 - 2014-10-08 05:23 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll2014-11-12 23:19 - 2014-10-31 05:28 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-11-12 23:19 - 2014-10-31 03:42 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-11-12 23:19 - 2014-10-18 09:55 - 00055776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2014-11-12 23:19 - 2014-10-18 08:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\wups.dll2014-11-12 23:19 - 2014-10-18 08:09 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll2014-11-12 23:19 - 2014-10-18 07:25 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll2014-11-12 23:19 - 2014-10-18 06:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll2014-11-12 23:19 - 2014-10-18 06:38 - 03557376 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2014-11-12 23:19 - 2014-10-18 06:27 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2014-11-12 23:19 - 2014-10-18 06:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2014-11-12 23:19 - 2014-10-18 06:23 - 00407552 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2014-11-12 23:19 - 2014-10-18 06:23 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2014-11-12 23:19 - 2014-10-18 06:21 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2014-11-12 23:19 - 2014-10-18 06:20 - 01714176 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2014-11-12 23:19 - 2014-10-18 06:14 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2014-11-12 23:19 - 2014-10-18 06:14 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2014-11-12 23:19 - 2014-10-18 06:12 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2014-11-12 23:19 - 2014-10-18 06:11 - 00723968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2014-11-12 23:19 - 2014-10-17 07:01 - 00789184 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll2014-11-12 23:19 - 2014-10-17 06:58 - 00602768 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll2014-11-12 23:18 - 2014-10-31 05:06 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-11-12 23:18 - 2014-10-31 05:05 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-11-12 23:18 - 2014-10-31 04:53 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-11-12 23:18 - 2014-10-31 04:51 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2014-11-12 23:18 - 2014-10-31 04:50 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-11-12 23:18 - 2014-10-31 04:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-11-12 23:18 - 2014-10-31 04:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll2014-11-12 23:18 - 2014-10-31 04:05 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-11-12 23:18 - 2014-10-31 03:59 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-11-12 23:18 - 2014-10-31 03:45 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-11-12 23:18 - 2014-10-31 03:44 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll2014-11-12 23:18 - 2014-10-31 03:32 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-11-12 23:18 - 2014-10-31 03:18 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-11-12 23:18 - 2014-10-31 03:13 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-11-12 23:18 - 2014-10-31 03:12 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2014-11-12 23:18 - 2014-10-31 03:11 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-11-12 23:18 - 2014-10-31 02:46 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-11-12 23:18 - 2014-10-31 02:46 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll2014-11-12 23:18 - 2014-10-31 02:40 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-11-12 23:18 - 2014-10-31 02:30 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-11-12 23:18 - 2014-10-31 02:17 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-11-12 23:18 - 2014-10-31 02:13 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-11-12 23:17 - 2014-10-31 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe2014-11-12 23:17 - 2014-10-31 05:12 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe2014-11-12 23:17 - 2014-10-31 05:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe2014-11-12 23:17 - 2014-10-31 05:09 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll2014-11-12 23:17 - 2014-10-31 05:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe2014-11-12 23:17 - 2014-10-31 05:06 - 00237568 _____ (Microsoft Corporation) C:\windows\system32\url.dll2014-11-12 23:17 - 2014-10-31 05:06 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-11-12 23:17 - 2014-10-31 05:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-11-12 23:17 - 2014-10-31 05:05 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec2014-11-12 23:17 - 2014-10-31 05:04 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-11-12 23:17 - 2014-10-31 04:57 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-11-12 23:17 - 2014-10-31 04:56 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-11-12 23:17 - 2014-10-31 04:54 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll2014-11-12 23:17 - 2014-10-31 04:52 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll2014-11-12 23:17 - 2014-10-31 04:51 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-11-12 23:17 - 2014-10-31 04:51 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-11-12 23:17 - 2014-10-31 04:40 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll2014-11-12 23:17 - 2014-10-31 04:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-11-12 23:17 - 2014-10-31 04:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-11-12 23:17 - 2014-10-31 04:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll2014-11-12 23:17 - 2014-10-31 04:29 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx2014-11-12 23:17 - 2014-10-31 04:28 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll2014-11-12 23:17 - 2014-10-31 04:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-11-12 23:17 - 2014-10-31 04:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-11-12 23:17 - 2014-10-31 04:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll2014-11-12 23:17 - 2014-10-31 04:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll2014-11-12 23:17 - 2014-10-31 04:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-11-12 23:17 - 2014-10-31 04:19 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll2014-11-12 23:17 - 2014-10-31 04:08 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll2014-11-12 23:17 - 2014-10-31 04:06 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-11-12 23:17 - 2014-10-31 04:05 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-11-12 23:17 - 2014-10-31 04:03 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-11-12 23:17 - 2014-10-31 03:42 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll2014-11-12 23:17 - 2014-10-31 03:28 - 00137728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe2014-11-12 23:17 - 2014-10-31 03:28 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe2014-11-12 23:17 - 2014-10-31 03:27 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe2014-11-12 23:17 - 2014-10-31 03:26 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll2014-11-12 23:17 - 2014-10-31 03:25 - 00011264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe2014-11-12 23:17 - 2014-10-31 03:24 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-11-12 23:17 - 2014-10-31 03:24 - 00235520 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll2014-11-12 23:17 - 2014-10-31 03:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-11-12 23:17 - 2014-10-31 03:23 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2014-11-12 23:17 - 2014-10-31 03:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-11-12 23:17 - 2014-10-31 03:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2014-11-12 23:17 - 2014-10-31 03:20 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-11-12 23:17 - 2014-10-31 03:16 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-11-12 23:17 - 2014-10-31 03:15 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-11-12 23:17 - 2014-10-31 03:14 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll2014-11-12 23:17 - 2014-10-31 03:13 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll2014-11-12 23:17 - 2014-10-31 03:12 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-11-12 23:17 - 2014-10-31 03:03 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll2014-11-12 23:17 - 2014-10-31 03:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-11-12 23:17 - 2014-10-31 02:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-11-12 23:17 - 2014-10-31 02:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll2014-11-12 23:17 - 2014-10-31 02:56 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll2014-11-12 23:17 - 2014-10-31 02:56 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx2014-11-12 23:17 - 2014-10-31 02:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-11-12 23:17 - 2014-10-31 02:53 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll2014-11-12 23:17 - 2014-10-31 02:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-11-12 23:17 - 2014-10-31 02:51 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll2014-11-12 23:17 - 2014-10-31 02:50 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-11-12 23:17 - 2014-10-31 02:48 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll2014-11-12 23:17 - 2014-10-31 02:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll2014-11-12 23:17 - 2014-10-31 02:40 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-11-12 23:17 - 2014-10-31 02:39 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-11-12 23:17 - 2014-10-31 02:26 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll2014-11-12 23:17 - 2014-10-31 02:24 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll2014-11-12 23:17 - 2014-10-31 02:11 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-11-12 23:17 - 2014-10-23 05:48 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\packager.dll2014-11-12 23:17 - 2014-10-23 05:05 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll2014-11-12 23:17 - 2014-10-07 06:28 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll2014-11-12 23:17 - 2014-10-07 06:27 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll2014-11-12 23:17 - 2014-10-07 06:27 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll2014-11-12 23:17 - 2014-10-07 06:27 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe2014-11-12 23:17 - 2014-10-07 06:27 - 00108432 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll2014-11-12 23:17 - 2014-10-07 03:34 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll2014-11-12 23:17 - 2014-10-07 03:34 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll2014-11-12 23:17 - 2014-10-07 03:33 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll2014-11-12 23:17 - 2014-10-07 03:30 - 04182016 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-11-12 23:17 - 2014-10-07 01:54 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll2014-11-12 23:17 - 2014-10-07 01:46 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll2014-11-12 23:17 - 2014-09-10 06:25 - 00474432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys2014-11-12 23:17 - 2014-09-08 03:07 - 02497344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2014-11-12 23:17 - 2014-09-08 03:07 - 00428864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS2014-11-12 23:17 - 2014-09-07 22:08 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml2014-11-12 23:17 - 2014-09-04 22:30 - 00822272 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll2014-11-12 23:17 - 2014-09-04 22:21 - 01053184 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll2014-11-12 23:17 - 2014-09-04 03:05 - 00836176 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll2014-11-12 23:17 - 2014-09-04 02:22 - 00670384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll2014-11-12 23:17 - 2014-09-04 01:01 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll2014-11-12 23:17 - 2014-09-04 00:32 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll2014-11-12 23:17 - 2014-08-31 00:17 - 00148800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS2014-11-12 23:17 - 2014-08-31 00:15 - 21197152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll2014-11-12 23:17 - 2014-08-30 22:59 - 18723112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll2014-11-12 23:17 - 2014-08-30 22:05 - 00615424 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll2014-11-12 23:17 - 2014-08-30 21:58 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll2014-11-12 23:17 - 2014-08-30 21:04 - 00941568 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll2014-11-12 23:17 - 2014-08-30 20:53 - 00239104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll2014-11-12 23:17 - 2014-08-30 20:17 - 00799744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll2014-11-12 23:17 - 2014-08-28 02:55 - 07484224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2014-11-12 23:17 - 2014-08-28 00:21 - 02480128 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll2014-11-12 23:17 - 2014-08-28 00:06 - 02030592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll2014-11-12 23:17 - 2014-08-23 05:18 - 02149376 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2014-11-12 23:17 - 2014-08-23 05:14 - 13424128 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll2014-11-12 23:17 - 2014-08-23 05:04 - 11820544 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll2014-11-12 23:17 - 2014-08-23 05:03 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2014-11-12 23:17 - 2014-08-23 04:50 - 02714112 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll2014-11-12 23:17 - 2014-08-02 00:51 - 00545792 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll2014-11-12 23:17 - 2014-08-02 00:35 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll2014-11-12 15:42 - 2014-11-12 16:09 - 00016562 _____ () C:\Users\Houda K\Documents\Movie List.xlsx2014-11-08 19:36 - 2014-11-08 19:36 - 00165240 _____ () C:\Users\Houda K\Documents\1mbo.pdb2014-10-25 19:05 - 2014-10-25 19:05 - 00000937 _____ () C:\Users\Houda K\Documents\Downloads - Shortcut.lnk2014-10-16 12:51 - 2014-09-13 06:02 - 02779648 _____ (Microsoft Corporation) C:\windows\system32\msi.dll2014-10-16 12:51 - 2014-09-13 05:30 - 03117568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll2014-10-16 12:51 - 2014-09-04 00:10 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\winbici.dll2014-10-16 12:51 - 2014-09-03 23:57 - 00921600 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll2014-10-16 12:51 - 2014-09-03 23:49 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll2014-10-15 13:35 - 2014-08-29 01:58 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll2014-10-15 13:35 - 2014-08-28 23:56 - 02646016 _____ (Microsoft Corporation) C:\windows\system32\authui.dll2014-10-15 13:35 - 2014-08-28 23:47 - 02321920 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll2014-10-15 13:35 - 2014-08-16 04:08 - 01507648 _____ (Microsoft Corporation) C:\windows\system32\propsys.dll2014-10-15 13:35 - 2014-08-16 04:01 - 01710184 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2014-10-15 13:35 - 2014-08-16 03:58 - 01112512 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll2014-10-15 13:35 - 2014-08-16 03:16 - 01205976 _____ (Microsoft Corporation) C:\windows\SysWOW64\propsys.dll2014-10-15 13:35 - 2014-08-16 03:03 - 01467384 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2014-10-15 13:35 - 2014-08-16 01:31 - 00838144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll2014-10-15 13:35 - 2014-08-16 01:04 - 00359424 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll2014-10-15 13:35 - 2014-08-16 00:58 - 00287744 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll2014-10-15 13:35 - 2014-08-16 00:53 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll2014-10-15 13:35 - 2014-08-16 00:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\ProximityService.dll2014-10-15 13:35 - 2014-08-16 00:45 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll2014-10-15 13:35 - 2014-08-16 00:43 - 00321024 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll2014-10-15 13:35 - 2014-08-16 00:43 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll2014-10-15 13:35 - 2014-08-16 00:31 - 00914432 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll2014-10-15 13:35 - 2014-08-16 00:31 - 00286208 _____ (Microsoft Corporation) C:\windows\system32\pcsvDevice.dll2014-10-15 13:35 - 2014-08-16 00:29 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-10-15 13:35 - 2014-08-16 00:23 - 01106432 _____ (Microsoft Corporation) C:\windows\system32\SearchFolder.dll2014-10-15 13:35 - 2014-08-16 00:22 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll2014-10-15 13:35 - 2014-08-16 00:22 - 00286208 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveShell.dll2014-10-15 13:35 - 2014-08-16 00:19 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-10-15 13:35 - 2014-08-16 00:18 - 04758528 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll2014-10-15 13:35 - 2014-08-16 00:17 - 08757760 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Search.dll2014-10-15 13:35 - 2014-08-16 00:14 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\SkyDriveShell.dll2014-10-15 13:35 - 2014-08-16 00:13 - 06649344 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2014-10-15 13:35 - 2014-08-16 00:13 - 05902848 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Search.dll2014-10-15 13:35 - 2014-08-16 00:13 - 00840192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFolder.dll2014-10-15 13:35 - 2014-08-16 00:11 - 00920064 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll2014-10-15 13:35 - 2014-08-16 00:10 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe2014-10-15 13:35 - 2014-08-16 00:08 - 05777408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2014-10-15 13:35 - 2014-08-16 00:07 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll2014-10-15 13:34 - 2014-09-04 00:12 - 00590336 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll2014-10-15 13:34 - 2014-09-04 00:01 - 00514048 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-13 21:39 - 2014-08-12 19:28 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2698255820-4104015393-3068927692-1001UA.job2014-11-13 21:19 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\system32\sru2014-11-13 20:39 - 2014-08-12 19:28 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2698255820-4104015393-3068927692-1001Core.job2014-11-13 17:03 - 2014-03-18 09:53 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI2014-11-13 17:02 - 2014-08-13 07:36 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2698255820-4104015393-3068927692-10012014-11-13 16:57 - 2014-08-13 07:38 - 00000926 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-13 16:57 - 2014-08-13 01:51 - 00000000 ___RD () C:\Users\Houda K\Dropbox2014-11-13 16:57 - 2014-08-13 01:50 - 00000000 ____D () C:\Users\Houda K\AppData\Roaming\Dropbox2014-11-13 16:57 - 2014-08-12 18:51 - 00000000 ___RD () C:\Users\Houda K\OneDrive2014-11-13 16:56 - 2014-06-07 15:46 - 06335030 _____ () C:\Users\Public\CAFADEBUG.log2014-11-13 16:56 - 2014-06-07 15:40 - 02020722 _____ () C:\windows\WindowsUpdate.log2014-11-13 16:56 - 2013-08-22 14:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-11-13 16:56 - 2013-08-22 13:25 - 00262144 ___SH () C:\windows\system32\config\BBI2014-11-13 16:49 - 2014-08-13 07:38 - 00000930 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-13 15:14 - 2014-03-18 09:44 - 00021452 _____ () C:\windows\PFRO.log2014-11-13 14:51 - 2013-08-22 15:20 - 00000000 ____D () C:\windows\CbsTemp2014-11-13 14:18 - 2014-08-14 15:29 - 00000000 ____D () C:\Users\Houda K\AppData\Local\Adobe2014-11-13 08:48 - 2013-08-22 14:44 - 05158216 _____ () C:\windows\system32\FNTCACHE.DAT2014-11-13 08:47 - 2013-08-22 15:36 - 00000000 ___RD () C:\windows\ToastData2014-11-13 08:47 - 2013-08-22 15:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel2014-11-12 23:59 - 2014-08-15 01:29 - 01832960 ___SH () C:\Users\Houda K\Desktop\Thumbs.db2014-11-12 23:56 - 2014-08-13 07:30 - 00000000 ____D () C:\Users\Houda K\AppData\Local\Packages2014-11-12 22:12 - 2014-06-07 15:47 - 00000000 ____D () C:\Users\Public\Documents\Conexant2014-11-12 17:47 - 2014-08-13 07:30 - 00000000 ____D () C:\Users\Houda K\AppData\Roaming\Adobe2014-11-12 17:37 - 2014-08-13 07:30 - 00000000 ____D () C:\Users\Houda K2014-11-08 23:30 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\AppReadiness2014-11-03 15:55 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\system32\NDF2014-11-03 03:09 - 2014-08-15 01:28 - 00000000 ____D () C:\Users\Houda K\Documents\High School2014-11-02 19:27 - 2014-08-12 22:38 - 00000000 ____D () C:\Users\Houda K\AppData\Local\EvernoteNW2014-10-31 11:19 - 2014-08-14 05:00 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-10-30 11:25 - 2014-08-15 15:57 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe2014-10-30 00:55 - 2013-08-22 15:38 - 00714208 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-10-30 00:55 - 2013-08-22 15:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-10-22 22:44 - 2014-08-13 07:38 - 00003902 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-22 22:44 - 2014-08-13 07:38 - 00003666 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-19 16:51 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\rescache2014-10-18 13:03 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\MediaViewer2014-10-18 13:03 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\FileManager2014-10-18 13:03 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\Camera2014-10-17 19:34 - 2014-08-12 19:28 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2698255820-4104015393-3068927692-1001UA2014-10-17 19:34 - 2014-08-12 19:28 - 00003510 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2698255820-4104015393-3068927692-1001Core2014-10-17 13:05 - 2014-08-13 08:20 - 00000000 ____D () C:\windows\system32\MRT2014-10-17 12:59 - 2014-08-13 08:20 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-10-17 12:02 - 2013-08-22 14:46 - 00026092 _____ () C:\windows\setupact.log2014-10-15 21:32 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\WinStore Some content of TEMP:====================C:\Users\Houda K\AppData\Local\Temp\20140812013436666jniverify.dllC:\Users\Houda K\AppData\Local\Temp\AAMHelper.exeC:\Users\Houda K\AppData\Local\Temp\AdobeApplicationManager.exeC:\Users\Houda K\AppData\Local\Temp\bassmod.dllC:\Users\Houda K\AppData\Local\Temp\CSDJavaInstaller.dllC:\Users\Houda K\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgcuwig.dllC:\Users\Houda K\AppData\Local\Temp\Risweb32.exeC:\Users\Houda K\AppData\Local\Temp\tmp96CC.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-06 12:10 ==================== End Of Log ============================Addition.txt