Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection (AVG Secure Search)


  • This topic is locked This topic is locked
18 replies to this topic

#1 KAPM

KAPM

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:38 PM

Posted 13 October 2013 - 10:18 PM

Hi,

 

When opening Chrome it goes to http://mysearch.avg.com/?cid={2A6B8411-CA14-4946-BCF2-00B622819303}&mid=c4147479668f47d39d38cd77c2de7d01-127fa661c34a10fdee5a9a6f1037d0ad3e863a4b&lang=en&ds=dn011&coid=avgtbdisdn&pr=sa&d=2013-10-08%2017:52:45&v=17.0.0.12&pid=safeguard&sg=0&sap=hp.I have tried to remove all programs that are AVG related and this still occurs.  We have also been experiencing some slowness.  Unsure how to proceed.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.40.2
Run by monro_000 at 21:05:39 on 2013-10-13
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3965.2108 [GMT -6:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://dell13.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Tiny download manager] "C:\Users\monro_000\AppData\Local\DM\TinyDM.exe" /M
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\MONRO_~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{595B155C-66BD-4B56-8117-C0E8703D5594} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{595B155C-66BD-4B56-8117-C0E8703D5594}\24B48435D22495F444 : DHCPNameServer = 10.3.1.10 10.3.1.11
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [BtPreLoad] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-4-25 652344]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-4-25 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-4-25 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-12-28 226944]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-25 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-25 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-13 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-13 701512]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-8-12 1907896]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-4-25 201872]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-7-6 1915480]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\Drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-25 364416]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-4-25 81536]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-12-28 89320]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-12-28 345832]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-12-28 115432]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-12-28 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-12-28 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-12-28 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-12-28 136424]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-12-28 578792]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-4-25 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-10-13 25928]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-4-25 315536]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-4-25 683664]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-4-25 32136]
S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2013-4-25 10752]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-4-25 28040]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-10-14 01:31:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-14 01:31:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-14 01:31:04 -------- d-----w- C:\Users\monro_000\AppData\Local\Programs
2013-10-14 01:03:43 -------- d-----w- C:\Users\monro_000\AppData\Local\BMExplorer
2013-10-14 01:03:31 -------- d-----w- C:\Users\monro_000\AppData\Local\VirtualStore
2013-10-14 00:39:16 -------- d-----w- C:\Users\monro_000\AppData\Local\CrashDumps
2013-10-13 04:44:03 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{79B90C6C-3DE8-43A1-ACD3-F9517EB9E610}\mpengine.dll
2013-10-13 00:20:51 2304512 ----a-w- C:\Windows\System32\authui.dll
2013-10-13 00:20:50 448512 ----a-w- C:\Windows\System32\SettingSync.dll
2013-10-13 00:20:49 941056 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
2013-10-13 00:20:49 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-13 00:20:48 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll
2013-10-13 00:20:48 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll
2013-10-13 00:20:48 158208 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll
2013-10-13 00:20:45 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll
2013-10-12 03:17:18 9694160 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-10-09 03:36:59 99328 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2013-10-09 03:36:59 121984 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys
2013-10-09 03:36:44 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-10-09 03:36:44 652288 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-09 03:36:44 541696 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-10-09 03:36:44 32768 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2013-10-09 03:36:44 25600 ----a-w- C:\Windows\System32\drivers\usbprint.sys
2013-10-09 03:36:41 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 03:36:41 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 03:36:35 447320 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-10-09 03:36:35 337752 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-10-09 03:36:35 213336 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-10-08 23:51:34 -------- d--h--w- C:\ProgramData\Common Files
2013-10-04 20:00:04 -------- d-----w- C:\Users\monro_000\AppData\Roaming\.minecraft
2013-09-28 00:41:14 -------- d-----w- C:\Users\monro_000\classlink
2013-09-22 17:39:24 -------- d-----w- C:\Program Files (x86)\osu!
.
==================== Find3M  ====================
.
2013-10-02 01:38:13 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 01:38:13 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-11 02:56:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-11 02:55:57 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-11 02:55:57 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-23 05:11:57 4040192 ----a-w- C:\Windows\System32\win32k.sys
2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-08-16 05:22:11 4917760 ----a-w- C:\Windows\System32\sppsvc.exe
2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll
2013-08-16 02:19:55 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-08-16 02:19:54 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-08-16 02:19:54 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll
2013-08-07 05:15:02 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2013-08-03 06:40:49 462336 ----a-w- C:\Windows\System32\sysmon.ocx
2013-08-03 06:40:17 566784 ----a-w- C:\Windows\System32\wvc.dll
2013-08-03 06:40:01 1374208 ----a-w- C:\Windows\System32\wdc.dll
2013-08-03 05:14:15 399360 ----a-w- C:\Windows\SysWow64\sysmon.ocx
2013-08-03 05:13:57 437248 ----a-w- C:\Windows\SysWow64\wvc.dll
2013-08-03 05:13:43 1245696 ----a-w- C:\Windows\SysWow64\wdc.dll
2013-08-02 06:28:29 10116608 ----a-w- C:\Windows\System32\twinui.dll
2013-08-02 05:08:18 8858112 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-08-01 10:41:31 2233688 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-27 03:58:39 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
.
============= FINISH: 21:07:22.66 ===============
[attachment=142740:attach.txt]


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:38 AM

Posted 15 October 2013 - 11:17 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

STEP 1

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 

STEP 2

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Regards,
Georgi


cXfZ4wS.png


#3 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:38 PM

Posted 16 October 2013 - 08:44 PM

Hi Georgi,

 

Thank you for your help.  Here is the requested information. -Kris

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by monro_000 (administrator) on PKM on 16-10-2013 19:24:38
Running from C:\Users\monro_000\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-05-30] ()
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKCU\...\Run: [Tiny download manager] - "C:\Users\monro_000\AppData\Local\DM\TinyDM.exe" /M
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\monro_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {6CAA2CFE-DDE5-48B4-A051-C252571F1E71} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {6CAA2CFE-DDE5-48B4-A051-C252571F1E71} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {6CAA2CFE-DDE5-48B4-A051-C252571F1E71} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {6CAA2CFE-DDE5-48B4-A051-C252571F1E71} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {6CAA2CFE-DDE5-48B4-A051-C252571F1E71} URL = 
SearchScopes: HKCU - {6CAA2CFE-DDE5-48B4-A051-C252571F1E71} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
 
Chrome: 
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={2A6B8411-CA14-4946-BCF2-00B622819303}&mid=c4147479668f47d39d38cd77c2de7d01-127fa661c34a10fdee5a9a6f1037d0ad3e863a4b&lang=en&ds=dn011&coid=avgtbdisdn&pr=sa&d=2013-10-08 17:52:45&v=17.0.0.12&pid=safeguard&sg=0&sap=hp
CHR RestoreOnStartup: "hxxp://mysearch.avg.com?cid={2A6B8411-CA14-4946-BCF2-00B622819303}&mid=c4147479668f47d39d38cd77c2de7d01-127fa661c34a10fdee5a9a6f1037d0ad3e863a4b&lang=en&ds=dn011&coid=avgtbdisdn&pr=sa&d=2013-10-08 17:52:45&v=17.0.0.12&pid=safeguard&sg=0&sap=hp"
CHR Extension: (Google Docs) - C:\Users\MONRO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\MONRO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\MONRO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\MONRO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\MONRO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\MONRO_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
==================== Services (Whitelisted) =================
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-16 19:25 - 2013-10-16 19:25 - 01050644 _____ C:\Users\monro_000\Desktop\AdwCleaner.exe
2013-10-16 19:24 - 2013-10-16 19:24 - 00000000 ____D C:\FRST
2013-10-16 19:23 - 2013-10-16 19:23 - 01954124 _____ (Farbar) C:\Users\monro_000\Desktop\FRST64.exe
2013-10-16 19:22 - 2013-10-16 19:22 - 00000000 ___RD C:\Users\monro_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-10-13 21:17 - 2013-10-13 21:17 - 00000000 ____D C:\Users\monro_000\AppData\Local\Adobe
2013-10-13 21:07 - 2013-10-13 21:08 - 00020111 _____ C:\Users\monro_000\Desktop\dds.txt
2013-10-13 21:07 - 2013-10-13 21:08 - 00004976 _____ C:\Users\monro_000\Desktop\attach.txt
2013-10-13 21:03 - 2013-10-13 21:04 - 00688992 ____R (Swearware) C:\Users\monro_000\Desktop\dds (1).com
2013-10-13 20:57 - 2013-10-13 20:57 - 00688992 _____ (Swearware) C:\Users\monro_000\Downloads\dds.com
2013-10-13 19:31 - 2013-10-13 20:54 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-13 19:31 - 2013-10-13 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-13 19:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-13 19:27 - 2013-10-13 19:28 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\monro_000\Desktop\13abc.exe
2013-10-13 19:03 - 2013-10-13 19:03 - 00000000 ____D C:\Users\monro_000\AppData\Local\VirtualStore
2013-10-13 19:03 - 2013-10-13 19:03 - 00000000 ____D C:\Users\monro_000\AppData\Local\BMExplorer
2013-10-13 19:02 - 2013-10-13 19:02 - 00445376 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-13 18:39 - 2013-10-16 19:23 - 00000000 ____D C:\Users\monro_000\AppData\Local\CrashDumps
2013-10-13 18:28 - 2013-10-13 18:28 - 01873344 _____ ( ) C:\Users\monro_000\Downloads\AVG_Browser_configuration_tool (1).exe
2013-10-13 18:27 - 2013-10-13 18:28 - 01873344 _____ ( ) C:\Users\monro_000\Downloads\AVG_Browser_configuration_tool.exe
2013-10-13 18:23 - 2013-10-13 18:23 - 00003216 _____ C:\Windows\System32\Tasks\{5229C15D-FCA7-49E8-B964-835A2E42A312}
2013-10-12 18:21 - 2013-08-03 00:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-10-12 18:21 - 2013-08-03 00:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-10-12 18:21 - 2013-08-03 00:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-10-12 18:21 - 2013-08-02 23:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-10-12 18:21 - 2013-08-02 23:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-10-12 18:21 - 2013-08-02 23:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-10-12 18:21 - 2013-08-02 00:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-12 18:21 - 2013-08-02 00:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-10-12 18:21 - 2013-08-01 23:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-12 18:21 - 2013-08-01 23:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-10-12 18:21 - 2013-08-01 04:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-12 18:21 - 2013-04-09 17:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-10-12 18:21 - 2013-04-09 16:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-10-12 18:20 - 2013-08-09 23:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-10-12 18:20 - 2013-08-09 23:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-10-12 18:20 - 2013-08-09 21:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-10-12 18:20 - 2013-08-02 00:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-12 18:20 - 2013-08-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-10-12 18:20 - 2013-08-01 23:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-12 18:20 - 2013-08-01 23:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-10-12 18:20 - 2013-07-30 17:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-10-12 18:20 - 2013-07-24 17:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-10-12 18:20 - 2013-07-24 17:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-10-11 18:09 - 2013-10-11 18:09 - 00542576 _____ (ROBLOX Corporation) C:\Users\monro_000\Downloads\RobloxPlayerLauncher (2).exe
2013-10-11 16:16 - 2013-10-11 16:16 - 00750959 _____ C:\Users\monro_000\Downloads\Cookie Clicker.zip
2013-10-09 21:19 - 2013-10-09 21:19 - 00542576 _____ (ROBLOX Corporation) C:\Users\monro_000\Downloads\RobloxPlayerLauncher (1).exe
2013-10-09 20:34 - 2013-10-09 20:34 - 00000000 ___RD C:\Users\monro_000\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2013-10-09 08:47 - 2013-09-22 17:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 08:47 - 2013-09-22 17:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 08:47 - 2013-09-22 17:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 08:47 - 2013-09-22 17:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 08:47 - 2013-09-22 17:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 08:47 - 2013-09-22 17:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 08:47 - 2013-09-22 17:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 08:47 - 2013-09-22 16:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 08:47 - 2013-09-22 16:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 08:47 - 2013-09-22 16:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 08:47 - 2013-09-22 16:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 08:47 - 2013-09-22 16:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 08:47 - 2013-09-22 16:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 08:47 - 2013-09-22 16:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 08:47 - 2013-09-22 16:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 08:47 - 2013-09-22 16:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 08:47 - 2013-05-15 16:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-10-09 08:47 - 2013-05-15 16:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-10-09 08:47 - 2013-05-14 07:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 08:47 - 2013-05-14 03:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 08:47 - 2013-04-28 16:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-10-09 08:47 - 2013-02-21 04:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 08:47 - 2013-02-21 04:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 08:47 - 2013-02-21 04:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 08:47 - 2013-02-21 04:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 08:47 - 2013-02-21 04:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 08:47 - 2013-02-21 04:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 08:47 - 2013-02-19 03:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-10-09 08:47 - 2012-11-07 22:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 08:47 - 2012-11-07 22:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 08:46 - 2013-09-22 17:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-08 21:37 - 2013-10-08 21:37 - 00000000 ____D C:\Users\monro_001\AppData\Roaming\Macromedia
2013-10-08 21:37 - 2013-08-22 23:11 - 04040192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-08 21:37 - 2013-07-05 16:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-08 21:37 - 2013-06-30 19:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-08 21:37 - 2013-06-30 19:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-08 21:37 - 2013-06-30 19:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-08 21:37 - 2013-06-30 19:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-08 21:37 - 2013-06-28 21:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-08 21:37 - 2013-06-28 21:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-08 21:37 - 2013-06-21 23:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-08 21:37 - 2013-06-21 23:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-08 21:37 - 2013-05-26 17:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 21:37 - 2013-05-26 16:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-08 21:37 - 2013-05-24 21:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-08 21:37 - 2013-05-24 20:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-08 21:36 - 2013-07-19 16:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 21:36 - 2013-07-19 16:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 21:36 - 2013-07-05 18:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-08 21:36 - 2013-07-05 16:02 - 00121984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-08 21:36 - 2013-07-05 16:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-08 21:36 - 2013-07-03 20:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-08 21:36 - 2013-07-01 19:41 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-10-08 21:36 - 2013-07-01 19:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-10-08 21:36 - 2013-07-01 19:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-10-08 21:36 - 2013-07-01 16:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2013-10-08 21:36 - 2013-06-28 21:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 21:36 - 2013-06-28 21:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-08 21:09 - 2013-10-08 21:09 - 00000000 ___RD C:\Users\monro_001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-10-08 21:09 - 2013-10-08 21:09 - 00000000 ____D C:\Users\monro_001\AppData\Roaming\Leadertech
2013-10-08 20:48 - 2013-10-08 20:48 - 00003216 _____ C:\Windows\System32\Tasks\{69129BDC-DC0B-4C57-9521-A725644FBCD4}
2013-10-08 17:51 - 2013-10-08 17:51 - 01328724 _____ C:\Users\monro_000\Downloads\Mix Lab V3.1.zip
2013-10-08 17:50 - 2013-10-08 17:50 - 00097040 _____ C:\Users\monro_000\Downloads\Mix Lab V3.1.zip.exe
2013-10-08 17:47 - 2013-10-08 17:48 - 39117120 _____ (Atomix Productions) C:\Users\monro_000\Downloads\install_virtualdj_home_v7.4.exe
2013-10-04 17:13 - 2013-10-04 17:13 - 07686110 _____ C:\Users\monro_000\Downloads\The Temple of the Sun God v. 1.2.rar
2013-10-04 16:49 - 2013-10-04 16:49 - 00000000 ____D C:\Users\monro_000\Documents\ROBLOX
2013-10-04 14:12 - 2013-10-04 14:12 - 00542576 _____ (ROBLOX Corporation) C:\Users\monro_000\Downloads\RobloxPlayerLauncher.exe
2013-10-04 14:03 - 2013-10-04 14:03 - 00000000 ____D C:\Users\monro_000\Downloads\AdventureCraft (1)2
2013-10-04 14:02 - 2013-10-04 14:02 - 00000000 ____D C:\Users\monro_000\Downloads\AdventureCraft (1)
2013-10-04 14:01 - 2013-10-04 14:01 - 00000000 ____D C:\Users\monro_000\Downloads\AdventureCraft
2013-10-04 14:00 - 2013-10-12 18:36 - 00000000 ____D C:\Users\monro_000\AppData\Roaming\.minecraft
2013-10-04 14:00 - 2013-10-04 14:01 - 13907021 _____ C:\Users\monro_000\Downloads\AdventureCraft (1).zip
2013-10-04 13:58 - 2013-10-04 14:00 - 01379144 _____ C:\Users\monro_000\Downloads\minecraft.zip
2013-10-02 17:36 - 2013-10-02 17:37 - 20289958 _____ C:\Users\monro_000\Downloads\wallpaperpackUQgaIDLN.rar
2013-10-02 17:36 - 2013-10-02 17:37 - 11476317 _____ C:\Users\monro_000\Downloads\Replaysym1dpUcd.rar
2013-10-01 16:46 - 2013-10-01 16:46 - 00000000 ____D C:\Users\monro_000\AppData\Roaming\WinRAR
2013-10-01 16:45 - 2013-10-01 16:45 - 01959064 _____ C:\Users\monro_000\Downloads\winrar-x64-500.exe
2013-10-01 16:44 - 2013-10-01 16:44 - 00070563 _____ C:\Users\monro_000\Downloads\Waterfall splitter - Copy.rar
2013-10-01 16:44 - 2013-10-01 16:44 - 00069497 _____ C:\Users\monro_000\Downloads\Waterfall Splitter Door - Copy.rar
2013-09-27 18:52 - 2013-09-27 19:15 - 00000317 _____ C:\Users\monro_000\Downloads\assignment5a.txt
2013-09-27 18:42 - 2013-09-27 18:42 - 00002784 _____ C:\Users\monro_000\Downloads\ExamScores.java
2013-09-27 18:41 - 2013-09-27 18:58 - 00006641 _____ C:\Users\monro_000\classlinkLancher.log
2013-09-27 18:41 - 2013-09-27 18:41 - 00000000 ____D C:\Users\monro_000\classlink
2013-09-25 18:04 - 2013-09-25 18:04 - 07473464 _____ (Abrosoft                                                    ) C:\Users\monro_000\Downloads\FantaMorphSetup.exe
2013-09-24 08:42 - 2013-09-24 08:42 - 00001038 _____ C:\Users\monro_000\Downloads\bump-cert (1).crt
2013-09-23 16:53 - 2013-09-23 16:53 - 00235220 _____ C:\Users\monro_000\Downloads\Ice Generator!.zip
2013-09-22 11:39 - 2013-10-08 20:51 - 00000000 ____D C:\Program Files (x86)\osu!
2013-09-22 11:37 - 2013-09-22 11:38 - 41666632 _____ (ppy Pty. Ltd.) C:\Users\monro_000\Downloads\osu!install.exe
2013-09-19 19:46 - 2013-09-19 19:46 - 00152007 _____ C:\Users\monro_000\Downloads\Copy of Copy of Storage 2.zip
2013-09-19 17:17 - 2013-09-19 17:18 - 09916222 _____ C:\Users\monro_000\Downloads\5Track Sequencer 1.4.6 by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 06076385 _____ C:\Users\monro_000\Downloads\The Temple of Notch 1.4.6 by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 05439495 _____ C:\Users\monro_000\Downloads\Auto Piano by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 01623827 _____ C:\Users\monro_000\Downloads\Guitar 1.4.6 by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 00737418 _____ C:\Users\monro_000\Downloads\Drumkit by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 00621608 _____ C:\Users\monro_000\Downloads\Plants vs Zombies by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 00400907 _____ C:\Users\monro_000\Downloads\8 Track Sequencer 1.4.7.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 00010825 _____ C:\Users\monro_000\Downloads\Analogue Clock by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 02840656 _____ C:\Users\monro_000\Downloads\Archery by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 02151079 _____ C:\Users\monro_000\Downloads\Easter Bunny Boss Fight 1.4.6 by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 01912927 _____ C:\Users\monro_000\Downloads\Sonic the Hedgehog 1.0.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 01294771 _____ C:\Users\monro_000\Downloads\Calculator by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 01292507 _____ C:\Users\monro_000\Downloads\Bomberman 1.4.6 by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 01274080 _____ C:\Users\monro_000\Downloads\Bomb Defuse by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 00977842 _____ C:\Users\monro_000\Downloads\Pirates.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 00900155 _____ C:\Users\monro_000\Downloads\Zombie Siege by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 00666070 _____ C:\Users\monro_000\Downloads\Super Pig Powered Slot Machine.zip
2013-09-19 17:15 - 2013-09-19 17:15 - 02192601 _____ C:\Users\monro_000\Downloads\Evil Santa Boss Fight by disco.zip
2013-09-19 17:15 - 2013-09-19 17:15 - 01934845 _____ C:\Users\monro_000\Downloads\CakeDefense2 by disco.zip
2013-09-17 14:47 - 2013-09-18 15:02 - 02962944 _____ C:\Users\monro_000\Downloads\StructureofEssay.ppt
2013-09-16 21:43 - 2013-09-16 21:48 - 00000000 ____D C:\Users\monro_000\Documents\LOLReplay
2013-09-16 21:42 - 2013-09-16 21:42 - 01467513 _____ C:\Users\monro_000\Downloads\LOLReplay-0.8.3.0.exe
2013-09-16 14:07 - 2013-09-16 14:07 - 00001278 _____ C:\Users\monro_000\Downloads\MoreStrings.java
 
==================== One Month Modified Files and Folders =======
 
2013-10-16 19:25 - 2013-10-16 19:25 - 01050644 _____ C:\Users\monro_000\Desktop\AdwCleaner.exe
2013-10-16 19:24 - 2013-10-16 19:24 - 00000000 ____D C:\FRST
2013-10-16 19:23 - 2013-10-16 19:23 - 01954124 _____ (Farbar) C:\Users\monro_000\Desktop\FRST64.exe
2013-10-16 19:23 - 2013-10-13 18:39 - 00000000 ____D C:\Users\monro_000\AppData\Local\CrashDumps
2013-10-16 19:22 - 2013-10-16 19:22 - 00000000 ___RD C:\Users\monro_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-10-16 19:22 - 2013-04-25 02:26 - 01865510 _____ C:\Windows\WindowsUpdate.log
2013-10-16 19:21 - 2013-08-13 18:58 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-16 13:09 - 2013-08-13 18:58 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-16 13:06 - 2013-04-25 02:58 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-10-16 13:00 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-16 11:48 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-15 18:55 - 2013-08-13 18:58 - 00000000 ____D C:\Users\monro_000\AppData\Local\Google
2013-10-15 17:11 - 2013-08-13 19:01 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-15 12:07 - 2013-08-19 14:53 - 00000000 ____D C:\Users\monro_000\Documents\English 10
2013-10-15 09:52 - 2013-08-12 11:29 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-410143853-2536697995-3188665890-1001
2013-10-15 08:56 - 2012-07-26 01:28 - 00850046 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-14 19:46 - 2012-07-26 01:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-14 19:45 - 2013-04-25 02:10 - 00021766 _____ C:\Windows\PFRO.log
2013-10-13 21:17 - 2013-10-13 21:17 - 00000000 ____D C:\Users\monro_000\AppData\Local\Adobe
2013-10-13 21:17 - 2013-08-15 20:57 - 00043520 ___SH C:\Users\monro_000\Desktop\Thumbs.db
2013-10-13 21:08 - 2013-10-13 21:07 - 00020111 _____ C:\Users\monro_000\Desktop\dds.txt
2013-10-13 21:08 - 2013-10-13 21:07 - 00004976 _____ C:\Users\monro_000\Desktop\attach.txt
2013-10-13 21:04 - 2013-10-13 21:03 - 00688992 ____R (Swearware) C:\Users\monro_000\Desktop\dds (1).com
2013-10-13 20:57 - 2013-10-13 20:57 - 00688992 _____ (Swearware) C:\Users\monro_000\Downloads\dds.com
2013-10-13 20:54 - 2013-10-13 19:31 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-13 20:54 - 2013-10-13 19:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-13 19:28 - 2013-10-13 19:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\monro_000\Desktop\13abc.exe
2013-10-13 19:03 - 2013-10-13 19:03 - 00000000 ____D C:\Users\monro_000\AppData\Local\VirtualStore
2013-10-13 19:03 - 2013-10-13 19:03 - 00000000 ____D C:\Users\monro_000\AppData\Local\BMExplorer
2013-10-13 19:03 - 2013-08-12 11:23 - 00000000 ___RD C:\Users\monro_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-13 19:03 - 2013-08-12 11:23 - 00000000 ___RD C:\Users\monro_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-13 19:02 - 2013-10-13 19:02 - 00445376 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-13 19:02 - 2012-07-25 23:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-10-13 19:01 - 2012-07-26 02:12 - 00000000 ___RD C:\Windows\ToastData
2013-10-13 18:30 - 2013-08-12 11:20 - 00000000 ____D C:\Users\monro_000\AppData\Local\Packages
2013-10-13 18:28 - 2013-10-13 18:28 - 01873344 _____ ( ) C:\Users\monro_000\Downloads\AVG_Browser_configuration_tool (1).exe
2013-10-13 18:28 - 2013-10-13 18:27 - 01873344 _____ ( ) C:\Users\monro_000\Downloads\AVG_Browser_configuration_tool.exe
2013-10-13 18:23 - 2013-10-13 18:23 - 00003216 _____ C:\Windows\System32\Tasks\{5229C15D-FCA7-49E8-B964-835A2E42A312}
2013-10-13 16:53 - 2013-08-12 21:54 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-12 19:03 - 2013-08-13 18:58 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 19:03 - 2013-08-13 18:58 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 18:36 - 2013-10-04 14:00 - 00000000 ____D C:\Users\monro_000\AppData\Roaming\.minecraft
2013-10-11 19:11 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\NDF
2013-10-11 18:09 - 2013-10-11 18:09 - 00542576 _____ (ROBLOX Corporation) C:\Users\monro_000\Downloads\RobloxPlayerLauncher (2).exe
2013-10-11 16:16 - 2013-10-11 16:16 - 00750959 _____ C:\Users\monro_000\Downloads\Cookie Clicker.zip
2013-10-11 08:37 - 2013-08-13 17:31 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 08:35 - 2013-08-13 10:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 22:18 - 2013-04-25 03:00 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2013-10-09 21:20 - 2013-08-16 14:14 - 00000000 ____D C:\Users\monro_000\Desktop\BK JAVA
2013-10-09 21:19 - 2013-10-09 21:19 - 00542576 _____ (ROBLOX Corporation) C:\Users\monro_000\Downloads\RobloxPlayerLauncher (1).exe
2013-10-09 20:34 - 2013-10-09 20:34 - 00000000 ___RD C:\Users\monro_000\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2013-10-08 21:37 - 2013-10-08 21:37 - 00000000 ____D C:\Users\monro_001\AppData\Roaming\Macromedia
2013-10-08 21:34 - 2013-09-15 23:02 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-410143853-2536697995-3188665890-1004
2013-10-08 21:28 - 2013-04-25 02:48 - 00000000 ____D C:\ProgramData\PCDr
2013-10-08 21:15 - 2013-09-15 22:55 - 00000000 ____D C:\Users\monro_001\AppData\Roaming\Adobe
2013-10-08 21:09 - 2013-10-08 21:09 - 00000000 ___RD C:\Users\monro_001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-10-08 21:09 - 2013-10-08 21:09 - 00000000 ____D C:\Users\monro_001\AppData\Roaming\Leadertech
2013-10-08 20:51 - 2013-09-22 11:39 - 00000000 ____D C:\Program Files (x86)\osu!
2013-10-08 20:48 - 2013-10-08 20:48 - 00003216 _____ C:\Windows\System32\Tasks\{69129BDC-DC0B-4C57-9521-A725644FBCD4}
2013-10-08 17:51 - 2013-10-08 17:51 - 01328724 _____ C:\Users\monro_000\Downloads\Mix Lab V3.1.zip
2013-10-08 17:50 - 2013-10-08 17:50 - 00097040 _____ C:\Users\monro_000\Downloads\Mix Lab V3.1.zip.exe
2013-10-08 17:48 - 2013-10-08 17:47 - 39117120 _____ (Atomix Productions) C:\Users\monro_000\Downloads\install_virtualdj_home_v7.4.exe
2013-10-08 14:08 - 2013-08-12 11:24 - 00000000 ____D C:\Users\monro_000\Documents\Bluetooth Folder
2013-10-06 22:08 - 2013-08-15 20:58 - 00035328 ___SH C:\Users\monro_000\Downloads\Thumbs.db
2013-10-04 17:13 - 2013-10-04 17:13 - 07686110 _____ C:\Users\monro_000\Downloads\The Temple of the Sun God v. 1.2.rar
2013-10-04 16:49 - 2013-10-04 16:49 - 00000000 ____D C:\Users\monro_000\Documents\ROBLOX
2013-10-04 14:12 - 2013-10-04 14:12 - 00542576 _____ (ROBLOX Corporation) C:\Users\monro_000\Downloads\RobloxPlayerLauncher.exe
2013-10-04 14:03 - 2013-10-04 14:03 - 00000000 ____D C:\Users\monro_000\Downloads\AdventureCraft (1)2
2013-10-04 14:02 - 2013-10-04 14:02 - 00000000 ____D C:\Users\monro_000\Downloads\AdventureCraft (1)
2013-10-04 14:01 - 2013-10-04 14:01 - 00000000 ____D C:\Users\monro_000\Downloads\AdventureCraft
2013-10-04 14:01 - 2013-10-04 14:00 - 13907021 _____ C:\Users\monro_000\Downloads\AdventureCraft (1).zip
2013-10-04 14:00 - 2013-10-04 13:58 - 01379144 _____ C:\Users\monro_000\Downloads\minecraft.zip
2013-10-04 13:59 - 2013-08-17 14:54 - 00000000 ____D C:\Users\monro_000\AppData\Roaming\minecraft
2013-10-02 17:37 - 2013-10-02 17:36 - 20289958 _____ C:\Users\monro_000\Downloads\wallpaperpackUQgaIDLN.rar
2013-10-02 17:37 - 2013-10-02 17:36 - 11476317 _____ C:\Users\monro_000\Downloads\Replaysym1dpUcd.rar
2013-10-01 19:38 - 2012-07-26 02:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-01 19:38 - 2012-07-26 02:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-01 16:46 - 2013-10-01 16:46 - 00000000 ____D C:\Users\monro_000\AppData\Roaming\WinRAR
2013-10-01 16:45 - 2013-10-01 16:45 - 01959064 _____ C:\Users\monro_000\Downloads\winrar-x64-500.exe
2013-10-01 16:44 - 2013-10-01 16:44 - 00070563 _____ C:\Users\monro_000\Downloads\Waterfall splitter - Copy.rar
2013-10-01 16:44 - 2013-10-01 16:44 - 00069497 _____ C:\Users\monro_000\Downloads\Waterfall Splitter Door - Copy.rar
2013-09-28 21:28 - 2013-08-12 11:20 - 00000000 ____D C:\Users\monro_000
2013-09-28 21:27 - 2013-09-15 22:57 - 00000000 ____D C:\Users\Phillip's Homework
2013-09-28 21:27 - 2013-09-15 22:53 - 00000000 ____D C:\Users\monro_001
2013-09-28 21:27 - 2012-07-26 02:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-28 21:26 - 2013-09-15 22:57 - 00000000 ___RD C:\Users\Phillip's Homework\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-09-28 21:26 - 2013-09-15 22:57 - 00000000 ___RD C:\Users\Phillip's Homework\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-28 21:26 - 2013-09-15 22:57 - 00000000 ___RD C:\Users\Phillip's Homework\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-09-28 21:26 - 2013-09-15 22:53 - 00000000 ___RD C:\Users\monro_001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-09-28 21:26 - 2013-09-15 22:53 - 00000000 ___RD C:\Users\monro_001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-28 21:26 - 2013-09-15 22:53 - 00000000 ___RD C:\Users\monro_001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-09-28 21:26 - 2013-08-21 08:59 - 00000000 ___RD C:\Users\monro_000\Documents\Notes
2013-09-28 21:26 - 2013-08-12 11:23 - 00000000 ____D C:\ProgramData\Atheros
2013-09-28 21:25 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\registration
2013-09-28 21:24 - 2012-07-25 23:38 - 00000000 ____D C:\Windows\system32\Sysprep
2013-09-27 19:15 - 2013-09-27 18:52 - 00000317 _____ C:\Users\monro_000\Downloads\assignment5a.txt
2013-09-27 18:58 - 2013-09-27 18:41 - 00006641 _____ C:\Users\monro_000\classlinkLancher.log
2013-09-27 18:42 - 2013-09-27 18:42 - 00002784 _____ C:\Users\monro_000\Downloads\ExamScores.java
2013-09-27 18:41 - 2013-09-27 18:41 - 00000000 ____D C:\Users\monro_000\classlink
2013-09-25 18:04 - 2013-09-25 18:04 - 07473464 _____ (Abrosoft                                                    ) C:\Users\monro_000\Downloads\FantaMorphSetup.exe
2013-09-24 08:42 - 2013-09-24 08:42 - 00001038 _____ C:\Users\monro_000\Downloads\bump-cert (1).crt
2013-09-23 16:53 - 2013-09-23 16:53 - 00235220 _____ C:\Users\monro_000\Downloads\Ice Generator!.zip
2013-09-22 17:28 - 2013-10-09 08:47 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 17:28 - 2013-10-09 08:47 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 17:27 - 2013-10-09 08:47 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 17:27 - 2013-10-09 08:47 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 17:27 - 2013-10-09 08:47 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 17:27 - 2013-10-09 08:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 17:27 - 2013-10-09 08:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 17:27 - 2013-10-09 08:46 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 16:55 - 2013-10-09 08:47 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 16:55 - 2013-10-09 08:47 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 16:55 - 2013-10-09 08:47 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-22 16:54 - 2013-10-09 08:47 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 16:54 - 2013-10-09 08:47 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 16:54 - 2013-10-09 08:47 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 16:54 - 2013-10-09 08:47 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 16:54 - 2013-10-09 08:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 16:54 - 2013-10-09 08:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 11:38 - 2013-09-22 11:37 - 41666632 _____ (ppy Pty. Ltd.) C:\Users\monro_000\Downloads\osu!install.exe
2013-09-19 19:46 - 2013-09-19 19:46 - 00152007 _____ C:\Users\monro_000\Downloads\Copy of Copy of Storage 2.zip
2013-09-19 17:18 - 2013-09-19 17:17 - 09916222 _____ C:\Users\monro_000\Downloads\5Track Sequencer 1.4.6 by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 06076385 _____ C:\Users\monro_000\Downloads\The Temple of Notch 1.4.6 by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 05439495 _____ C:\Users\monro_000\Downloads\Auto Piano by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 01623827 _____ C:\Users\monro_000\Downloads\Guitar 1.4.6 by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 00737418 _____ C:\Users\monro_000\Downloads\Drumkit by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 00621608 _____ C:\Users\monro_000\Downloads\Plants vs Zombies by disco.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 00400907 _____ C:\Users\monro_000\Downloads\8 Track Sequencer 1.4.7.zip
2013-09-19 17:17 - 2013-09-19 17:17 - 00010825 _____ C:\Users\monro_000\Downloads\Analogue Clock by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 02840656 _____ C:\Users\monro_000\Downloads\Archery by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 02151079 _____ C:\Users\monro_000\Downloads\Easter Bunny Boss Fight 1.4.6 by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 01912927 _____ C:\Users\monro_000\Downloads\Sonic the Hedgehog 1.0.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 01294771 _____ C:\Users\monro_000\Downloads\Calculator by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 01292507 _____ C:\Users\monro_000\Downloads\Bomberman 1.4.6 by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 01274080 _____ C:\Users\monro_000\Downloads\Bomb Defuse by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 00977842 _____ C:\Users\monro_000\Downloads\Pirates.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 00900155 _____ C:\Users\monro_000\Downloads\Zombie Siege by disco.zip
2013-09-19 17:16 - 2013-09-19 17:16 - 00666070 _____ C:\Users\monro_000\Downloads\Super Pig Powered Slot Machine.zip
2013-09-19 17:15 - 2013-09-19 17:15 - 02192601 _____ C:\Users\monro_000\Downloads\Evil Santa Boss Fight by disco.zip
2013-09-19 17:15 - 2013-09-19 17:15 - 01934845 _____ C:\Users\monro_000\Downloads\CakeDefense2 by disco.zip
2013-09-18 15:02 - 2013-09-17 14:47 - 02962944 _____ C:\Users\monro_000\Downloads\StructureofEssay.ppt
2013-09-16 21:48 - 2013-09-16 21:43 - 00000000 ____D C:\Users\monro_000\Documents\LOLReplay
2013-09-16 21:42 - 2013-09-16 21:42 - 01467513 _____ C:\Users\monro_000\Downloads\LOLReplay-0.8.3.0.exe
2013-09-16 14:07 - 2013-09-16 14:07 - 00001278 _____ C:\Users\monro_000\Downloads\MoreStrings.java
 
Some content of TEMP:
====================
C:\Users\monro_000\AppData\Local\Temp\UNINSTALL.EXE
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-08 14:04
 
==================== End Of Log ============================


#4 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:38 PM

Posted 16 October 2013 - 08:47 PM

Oops, forgot a couple items.  I was unable to attach the addition.txt file as there was insufficient space.  

 

Here is the other report from AdwCleaner

 

# AdwCleaner v3.008 - Report created 16/10/2013 at 19:28:30
# Updated 17/10/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : monro_000 - PKM
# Running from : C:\Users\monro_000\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\MONRO_~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\MONRO_~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\MONRO_~1\AppData\Local\Temp\Uninstall.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\TENCENT
Key Found : [x64] HKCU\Software\TENCENT
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\TENCENT
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\monro_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1651 octets] - [16/10/2013 19:28:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1711 octets] ##########


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:38 AM

Posted 17 October 2013 - 07:38 AM

Hi,

 

Next please download the following file => [attachment=142878:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished and untick this entry:
    <-Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

The following settings can be repaired only from the Google Chrome settings:

 

CHR HomePage: hxxp://mysearch.avg.com?cid={2A6B8411-CA14-4946-BCF2-00B622819303}&mid=c4147479668f47d39d38cd77c2de7d01-127fa661c34a10fdee5a9a6f1037d0ad3e863a4b&lang=en&ds=dn011&coid=avgtbdisdn&pr=sa&d=2013-10-08 17:52:45&v=17.0.0.12&pid=safeguard&sg=0&sap=hp
 
CHR RestoreOnStartup: "hxxp://mysearch.avg.com?cid={2A6B8411-CA14-4946-BCF2-00B622819303}&mid=c4147479668f47d39d38cd77c2de7d01-127fa661c34a10fdee5a9a6f1037d0ad3e863a4b&lang=en&ds=dn011&coid=avgtbdisdn&pr=sa&d=2013-10-08 17:52:45&v=17.0.0.12&pid=safeguard&sg=0&sap=hp"

 

So check this out: Reset browser settings

Also you forgot the attach the Addition.txt log from FRST.

 

 

Regards,

Georgi


cXfZ4wS.png


#6 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:38 PM

Posted 17 October 2013 - 07:39 PM

Also you forgot the attach the Addition.txt log from FRST.

 

 

 I was unable to attach the addition.txt file as there was insufficient space.  

 

Since I was unable to attach the addition.txt file would you like me to copy/paste it into a reply or can you delete a file that was previously attached to allow more space?



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:38 AM

Posted 17 October 2013 - 08:17 PM

Hi,

 

Sorry I missed this sentence in your reply. In this way then please upload the file here => http://www.filedropper.com/ and post the link to the log in your next reply.

 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 17 October 2013 - 08:18 PM.

cXfZ4wS.png


#8 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:38 PM

Posted 17 October 2013 - 10:42 PM

Thank you!  Here is the link to the attachment.txt file  http://www.filedropper.com/addition

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by monro_000 at 2013-10-17 21:31:41 Run:1
Running from C:\Users\monro_000\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
SearchScopes: HKCU - DefaultScope {6CAA2CFE-DDE5-48B4-A051-C252571F1E71} URL = 
SearchScopes: HKCU - {6CAA2CFE-DDE5-48B4-A051-C252571F1E71} URL = 
CHR HomePage: hxxp://mysearch.avg.com?cid={2A6B8411-CA14-4946-BCF2-00B622819303}&mid=c4147479668f47d39d38cd77c2de7d01-127fa661c34a10fdee5a9a6f1037d0ad3e863a4b&lang=en&ds=dn011&coid=avgtbdisdn&pr=sa&d=2013-10-08 17:52:45&v=17.0.0.12&pid=safeguard&sg=0&sap=hp
CHR RestoreOnStartup: "hxxp://mysearch.avg.com?cid={2A6B8411-CA14-4946-BCF2-00B622819303}&mid=c4147479668f47d39d38cd77c2de7d01-127fa661c34a10fdee5a9a6f1037d0ad3e863a4b&lang=en&ds=dn011&coid=avgtbdisdn&pr=sa&d=2013-10-08 17:52:45&v=17.0.0.12&pid=safeguard&sg=0&sap=hp"
2013-10-13 18:23 - 2013-10-13 18:23 - 00003216 _____ C:\Windows\System32\Tasks\{5229C15D-FCA7-49E8-B964-835A2E42A312}
2013-10-08 20:48 - 2013-10-08 20:48 - 00003216 _____ C:\Windows\System32\Tasks\{69129BDC-DC0B-4C57-9521-A725644FBCD4}
C:\Users\monro_000\AppData\Local\Temp
end
*****************
 
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6CAA2CFE-DDE5-48B4-A051-C252571F1E71} => Key deleted successfully.
HKCR\CLSID\{6CAA2CFE-DDE5-48B4-A051-C252571F1E71} => Key not found.
CHR HomePage: hxxp://mysearch.avg.com?cid={2A6B8411-CA14-4946-BCF2-00B622819303}&mid=c4147479668f47d39d38cd77c2de7d01-127fa661c34a10fdee5a9a6f1037d0ad3e863a4b&lang=en&ds=dn011&coid=avgtbdisdn&pr=sa&d=2013-10-08 17:52:45&v=17.0.0.12&pid=safeguard&sg=0&sap=hp ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://mysearch.avg.com?cid={2A6B8411-CA14-4946-BCF2-00B622819303}&mid=c4147479668f47d39d38cd77c2de7d01-127fa661c34a10fdee5a9a6f1037d0ad3e863a4b&lang=en&ds=dn011&coid=avgtbdisdn&pr=sa&d=2013-10-08 17:52:45&v=17.0.0.12&pid=safeguard&sg=0&sap=hp" ==> The Chrome "Settings" can be used to fix the entry.
C:\Windows\System32\Tasks\{5229C15D-FCA7-49E8-B964-835A2E42A312} => Moved successfully.
C:\Windows\System32\Tasks\{69129BDC-DC0B-4C57-9521-A725644FBCD4} => Moved successfully.
 
"C:\Users\monro_000\AppData\Local\Temp" directory move:
 
C:\Users\monro_000\AppData\Local\Temp\338EDDA5-CE26-4D99-87AD-8BF489A28AC8.Diagnose.0.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\338EDDA5-CE26-4D99-87AD-8BF489A28AC8.Repair.1.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\338EDDA5-CE26-4D99-87AD-8BF489A28AC8.Verify.2.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\452E1042-615D-46C8-B65B-E679CC29A6D5.Diagnose.0.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\452E1042-615D-46C8-B65B-E679CC29A6D5.Repair.1.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\452E1042-615D-46C8-B65B-E679CC29A6D5.Verify.2.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\63978F6D-1424-41E6-BC57-859D1D2FD388.Diagnose.3.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\63978F6D-1424-41E6-BC57-859D1D2FD388.Repair.4.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\63978F6D-1424-41E6-BC57-859D1D2FD388.Verify.5.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\743042DE-8397-4D64-8E1B-63909A98C35A.Diagnose.3.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\743042DE-8397-4D64-8E1B-63909A98C35A.Repair.4.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\743042DE-8397-4D64-8E1B-63909A98C35A.Verify.5.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\A89D0E74-832A-48B8-8A4C-E326A28D42FA.Repair.1.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\A89D0E74-832A-48B8-8A4C-E326A28D42FA.Verify.2.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\chrome_installer.log => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\CVR823E.tmp.cvr => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\CVR89BF.tmp.cvr => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\D5B75EEC-FB17-4BD4-9443-AF9FBC7CB215.Diagnose.6.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\DDS.txt => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\Donate.ico => Moved successfully.
Could not move "C:\Users\monro_000\AppData\Local\Temp\etilqs_oRsonASHQ6is54E" => Scheduled to move on reboot.
C:\Users\monro_000\AppData\Local\Temp\F68AE85F-22BA-404D-9D61-CE125E0CB89C.Diagnose.6.etl => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\MSI5cf4f.LOG => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\preferences => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\toolbar_log.txt => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\winstore.log => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\wlsED12.tmp => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\wlsED90.tmp => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\~DF83C90213ABB6988E.TMP => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\tmp48062.WMC\allservices.xml => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\TCD981C.tmp\Welcome to Word.dotx => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\Low\JavaDeployReg.log => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\8000_14658\crl-set => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\8000_14658\manifest.fingerprint => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\8000_14658\manifest.json => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\7500_6820\crl-set => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\7500_6820\manifest.fingerprint => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\7500_6820\manifest.json => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\6008_25178\crl-set => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\6008_25178\manifest.fingerprint => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\6008_25178\manifest.json => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\4156_18476\crl-set => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\4156_18476\manifest.fingerprint => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\4156_18476\manifest.json => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\1112_13326\crl-set => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\1112_13326\manifest.fingerprint => Moved successfully.
C:\Users\monro_000\AppData\Local\Temp\1112_13326\manifest.json => Moved successfully.
Could not move "C:\Users\monro_000\AppData\Local\Temp" directory. => Scheduled to move on reboot.
 
 
=========== Result of Scheduled Files to move ===========
 
C:\Users\monro_000\AppData\Local\Temp\etilqs_oRsonASHQ6is54E => Is moved successfully.
C:\Users\monro_000\AppData\Local\Temp => Moved successfully.
 
==== End of Fixlog ====
 
 
 


#9 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:38 PM

Posted 17 October 2013 - 10:52 PM

  # AdwCleaner v3.008 - Report created 17/10/2013 at 21:42:18

# Updated 17/10/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : monro_000 - PKM
# Running from : C:\Users\monro_000\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\Software\TENCENT
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\monro_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\monro_001\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1803 octets] - [16/10/2013 19:28:30]
AdwCleaner[R1].txt - [894 octets] - [17/10/2013 21:38:24]
AdwCleaner[S0].txt - [1658 octets] - [17/10/2013 21:42:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1718 octets] ##########


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:38 AM

Posted 18 October 2013 - 05:44 AM

Hi,

 

 

Did you restore the Google Chrome settings to defaults? If so how are things now?

 

and 3 final steps:

 

 

 

STEP 1

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 2

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done please don't delete anything and close HitmanPro

8.Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 3

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#11 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:38 PM

Posted 18 October 2013 - 08:00 AM

Hi,

 

I did restore the Google Chrome settings to default and I am no longer presented with the AVG search.

 

When I tried to run SecurityCheck I received the following message:  UNSUPPORTED OPERATING SYSTEM! ABORTED!

 

Here are the logs from the other two programs.

 

-Kris

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 8 x64
Ran by monro_000 on Fri 10/18/2013 at  6:39:06.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\monro_000\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/18/2013 at  6:43:02.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
HitmanPro 3.7.8.207
www.hitmanpro.com
 
   Computer name . . . . : PKM
   Windows . . . . . . . : 6.2.0.9200.X64/4
   User name . . . . . . : PKM\monro_000
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2013-10-18 06:47:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 15s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 13
 
   Objects scanned . . . : 1,489,047
   Files scanned . . . . : 14,765
   Remnants scanned  . . : 347,499 files / 1,126,783 keys
 
Malware _____________________________________________________________________
 
   C:\Users\monro_000\Downloads\Mix Lab V3.1.zip.exe
      Size . . . . . . . : 97,040 bytes
      Age  . . . . . . . : 9.5 days (2013-10-08 17:50:42)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : 9E638B425648D8B1A6027A2DE1837575232560CCE7D88B5511A947D4A3D0D552
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Agent.w
      Fuzzy  . . . . . . : 104.0
      Forensic Cluster
          0.0s C:\Users\monro_000\Downloads\Mix Lab V3.1.zip.exe
          3.4s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C0AF5F80AA0D55CA55AD4471DD73D761
          3.4s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C0AF5F80AA0D55CA55AD4471DD73D761
          3.7s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EA86C033C277996C7EE317E0F0E3B25_5454EC62C4F17E6F26F876C6E5B71830
          3.7s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EA86C033C277996C7EE317E0F0E3B25_5454EC62C4F17E6F26F876C6E5B71830
         11.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1C8A47B7-E3BC-424A-B5C3-0635F47D7303}
         15.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DF0D17D1-3CD8-4B2A-981C-F688C07D41FB}
         20.7s C:\Windows\Prefetch\MIX LAB V3.1.ZIP.EXE-E2C4855B.pf
         25.1s C:\Windows\Prefetch\INSTALL.EXE-77DF747C.pf
         35.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DF79B887-CB80-4A0E-B1FA-032781D47FCF}
         44.8s C:\FRST\Quarantine\toolbar_log.txt
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         45.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46555BC6-D6B3-4EF1-AA63-F56B827D20C2}
         49.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2142FEE3-0F78-4C8F-9BE3-11CCED8AFFAA}
         51.5s C:\ProgramData\Common Files\
         51.5s C:\ProgramData\Common Files\9B39E0C9-706D-B91C-FB08-F03AD186ED9F.dat
         51.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{53F7E333-9473-498E-A8E2-C857D164DF2A}
         53.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{05E88DE6-D954-4FD9-9857-4793CD728D1A}
         59.4s C:\Users\monro_000\Downloads\Mix Lab V3.1.zip
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         61.9s C:\Windows\Prefetch\TINYDM.EXE-6D087DEA.pf
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.1s C:\Users\monro_000\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_44361C08475ED44C8209877F703AB20C
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         63.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6BA9CDC4-F023-4E3C-A612-1BE3D515F2DF}
         68.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2A0745B3-6FB8-462A-8BF9-7273DDCA9746}
         72.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C9092601-72E1-4D0E-A7C4-7BB1A452CBC1}
         79.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B87D71B2-CDAB-437A-98C0-18D8103D3469}
         79.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B87D71B2-CDAB-437A-98C0-18D8103D3469}
 
 
Cookies _____________________________________________________________________
 
   C:\Users\monro_000\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\monro_000\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\monro_000\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\monro_000\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\monro_000\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\monro_000\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\monro_000\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\monro_000\AppData\Roaming\Microsoft\Windows\Cookies\7SZRBCI9.txt
   C:\Users\monro_000\AppData\Roaming\Microsoft\Windows\Cookies\IZBAVRT4.txt
   C:\Users\monro_000\AppData\Roaming\Microsoft\Windows\Cookies\KFM70YIN.txt
   C:\Users\monro_000\AppData\Roaming\Microsoft\Windows\Cookies\ONS576V9.txt
   C:\Users\monro_000\AppData\Roaming\Microsoft\Windows\Cookies\UMZWEA76.txt
 
 
 


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:38 AM

Posted 19 October 2013 - 03:15 AM

Hi,

 

The logs are clean.

Before I let you go please run the following tools for me and post the logs:

 

 

 

STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

STEP 2

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

Also since you wasn't able to run SecurityCheck you can do the following:

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

Visit Microsoft's Windows Update Site Frequently
 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

Regards,

Georgi


cXfZ4wS.png


#13 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:38 PM

Posted 19 October 2013 - 10:06 PM

Ok here we go.....

 

Step 1 results, rkill:   http://pastebin.com/y4enRCY7

 

Step 2 results, RKReport:  http://pastebin.com/HQUVBvC8

 

Step 3 results, Malwarebytes: http://pastebin.com/fdyh9zU8

 

-Kris



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:38 AM

Posted 20 October 2013 - 06:56 AM

Hi Kris,

 

 

I have some good news for you - all logs are clean! :)

 

 

Hi,

 

 

Now download the following file => [attachment=142943:fix.reg] and save it to your desktop.

Now double click on it. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

You can delete the file from your desktop.

 

Since you wasn't able to run SecurityCheck you can do the following:

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

Visit Microsoft's Windows Update Site Frequently
 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

Nicely done ! This is the end of our journey if you don't have any more questions.
I have some final words for you.
All Clean !
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.

 

 

 

STEP 1 CLEANUP



To remove all of the tools we used and the files and folders they created, please do the following:

 

 

Download the following file => txt.gif  fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Please download OTC.exe by OldTimer and save it to your desktop.
 

  • Right-click the OTC.exe and choose Run as Administrator.
  • Click on CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

 

  • Next please download Delfix.exe by Xplode and save it to your desktop.
  • Please start it and check the box next to "Remove disinfection tools" and click on the run button.
  • The tool will delete itself once it finishes.

 

Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.



STEP 2 SECURITY ADVICES



Change all your passwords !


Since your computer was infected for peace of mind, I would however advise you that all your passwords be changed immediately !! (just in case).
Use different passwords for all your accounts. Also don't use easy passwords such as your favorite teams, bands or pets because this will allow people to guess your password.
You can use PC Tools Password Generator to create random passwords and then install an application like KeePass Password Safe to store them for easy access.If you do Online Banikng please read this article: Online Banking Protection Against Identity Theft



Keep your antivirus software turned on and up-to-date

 

  • Make sure your antivirus software is turned on and up-to-date.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note:
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • You should scan your computer with an AntiSpyware program like Malwarebytes' Anti-Malware on a regular basis just as you would an antivirus software.
  • Be sure to check for and download any definition updates prior to performing a scan.

 

 

Install HIPS based software


HIPS based software controls what an application is allowed to do and not allowed to do.
It monitors what each application tries to do, how it use the internet and give you the ability to block any suspicious activity occurring on your computer.
In my opinion the best way to prevent an unknown malware from gaining access is to use some HIPS programs (like COMODO, PrivateFirewall, Online Armor etc.) to control the access rights of legitimate applications, although this would only be advisable for experienced users...
However, you should be aware though that (if you install Comodo Firewall and not the whole package Comodo Internet Security) this is not an replacement for a standard antivirus application. It's a great tool to add another layer of protection to your existent antivirus application. It takes some time and knowledge to configure it for individual purposes but once done, you should not have a problems with it.
There are so many reviews on YouTube and blogs about all these programs.
Keep in mind to choose carefully in order to avoid conflicts or instability caused by incompatible security programs.
Also having more than one "real-time" program can be a drain on your PC's efficiency...
 
If you like Comodo you should choose for yourself which version of Comodo you will use 5 or 6. Personally I stick to version 5!
COMODO V5 & V6 Users Count Poll
 

 

Practice Safe Internet


One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.  Below are a list of simple precautions to take to keep your computer clean and running securely:
 

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • .exe, .com, .bat, .pif, .scr, .vb, .vbe, .vbs, .ws, .wsf, .shs, .hta, .jar, .js or .jse do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
    Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams.  For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you.  We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

 

 

Tweak your browsers
 
 
MOZILLA FIREFOX


To prevent further infections be sure to install the following add-ons NoScript and AdBlock Plus

 

Adblock Plus hides all those annoying (and potentially dangerous) advertisements on websites that try and tempt you to buy or download something. AdBlock not only speeds up your browsing and makes it easier on your eyes, but also makes it safer.

 

Adblock Plus can be found here.

 

NoScript is only for advanced users as it blocks all the interactive parts of a webpage, such as login options. Obviously you wouldn’t want to block your ability to log on to your internet banking or your webmail, but thankfully you can tell NoScript to allow certain websites and block others. This is very useful to ensure that the website you’re visiting is not trying to tempt you to interact with another, more dangerous website.

 

NoScript can be found here
 

 

 

Google Chrome

 
If you like Google Chrome there are many similar extensions for this browser as well. Since I am not a Google Chrome user I can't tell you which of them are good and how they work. You should find out by yourself.

However Google Chrome can block a lot of unknown malware because of his sandbox.Beware of the fact that Google Chrome doesn't provide master password protection for your saved in the browser passwords. Check this out: Google Chrome security flaw offers unrestricted password access

 

 

 

For Internet Explorer 9/10 read the articles below:
 

Security and privacy features in Internet Explorer 9

Enhanced Protected Mode
Use Tracking Protection in Internet Explorer

Security in Internet Explorer 10

 

Immunize your browsers with SpywareBlaster 5 and Spybot Search and Destroy 1.6

Also MBAM acquired the following software Malwarebytes Anti-Exploit and it should work with the most popular browsers. Beware the product is in beta stage.
 

 

 

Disable the dangerous services you don't need and don't use like Remote Registy, Server, SSDP Discovery, RemoteAccess etc. (if you don't feel confortable to change the services configuration then please skip this step). It's a good idea to disable the autorun functionality using the following tool to prevent spreading of the infections from USB flash drives.

 
 
Make the extensions for known file types visible:
 
 
Be wary of files with a double extension such as jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like image.jpg.exe will appear to you as simply image.jpg. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first one.Check this out - Show or hide file name extensions.

 

 

 

Create an image of your system

 

  • Now when your pc is malware free it is a good idea to do a backup of all important files just in case something happens it.
  • Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
  • The download link is here.
  • The tutorials can be found here.
  • Be sure to read the tutorial first.

 

 

Optimize Windows 8 for better performance

Check this article for more information.

 

 

 

Follow this list and your potential for being infected again will reduce dramatically.

Safe Surfing! :)
 

 

Cheers,

Georgi


cXfZ4wS.png


#15 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:38 PM

Posted 21 October 2013 - 10:45 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2013 01
Ran by monro_000 at 2013-10-21 21:38:05 Run:1
Running from C:\Users\monro_000\Desktop
Boot Mode: Normal
==============================================
Hi,
I did the first part of the step 1 cleanup and proceeded and then couldn't find the fixlog.txt.  Now am doubting whether it was done, so redid.  Here is the log file.
 
Content of fixlist:
*****************
start
DeleteQuarantine:
end
*****************
 
C:\FRST\Quarantine => Removed successfully.
 
==== End of Fixlog ====
 
 
-Kris





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users