Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CANNOT RUN DDS, NEED ADMIN RIGHTS


  • This topic is locked This topic is locked
18 replies to this topic

#1 NANNER

NANNER

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 17 December 2014 - 11:53 PM

Hi there.

 

I have been having problems with getting around admin rights on my personal laptop. I never set up a password for the account. TsVk! suggested I post the topic here, since It wont allow me to install DSS, and get the log, in which he suggested in the post link below:

 

http://www.bleepingcomputer.com/forums/t/560229/i-cant-change-the-settings-in-the-user-account-for-admin/?p=3571125

 

Thanks in advance,

 

Nannergto

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/16/2014
Scan Time: 10:32:49 PM
Logfile:
Administrator: No

Version: 2.00.3.1025
Malware Database: v2014.12.18.01
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: NANNERGTO

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316980
Time Elapsed: 12 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 22 December 2014 - 11:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560235 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 NANNER

NANNER
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 23 December 2014 - 07:06 PM

I can download the DDS and click and run it but when I do it comes up with the message that I need Admin to install this. I tried in safe mode and the same thing happens. My computer used to be fine, about a month ago. Then installed AVG 2015 and AVG 1-click  Maintenance and AVG PC Tuneup and was running fine. Then I used a key-gen to put in a product key from the internet and now can't uninstall any of the AVG programs with out this message coming up:

 

Attached File  avg screenshot.jpg   75.77KB   0 downloads

 

The administrative shields are by DELETE and RENAME of most of the files that I would want to manipulate.

 

Attached File  admin sheilds.jpg   59KB   0 downloads

 

I have a Dell Inspiron laptop (N5040) and am running Windows 7 home Premium with 64-bit operating system.

 

Attached File  system and security (my basic computer info).jpg   74.22KB   0 downloads

 

My problem seems to be with trying to get Administrative rights on my computer. I can't install most programs, because the admin message comes up, that I need to be signed in as an Administrator.  I tried to look for any restore points on my computer, but again I have no access. It just shows a shield next to it. See below:

Attached File  restore files (admin rights).jpg   60.08KB   0 downloads

 

I also have no control of the User Administrator. I tried to reset password and got this:

Attached File  admin remove password.jpg   56.36KB   0 downloads

 

I do not have the windows 7 disc but do have the ISO image of Windows &, but when I  try to install it says I have to be an Administrator to install it.

 

Thanks in advance for any help.

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,241 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 AM

Posted 24 December 2014 - 09:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.


Wait for further instructions.

#5 NANNER

NANNER
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 24 December 2014 - 09:40 AM

Thank you for the fast response attached is the ADDITION log, and pasted here is the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by NANNERGTO (ATTENTION: The logged in user is not administrator) on NANNERGTO on

23-12-2014 08:32:23
Running from C:\Users\NANNERGTO\Downloads
Loaded Profile: NANNERGTO (Available profiles: NANNERGTO)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United

States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-

frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not

be moved.)

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link Tray

Agent.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology

\IAStorIcon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default

or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29]

(Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-

27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011

-03-24] (Dell Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

[311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe

[415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

[2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link

Tray Agent.exe [596320 2014-07-29] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage

\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell

Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage

Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared

\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe

Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple

Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe

\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files

\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems

Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies

\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856

2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common

Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13]

(Wondershare)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ

Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player

\DelayPluginI.exe [1960008 2013-09-28] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage

\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java

\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040

2014-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn

\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData

\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes

Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [KiesPDLR] => C:\Program

Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14]

(Samsung)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [KiesAirMessage] => C:

\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-06-14] (Samsung

Electronics)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [] => C:\Program Files

(x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [ISUSPM] => C:\ProgramData

\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [KiesPDLR.exe] => C:

\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-

02-14] (Samsung)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [DAEMON Tools Lite] => C:

\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [DellSystemDetect] => C:

\Users\NANNERGTO\AppData\Local\Apps\2.0\V3KJ06JG.V6C

\N3MWLOLM.YK1\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be

\DellSystemDetect.exe [276776 2014-12-19] (Dell)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\RunOnce: [FlashPlayerUpdate] =>

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_239_Plugin.exe [855216 2014-11-

27] (Adobe Systems Incorporated)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Policies\Explorer: []
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\MountPoints2: {8c283d6a-8386-

11e4-b0a0-18037380b1b9} - F:\setup.exe
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\MountPoints2: {9fe29a8a-4456-

11e4-95fd-18037380b1b9} - E:\setup.exe
IFEO\accuweather.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG

PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe extension manager cs5.5.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC

TuneUp\TUAutoReactivator64.exe"
IFEO\adobeworkgrouphelper.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
IFEO\devicecentral.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
IFEO\extendscript toolkit.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
IFEO\imageready.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
IFEO\kies3.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
IFEO\stage_primary.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
IFEO\switchboard.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
IFEO\wsplayer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma

Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe

\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\NANNERGTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Startup\DelWinLiveGenAcct - Shortcut.lnk
ShortcutTarget: DelWinLiveGenAcct - Shortcut.lnk -> C:\Users\NANNERGTO\Desktop

\DelWinLiveGenAcct.cmd ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] ->

{36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll

(Autodesk, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or

restored to default.)

ProxyServer: [S-1-5-21-261891553-3558682979-1933133282-1000] =>
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =

http://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =

http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-

results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =

http://www.default-search.net/search?

sid=476&aid=100&itype=n&ver=13892&tm=473&src=ds&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:

\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

(Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:

\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:

\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension ->

{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance

\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:

\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

(Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->

C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->

C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884}

http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E}

http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29}

http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files

(x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles

\cnqj4i6f.default-1414379921456
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash

\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS

Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll

(Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft

Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:

\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash

\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla

Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX

\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files

(x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java

\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java

\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft

Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:

\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:

\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files

(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files

(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files

(x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files

(x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC

\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC

\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC

\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC

\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR

\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance

\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-

mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\npqtplugin5.dll (Apple Inc.)
FF Extension: Autocopy - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles

\cnqj4i6f.default-1414379921456\Extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}

[2014-10-26]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\NANNERGTO\AppData

\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions

\elemhidehelper@adblockplus.org.xpi [2014-12-13]
FF Extension: Image Zoom - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox

\Profiles\cnqj4i6f.default-1414379921456\Extensions\{1A2D0EC4-75F5-4c91-89C4-

3656F6E44B68}.xpi [2014-12-13]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\NANNERGTO\AppData\Roaming

\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{4DC70064-89E2-

4a55-8FC6-E8CDEAE3618C}.xpi [2014-12-13]
FF Extension: YouTube High Definition - C:\Users\NANNERGTO\AppData\Roaming\Mozilla

\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{7b1bf0b6-a1b9-42b0-b75d-

252036438bdc}.xpi [2014-12-13]
FF Extension: Adblock Plus - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox

\Profiles\cnqj4i6f.default-1414379921456\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-

2b9879e08c5d}.xpi [2014-10-26]
FF Extension: Open With Photoshop - C:\Users\NANNERGTO\AppData\Roaming\Mozilla

\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{f3f219f9-cbce-467e-b8fe-

6e076d29665c}.xpi [2014-12-13]
FF Extension: Adblock Edge - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox

\Profiles\cnqj4i6f.default-1414379921456\Extensions\{fe272bd1-5f76-4ea4-8501-

a05d35d823fc}.xpi [2014-12-13]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:

\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program

\ffShim.xpi [2012-07-18]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData

\Wondershare\Player\Player@Wondershare.com
FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player

\Player@Wondershare.com [2014-06-28]

Chrome:
=======
CHR Profile: C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User

Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-18]
CHR Extension: (Google Drive) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User

Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-18]
CHR Extension: (YouTube) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data

\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-18]
CHR Extension: (Google Search) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User

Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-18]
CHR Extension: (Google Wallet) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User

Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (No Name) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data

\Default\Extensions\oahepomnpijmejhllnialnkhnadmcjdp [2013-12-13]
CHR Extension: (Gmail) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data

\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-18]
CHR HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Chrome\Extension:

[dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\NANNERGTO\AppData\Local\CRE

\dkjaldeegndmngnahlmdbfnejdobkmil.crx [Not Found]
CHR HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Chrome\Extension:

[oahepomnpijmejhllnialnkhnadmcjdp] - C:\Users\NANNERGTO\AppData\Local\CRE

\oahepomnpijmejhllnialnkhnadmcjdp.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:

\ProgramData\Wondershare\Player\Player@Wondershare.com.crx [2014-06-28]
CHR HKLM-x32\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users

\NANNERGTO\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fcbabdgdkjjdgbejjfclhfeacjodcdgb] - C:

\ProgramData\Zoomex\fcbabdgdkjjdgbejjfclhfeacjodcdgb.crx [2012-12-09]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program

Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
CHR HKLM-x32\...\Chrome\Extension: [oahepomnpijmejhllnialnkhnadmcjdp] - C:\Users

\NANNERGTO\AppData\Local\CRE\oahepomnpijmejhllnialnkhnadmcjdp.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the

registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS

\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not

signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service

\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-10-16] (AVG

Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-

16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG

Technologies CZ, s.r.o.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MSSQL$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS

\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

[604512 2014-07-29] (Copyright 2013 SAMSUNG)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks

Shared\Service\SolidWorksLicensing.exe [79360 2014-09-25] (SolidWorks) [File not

signed]
S4 SQLAgent$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical

\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft

Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp

\TuneUpUtilitiesService64.exe [2148664 2014-02-13] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [36664 2014-02-13] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [30008 2014-02-13] (AVG)
S2 4b46e14a; "C:\windows\system32\rundll32.exe" "c:\progra~2\ss-

sup~1\AssistantSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the

registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys

[31968 2012-10-08] (Wondershare)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG

Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG

Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07]

(AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG

Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG

Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG

Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG

Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG

Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG

Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-25] (Disc

Soft Ltd)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23]

(Pinnacle Systems GmbH) [File not signed]
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft

Corporation)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI

Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [19720 2007-04-24] (MCCI

Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [144648 2007-04-24] (MCCI

Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [126216 2007-04-24] (MCCI

Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [123656 2007-04-24] (MCCI

Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp

\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple,

Inc.) [File not signed]
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288

2013-05-30] (Wondershare)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any

associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 08:32 - 2014-12-23 08:33 - 00026922 _____ () C:\Users\NANNERGTO\Downloads

\FRST.txt
2014-12-23 08:32 - 2014-12-23 08:32 - 00000000 ___DC () C:\FRST
2014-12-23 08:31 - 2014-12-23 08:31 - 02122240 _____ (Farbar) C:\Users\NANNERGTO

\Downloads\FRST64.exe
2014-12-22 16:18 - 2014-12-22 16:18 - 00688992 _____ (Swearware) C:\Users\NANNERGTO

\Downloads\dds(1).com
2014-12-22 15:57 - 2014-12-22 15:57 - 24743106 _____ () C:\Users\NANNERGTO\Downloads

\vlc-2.1.5-win32(2).exe
2014-12-19 13:48 - 2014-12-19 13:48 - 30806440 _____ () C:\Users\NANNERGTO\Downloads

\R308434.exe
2014-12-19 13:42 - 2014-12-19 13:42 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-12-19 13:41 - 2014-12-19 13:54 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Local\Deployment
2014-12-19 13:41 - 2014-12-19 13:41 - 00417064 _____ () C:\Users\NANNERGTO\Downloads

\DellSystemDetect.exe
2014-12-19 11:59 - 2014-12-19 11:59 - 00000000 ____H () C:\Users\NANNERGTO\Documents

\Default.rdp
2014-12-16 22:07 - 2014-12-16 22:07 - 00688992 _____ (Swearware) C:\Users\NANNERGTO

\Downloads\dds.com
2014-12-16 22:00 - 2014-12-16 22:00 - 02026456 _____ () C:\Users\NANNERGTO\Downloads

\dixmlsetup.exe
2014-12-16 21:59 - 2014-12-16 21:59 - 19709440 _____ (Luis Cobian, CobianSoft) C:

\Users\NANNERGTO\Downloads\cbSetup.exe
2014-12-16 20:33 - 2014-12-16 20:33 - 00000115 _____ () C:\Users\NANNERGTO\Desktop

\admin.txt
2014-12-16 20:06 - 2014-12-16 20:06 - 16448208 _____ (Malwarebytes Corp.) C:\Users

\NANNERGTO\Downloads\mbar-1.08.2.1001.exe
2014-12-16 20:06 - 2014-12-16 20:06 - 00000000 ____D () C:\Users\NANNERGTO\Desktop

\mbar
2014-12-16 19:00 - 2014-12-16 19:00 - 00401920 _____ (Farbar) C:\Users\NANNERGTO

\Downloads\MiniToolBox(1).exe
2014-12-16 18:58 - 2014-12-16 18:58 - 20447072 _____ (Malwarebytes Corporation ) C:

\Users\NANNERGTO\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-16 18:53 - 2014-12-16 19:02 - 00034588 _____ () C:\Users\NANNERGTO\Downloads

\Result.txt
2014-12-16 18:52 - 2014-12-16 18:52 - 00401920 _____ (Farbar) C:\Users\NANNERGTO

\Downloads\MiniToolBox.exe
2014-12-16 18:51 - 2014-12-16 18:51 - 00003130 _____ () C:\Users\NANNERGTO\Downloads

\FSS.txt
2014-12-16 18:50 - 2014-12-16 18:50 - 00415232 _____ (Farbar) C:\Users\NANNERGTO

\Downloads\FSS.exe
2014-12-16 18:48 - 2014-12-16 18:48 - 00852505 _____ () C:\Users\NANNERGTO\Downloads

\SecurityCheck.exe
2014-12-16 18:35 - 2014-12-16 18:35 - 01940728 _____ (Bleeping Computer, LLC) C:

\Users\NANNERGTO\Downloads\rkill(1).exe
2014-12-16 18:34 - 2014-12-16 18:34 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:

\Users\NANNERGTO\Downloads\avg_remover_stf_x64_2012_2125.exe
2014-12-16 18:28 - 2014-12-16 18:28 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-12-16 18:27 - 2014-12-16 18:27 - 01402880 _____ () C:\Users\NANNERGTO\Downloads

\HiJackThis.msi
2014-12-16 18:26 - 2014-12-16 18:26 - 20821720 _____ (SUPERAntiSpyware) C:\Users

\NANNERGTO\Downloads\SUPERAntiSpyware.exe
2014-12-16 18:25 - 2014-12-16 18:25 - 09817304 _____ () C:\Users\NANNERGTO\Downloads

\tweaking.com_windows_repair_aio_setup.exe
2014-12-16 18:25 - 2014-12-16 18:25 - 01678013 _____ () C:\Users\NANNERGTO\Downloads

\pc-decrapifier-2.3.1.exe
2014-12-16 18:22 - 2014-12-16 18:24 - 233663808 _____ (Emsisoft GmbH ) C:\Users

\NANNERGTO\Downloads\EmsisoftAntiMalwareSetup.exe
2014-12-16 18:20 - 2014-12-16 18:20 - 00000000 ____D () C:\Users\NANNERGTO\Desktop

\data
2014-12-16 18:20 - 2014-06-19 12:17 - 00414720 _____ () C:\Users\NANNERGTO\Desktop

\GiveMePower.exe
2014-12-16 18:20 - 2014-06-19 12:17 - 00038400 _____ () C:\Users\NANNERGTO\Desktop

\GiveMePower.pdb
2014-12-16 18:18 - 2014-12-16 18:18 - 00332171 _____ () C:\Users\NANNERGTO\Downloads

\GiveMePower-v2.0.exe
2014-12-16 18:18 - 2014-06-19 12:17 - 00414720 _____ () C:\Users\NANNERGTO\Downloads

\GiveMePower.exe
2014-12-16 18:18 - 2014-06-19 12:17 - 00038400 _____ () C:\Users\NANNERGTO\Downloads

\GiveMePower.pdb
2014-12-16 18:17 - 2014-12-16 18:17 - 03699664 _____ (Zemana Ltd. ) C:\Users

\NANNERGTO\Downloads\AntiLoggerFree_Setup.exe
2014-12-16 18:16 - 2014-12-16 18:16 - 03443632 _____ () C:\Users\NANNERGTO\Downloads

\tweaking.com_simple_system_tweaker_setup.exe
2014-12-16 18:08 - 2014-12-16 18:08 - 00000000 ____D () C:\Users\NANNERGTO\Desktop

\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-12-16 17:58 - 2014-12-16 17:58 - 02373650 _____ (The EasyUEFI Development Team. )

C:\Users\NANNERGTO\Downloads\WinToUSB_Setup_1.6.exe
2014-12-16 17:47 - 2014-12-16 17:47 - 02721168 _____ (Microsoft Corporation) C:\Users

\NANNERGTO\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2014-12-16 17:47 - 2014-12-16 17:47 - 00002543 _____ () C:\Users\NANNERGTO\Desktop

\Windows 7 USB DVD Download Tool.lnk
2014-12-16 17:47 - 2014-12-16 17:47 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2014-12-16 17:47 - 2014-12-16 17:47 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Local\Apps\Windows 7 USB DVD Download Tool
2014-12-16 16:48 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:

\windows\system32\ieUnatt.exe
2014-12-16 16:48 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:

\windows\SysWOW64\ieUnatt.exe
2014-12-14 20:49 - 2014-12-14 20:49 - 00006127 _____ () C:\Users\NANNERGTO\Desktop

\JRT.txt
2014-12-14 20:43 - 2014-12-14 20:43 - 01707646 _____ (Thisisu) C:\Users\NANNERGTO

\Downloads\JRT.exe
2014-12-14 20:31 - 2014-12-14 20:36 - 00000000 ___DC () C:\AdwCleaner
2014-12-14 20:30 - 2014-12-14 20:30 - 02166272 _____ () C:\Users\NANNERGTO\Downloads

\AdwCleaner.exe
2014-12-14 20:27 - 2014-12-16 18:36 - 00001666 _____ () C:\Users\NANNERGTO\Desktop

\Rkill.txt
2014-12-14 20:27 - 2014-12-14 20:27 - 01940728 _____ (Bleeping Computer, LLC) C:

\Users\NANNERGTO\Downloads\rkill.exe
2014-12-14 20:21 - 2014-12-14 20:21 - 00448512 _____ (OldTimer Tools) C:\Users

\NANNERGTO\Downloads\TFC.exe
2014-12-14 18:49 - 2014-03-27 10:24 - 00000000 ____D () C:\Users\NANNERGTO\Desktop

\WinSetupFromUSB-1-4
2014-12-14 18:47 - 2014-12-14 18:47 - 23462809 _____ (Igor Pavlov) C:\Users\NANNERGTO

\Downloads\WinSetupFromUSB-1-4.exe
2014-12-14 18:47 - 2014-03-27 10:24 - 00000000 ____D () C:\Users\NANNERGTO\Downloads

\WinSetupFromUSB-1-4
2014-12-14 18:40 - 2014-12-14 18:40 - 00640424 _____ (Akeo Consulting

(http://akeo.ie)) C:\Users\NANNERGTO\Downloads\rufus-1.4.12.exe
2014-12-14 17:59 - 2014-12-14 18:37 - 3320903680 ____N () C:\Users\NANNERGTO

\Downloads\X17-58997.iso
2014-12-14 17:18 - 2014-12-14 17:19 - 00000000 ____D () C:\Users\NANNERGTO\Desktop

\hold my stuff
2014-12-14 17:02 - 2014-04-19 06:01 - 01037824 _____ () C:\Users\NANNERGTO\Desktop

\WiNToBootic.exe
2014-12-14 07:52 - 2014-12-14 07:52 - 00061064 _____ () C:\Users\NANNERGTO\Downloads

\winxpvirtualcdcontrolpanel_21.exe
2014-12-14 07:24 - 2014-12-14 07:24 - 06213933 _____ () C:\Users\NANNERGTO\Downloads

\DeepBurnerPro.exe
2014-12-14 07:10 - 2014-12-14 07:12 - 00000000 ____D () C:\Users\Public\Documents

\DAEMON Tools Images
2014-12-14 07:05 - 2014-12-14 07:05 - 00624614 _____ (ISOImageBurner.com ) C:\Users

\NANNERGTO\Downloads\iso_image_burner_setup.exe
2014-12-14 07:03 - 2014-12-14 07:03 - 00624614 _____ (ISOImageBurner.com ) C:\Users

\NANNERGTO\Desktop\iso_image_burner_setup.exe
2014-12-13 19:59 - 2014-12-13 19:59 - 24743106 _____ () C:\Users\NANNERGTO\Downloads

\vlc-2.1.5-win32(1).exe
2014-12-13 18:58 - 2014-12-13 18:58 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-12-12 23:33 - 2014-12-12 23:33 - 00001920 _____ () C:\Users\NANNERGTO\Desktop

\cc_20141212_223345 #2.reg
2014-12-12 23:32 - 2014-12-12 23:33 - 00011566 _____ () C:\Users\NANNERGTO\Desktop

\cc_20141212_223218.reg
2014-12-12 23:18 - 2014-12-12 23:18 - 05600944 _____ (Swearware) C:\Users\NANNERGTO

\Downloads\ComboFix.exe
2014-12-12 16:58 - 2014-12-12 16:58 - 24743106 _____ () C:\Users\NANNERGTO\Downloads

\vlc-2.1.5-win32.exe
2014-12-11 20:38 - 2014-12-11 20:38 - 00000000 __SHD () C:\Users\NANNERGTO\AppData

\Local\EmieBrowserModeList
2014-12-11 19:37 - 2014-12-11 19:37 - 00000073 _____ () C:\Users\NANNERGTO\Desktop

\DelWinLiveGenAcct.cmd
2014-12-11 18:02 - 2014-12-11 18:02 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-11 17:25 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:

\windows\system32\mf.dll
2014-12-11 17:25 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:

\windows\SysWOW64\mf.dll
2014-12-10 22:43 - 2014-12-10 22:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla

Firefox
2014-12-10 22:00 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:

\windows\system32\appraiser.dll
2014-12-10 22:00 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:

\windows\system32\invagent.dll
2014-12-10 22:00 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:

\windows\system32\generaltel.dll
2014-12-10 22:00 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:

\windows\system32\devinv.dll
2014-12-10 22:00 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:

\windows\system32\aepdu.dll
2014-12-10 22:00 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:

\windows\system32\aepic.dll
2014-12-10 22:00 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:

\windows\system32\aeinv.dll
2014-12-10 22:00 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:

\windows\system32\aitstatic.exe
2014-12-10 21:59 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:

\windows\system32\iedkcs32.dll
2014-12-10 21:59 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:

\windows\SysWOW64\iedkcs32.dll
2014-12-10 21:59 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:

\windows\system32\mshtml.tlb
2014-12-10 21:59 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:

\windows\system32\ieetwcollectorres.dll
2014-12-10 21:59 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:

\windows\system32\ieetwproxystub.dll
2014-12-10 21:59 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:

\windows\system32\iernonce.dll
2014-12-10 21:59 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:

\windows\system32\ieetwcollector.exe
2014-12-10 21:59 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:

\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 21:59 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:

\windows\SysWOW64\mshtml.dll
2014-12-10 21:59 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:

\windows\SysWOW64\mshtml.tlb
2014-12-10 21:59 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:

\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 21:59 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:

\windows\SysWOW64\iesetup.dll
2014-12-10 21:59 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:

\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 21:59 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:

\windows\system32\dxtrans.dll
2014-12-10 21:59 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:

\windows\SysWOW64\iertutil.dll
2014-12-10 21:59 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:

\windows\SysWOW64\jsproxy.dll
2014-12-10 21:59 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:

\windows\SysWOW64\iernonce.dll
2014-12-10 21:59 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:

\windows\SysWOW64\ieui.dll
2014-12-10 21:59 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:

\windows\SysWOW64\jscript9diag.dll
2014-12-10 21:59 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:

\windows\system32\msfeeds.dll
2014-12-10 21:59 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:

\windows\system32\ie4uinit.exe
2014-12-10 21:59 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:

\windows\SysWOW64\dxtmsft.dll
2014-12-10 21:59 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:

\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 21:59 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:

\windows\SysWOW64\mshtmled.dll
2014-12-10 21:59 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:

\windows\SysWOW64\dxtrans.dll
2014-12-10 21:59 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:

\windows\SysWOW64\msfeeds.dll
2014-12-10 21:59 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:

\windows\SysWOW64\inetcpl.cpl
2014-12-10 21:59 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:

\windows\system32\urlmon.dll
2014-12-10 21:59 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:

\windows\SysWOW64\ieframe.dll
2014-12-10 21:59 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:

\windows\SysWOW64\urlmon.dll
2014-12-10 21:59 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:

\windows\SysWOW64\ieapfltr.dll
2014-12-10 21:59 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:

\windows\system32\WindowsCodecs.dll
2014-12-10 21:59 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:

\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 21:59 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:

\windows\system32\Drivers\tdx.sys
2014-12-10 21:58 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:

\windows\system32\mshtml.dll
2014-12-10 21:58 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:

\windows\system32\vbscript.dll
2014-12-10 21:58 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:

\windows\system32\iesetup.dll
2014-12-10 21:58 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:

\windows\system32\iertutil.dll
2014-12-10 21:58 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:

\windows\system32\MshtmlDac.dll
2014-12-10 21:58 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:

\windows\system32\jsproxy.dll
2014-12-10 21:58 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:

\windows\system32\ieui.dll
2014-12-10 21:58 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:

\windows\system32\jscript9.dll
2014-12-10 21:58 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:

\windows\system32\jscript9diag.dll
2014-12-10 21:58 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:

\windows\system32\dxtmsft.dll
2014-12-10 21:58 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:

\windows\system32\msrating.dll
2014-12-10 21:58 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:

\windows\system32\mshtmled.dll
2014-12-10 21:58 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:

\windows\SysWOW64\vbscript.dll
2014-12-10 21:58 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:

\windows\SysWOW64\MshtmlDac.dll
2014-12-10 21:58 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:

\windows\system32\mshtmlmedia.dll
2014-12-10 21:58 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:

\windows\system32\inetcpl.cpl
2014-12-10 21:58 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:

\windows\system32\ieframe.dll
2014-12-10 21:58 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:

\windows\SysWOW64\msrating.dll
2014-12-10 21:58 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:

\windows\SysWOW64\jscript9.dll
2014-12-10 21:58 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:

\windows\system32\wininet.dll
2014-12-10 21:58 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:

\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 21:58 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:

\windows\system32\ieapfltr.dll
2014-12-10 21:58 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:

\windows\SysWOW64\wininet.dll
2014-12-10 21:57 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:

\windows\system32\charmap.exe
2014-12-10 21:57 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:

\windows\SysWOW64\charmap.exe
2014-12-10 21:57 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:

\windows\system32\WsmSvc.dll
2014-12-10 21:57 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:

\windows\system32\WSManMigrationPlugin.dll
2014-12-10 21:57 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:

\windows\system32\WsmWmiPl.dll
2014-12-10 21:57 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:

\windows\system32\WsmAuto.dll
2014-12-10 21:57 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:

\windows\system32\WSManHTTPConfig.exe
2014-12-10 21:57 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:

\windows\SysWOW64\WsmSvc.dll
2014-12-10 21:57 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:

\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 21:57 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:

\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 21:57 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:

\windows\SysWOW64\WsmAuto.dll
2014-12-10 21:57 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:

\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 21:56 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:

\windows\system32\tzres.dll
2014-12-10 21:56 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:

\windows\SysWOW64\tzres.dll
2014-12-10 21:31 - 2014-12-10 21:31 - 00000326 _____ () C:\windows\Tasks

\1214aviUpdateInfo.job
2014-12-10 21:31 - 2014-12-10 21:31 - 00000000 ____D () C:\ProgramData

\Avg_Update_1214avi
2014-12-06 16:53 - 2014-12-06 17:01 - 00000000 ____D () C:\AVG_Remover
2014-12-06 16:53 - 2014-12-06 16:53 - 01779224 _____ ( ) C:\Users\NANNERGTO\Downloads

\AVG_Remover.exe
2014-12-06 16:53 - 2014-12-06 16:53 - 00000057 _____ () C:\Users\NANNERGTO\Downloads

\avgremover.log
2014-12-06 16:52 - 2014-12-06 16:53 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:

\Users\NANNERGTO\Downloads\avg_remover_stf_x64_2015_5501.exe
2014-12-06 16:31 - 2014-12-06 16:31 - 00000000 _____ () C:\Users\NANNERGTO\Downloads

\TuneUp%202014%20Alternative%20Activator.rar.exe
2014-12-06 16:30 - 2014-12-06 16:30 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Local\qb0D3BC7.A6
2014-12-06 16:30 - 2013-12-07 20:33 - 00000106 _____ () C:\Users\NANNERGTO\Desktop\On

HAX.url
2014-12-06 16:29 - 2014-12-06 16:29 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Local\qb0C530F.21
2014-12-06 16:28 - 2014-12-06 16:28 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Local\qb0AE34C.05
2014-12-04 17:39 - 2014-12-04 17:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-04 17:37 - 2014-12-04 17:37 - 11222744 _____ (SurfRight B.V.) C:\Users

\NANNERGTO\Downloads\HitmanPro_x64.exe
2014-12-04 17:37 - 2014-12-04 17:37 - 02347384 _____ (ESET) C:\Users\NANNERGTO

\Downloads\esetsmartinstaller_enu.exe
2014-12-04 17:35 - 2014-12-04 17:35 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users

\NANNERGTO\Downloads\tdsskiller.exe
2014-12-04 17:33 - 2014-12-04 17:34 - 125231864 _____ (Microsoft Corporation) C:

\Users\NANNERGTO\Downloads\msert.exe
2014-12-03 18:11 - 2014-12-03 18:12 - 00000000 ____D () C:\Users\NANNERGTO\Desktop\New

folder (2)
2014-12-03 18:10 - 2014-12-03 18:10 - 00000705 _____ () C:\Users\NANNERGTO\Desktop

\iSunshare Windows 7 Password Genius Trial.lnk
2014-12-03 18:10 - 2014-12-03 18:10 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Roaming\Microsoft\Windows\Start Menu\Programs\iSunshare Windows 7 Password Genius

Trial
2014-12-03 18:07 - 2014-12-03 18:07 - 29233786 _____ () C:\Users\NANNERGTO\Downloads

\isunshare-windows-7-password-genius.exe
2014-12-02 17:45 - 2014-12-02 17:45 - 10691640 _____ (VS Revo Group ) C:\Users

\NANNERGTO\Downloads\RevoUninProSetup.exe
2014-12-02 17:39 - 2014-12-02 17:39 - 01210360 _____ ( ) C:\Users\NANNERGTO\Downloads

\TuneUp_Remover.exe
2014-11-27 13:14 - 2014-11-27 13:14 - 04443312 _____ (Adobe Systems Incorporated) C:

\windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-23 14:06 - 2014-11-23 14:06 - 00000511 _____ () C:\Users\NANNERGTO\Desktop

\show desktop - Shortcut (2).lnk
2014-11-23 13:59 - 2014-11-23 13:59 - 00659456 _____ () C:\Users\NANNERGTO\Downloads

\MicrosoftFixit50530.msi
2014-11-23 13:57 - 2014-11-23 13:57 - 00000511 _____ () C:\Users\NANNERGTO\Desktop

\show desktop - Shortcut.lnk
2014-11-23 13:54 - 2014-11-23 13:56 - 00000077 _____ () C:\Users\NANNERGTO\Desktop

\show desktop.scf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 08:31 - 2011-11-20 20:05 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-23 08:28 - 2009-07-14 00:13 - 00926976 _____ () C:\windows

\system32\PerfStringBackup.INI
2014-12-23 08:25 - 2011-09-04 03:54 - 01645668 _____ () C:\windows\WindowsUpdate.log
2014-12-22 20:36 - 2013-01-18 22:12 - 00000900 _____ () C:\windows\Tasks

\GoogleUpdateTaskMachineCore.job
2014-12-22 18:04 - 2012-01-29 05:15 - 01119232 ___SH () C:\Users\NANNERGTO\Desktop

\Thumbs.db
2014-12-22 18:00 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 18:00 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 16:38 - 2011-09-04 04:44 - 00000000 ____D () C:\Program Files (x86)\Dell

DataSafe Local Backup
2014-12-22 16:37 - 2014-11-11 16:56 - 00003304 _____ () C:\windows\setupact.log
2014-12-22 16:37 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-20 00:27 - 2012-03-01 23:58 - 00001425 _____ () C:\Users\NANNERGTO\AppData

\Roaming\Microsoft\Windows\Start Menu\Install Windows.lnk
2014-12-19 13:48 - 2011-09-04 07:57 - 00000000 ____D () C:\Dell
2014-12-19 13:41 - 2011-12-11 14:14 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Local\Apps\2.0
2014-12-14 07:39 - 2014-09-25 21:07 - 00000000 ____D () C:\Users\NANNERGTO\Documents

\Visual Studio 2005
2014-12-14 07:39 - 2013-09-06 17:34 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Local\Microsoft Help
2014-12-14 07:26 - 2012-01-29 12:47 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Roaming\dvdcss
2014-12-14 00:12 - 2014-09-25 22:20 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Roaming\DAEMON Tools Lite
2014-12-13 23:29 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-13 17:31 - 2011-12-24 16:27 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Roaming\vlc
2014-12-13 02:03 - 2011-09-04 04:30 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-12 23:30 - 2011-11-22 00:37 - 00000000 ____D () C:\Users\NANNERGTO\AppData

\Roaming\uTorrent
2014-12-11 18:09 - 2013-12-17 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla

Maintenance Service
2014-12-11 18:05 - 2014-11-15 00:57 - 00004078 _____ () C:\windows\PFRO.log
2014-12-11 18:02 - 2014-05-07 21:26 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-11 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-11 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-11 17:46 - 2013-09-06 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 17:41 - 2013-12-15 04:08 - 00000000 ____D () C:\windows\system32\MRT
2014-12-11 17:36 - 2013-01-18 22:12 - 00000904 _____ () C:\windows\Tasks

\GoogleUpdateTaskMachineUA.job
2014-12-11 17:28 - 2011-11-20 18:12 - 112710672 _____ (Microsoft Corporation) C:

\windows\system32\MRT.exe
2014-12-11 17:20 - 2012-05-20 12:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash

Player Updater.job
2014-11-27 13:14 - 2012-05-20 12:50 - 00701104 _____ (Adobe Systems Incorporated) C:

\windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 13:14 - 2012-02-09 22:58 - 00071344 _____ (Adobe Systems Incorporated) C:

\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 15:04 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:

\windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\NANNERGTO\AppData\Local\Temp\Quarantine.exe
C:\Users\NANNERGTO\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,241 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 AM

Posted 24 December 2014 - 10:20 AM

removed

nasdaq

Edited by nasdaq, 24 December 2014 - 10:23 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,241 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 AM

Posted 24 December 2014 - 10:22 AM

Hi,

Please run the Farbar tool as an Administrator and post a fresh log.

Before you run the tool open Notepad and remove the Wordwrap.
It's under the Format menu. This will remove the additional blank lines in your log.

#8 NANNER

NANNER
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 24 December 2014 - 10:39 AM

new FRST log

 

  Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by NANNERGTO (ATTENTION: The logged in user is not administrator) on NANNERGTO on 23-12-2014 09:35:13
Running from C:\Users\NANNERGTO\Downloads
Loaded Profile: NANNERGTO (Available profiles: NANNERGTO)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link Tray Agent.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [596320 2014-07-29] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe [1960008 2013-09-28] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-06-14] (Samsung Electronics)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Run: [DellSystemDetect] => C:\Users\NANNERGTO\AppData\Local\Apps\2.0\V3KJ06JG.V6C\N3MWLOLM.YK1\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-19] (Dell)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_239_Plugin.exe [855216 2014-11-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Policies\Explorer: []
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\MountPoints2: {8c283d6a-8386-11e4-b0a0-18037380b1b9} - F:\setup.exe
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\MountPoints2: {9fe29a8a-4456-11e4-95fd-18037380b1b9} - E:\setup.exe
IFEO\accuweather.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe extension manager cs5.5.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobeworkgrouphelper.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\devicecentral.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\extendscript toolkit.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\imageready.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\kies3.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\stage_primary.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\switchboard.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\wsplayer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\NANNERGTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DelWinLiveGenAcct - Shortcut.lnk
ShortcutTarget: DelWinLiveGenAcct - Shortcut.lnk -> C:\Users\NANNERGTO\Desktop\DelWinLiveGenAcct.cmd ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-261891553-3558682979-1933133282-1000] =>
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=13892&tm=473&src=ds&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Autocopy - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} [2014-10-26]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-13]
FF Extension: Image Zoom - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-12-13]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2014-12-13]
FF Extension: YouTube High Definition - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-12-13]
FF Extension: Adblock Plus - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-26]
FF Extension: Open With Photoshop - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}.xpi [2014-12-13]
FF Extension: Adblock Edge - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-13]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2014-06-28]

Chrome:
=======
CHR Profile: C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-18]
CHR Extension: (Google Drive) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-18]
CHR Extension: (YouTube) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-18]
CHR Extension: (Google Search) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-18]
CHR Extension: (Google Wallet) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (No Name) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\oahepomnpijmejhllnialnkhnadmcjdp [2013-12-13]
CHR Extension: (Gmail) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-18]
CHR HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\NANNERGTO\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [Not Found]
CHR HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Chrome\Extension: [oahepomnpijmejhllnialnkhnadmcjdp] - C:\Users\NANNERGTO\AppData\Local\CRE\oahepomnpijmejhllnialnkhnadmcjdp.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx [2014-06-28]
CHR HKLM-x32\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\NANNERGTO\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fcbabdgdkjjdgbejjfclhfeacjodcdgb] - C:\ProgramData\Zoomex\fcbabdgdkjjdgbejjfclhfeacjodcdgb.crx [2012-12-09]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
CHR HKLM-x32\...\Chrome\Extension: [oahepomnpijmejhllnialnkhnadmcjdp] - C:\Users\NANNERGTO\AppData\Local\CRE\oahepomnpijmejhllnialnkhnadmcjdp.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MSSQL$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [604512 2014-07-29] (Copyright 2013 SAMSUNG)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-09-25] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148664 2014-02-13] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [36664 2014-02-13] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [30008 2014-02-13] (AVG)
S2 4b46e14a; "C:\windows\system32\rundll32.exe" "c:\progra~2\ss-sup~1\AssistantSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-25] (Disc Soft Ltd)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [144648 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [126216 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [123656 2007-04-24] (MCCI Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-05-30] (Wondershare)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 08:33 - 2014-12-23 08:34 - 00021582 _____ () C:\Users\NANNERGTO\Downloads\Addition.txt
2014-12-23 08:32 - 2014-12-23 09:35 - 00027173 _____ () C:\Users\NANNERGTO\Downloads\FRST.txt
2014-12-23 08:32 - 2014-12-23 09:35 - 00000000 ___DC () C:\FRST
2014-12-23 08:31 - 2014-12-23 08:31 - 02122240 _____ (Farbar) C:\Users\NANNERGTO\Downloads\FRST64.exe
2014-12-22 16:18 - 2014-12-22 16:18 - 00688992 _____ (Swearware) C:\Users\NANNERGTO\Downloads\dds(1).com
2014-12-22 15:57 - 2014-12-22 15:57 - 24743106 _____ () C:\Users\NANNERGTO\Downloads\vlc-2.1.5-win32(2).exe
2014-12-19 13:48 - 2014-12-19 13:48 - 30806440 _____ () C:\Users\NANNERGTO\Downloads\R308434.exe
2014-12-19 13:42 - 2014-12-19 13:42 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-12-19 13:41 - 2014-12-19 13:54 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Local\Deployment
2014-12-19 13:41 - 2014-12-19 13:41 - 00417064 _____ () C:\Users\NANNERGTO\Downloads\DellSystemDetect.exe
2014-12-19 11:59 - 2014-12-19 11:59 - 00000000 ____H () C:\Users\NANNERGTO\Documents\Default.rdp
2014-12-16 22:07 - 2014-12-16 22:07 - 00688992 _____ (Swearware) C:\Users\NANNERGTO\Downloads\dds.com
2014-12-16 22:00 - 2014-12-16 22:00 - 02026456 _____ () C:\Users\NANNERGTO\Downloads\dixmlsetup.exe
2014-12-16 21:59 - 2014-12-16 21:59 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\NANNERGTO\Downloads\cbSetup.exe
2014-12-16 20:33 - 2014-12-16 20:33 - 00000115 _____ () C:\Users\NANNERGTO\Desktop\admin.txt
2014-12-16 20:06 - 2014-12-16 20:06 - 16448208 _____ (Malwarebytes Corp.) C:\Users\NANNERGTO\Downloads\mbar-1.08.2.1001.exe
2014-12-16 20:06 - 2014-12-16 20:06 - 00000000 ____D () C:\Users\NANNERGTO\Desktop\mbar
2014-12-16 19:00 - 2014-12-16 19:00 - 00401920 _____ (Farbar) C:\Users\NANNERGTO\Downloads\MiniToolBox(1).exe
2014-12-16 18:58 - 2014-12-16 18:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\NANNERGTO\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-16 18:53 - 2014-12-16 19:02 - 00034588 _____ () C:\Users\NANNERGTO\Downloads\Result.txt
2014-12-16 18:52 - 2014-12-16 18:52 - 00401920 _____ (Farbar) C:\Users\NANNERGTO\Downloads\MiniToolBox.exe
2014-12-16 18:51 - 2014-12-16 18:51 - 00003130 _____ () C:\Users\NANNERGTO\Downloads\FSS.txt
2014-12-16 18:50 - 2014-12-16 18:50 - 00415232 _____ (Farbar) C:\Users\NANNERGTO\Downloads\FSS.exe
2014-12-16 18:48 - 2014-12-16 18:48 - 00852505 _____ () C:\Users\NANNERGTO\Downloads\SecurityCheck.exe
2014-12-16 18:35 - 2014-12-16 18:35 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\NANNERGTO\Downloads\rkill(1).exe
2014-12-16 18:34 - 2014-12-16 18:34 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\NANNERGTO\Downloads\avg_remover_stf_x64_2012_2125.exe
2014-12-16 18:28 - 2014-12-16 18:28 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-12-16 18:27 - 2014-12-16 18:27 - 01402880 _____ () C:\Users\NANNERGTO\Downloads\HiJackThis.msi
2014-12-16 18:26 - 2014-12-16 18:26 - 20821720 _____ (SUPERAntiSpyware) C:\Users\NANNERGTO\Downloads\SUPERAntiSpyware.exe
2014-12-16 18:25 - 2014-12-16 18:25 - 09817304 _____ () C:\Users\NANNERGTO\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-12-16 18:25 - 2014-12-16 18:25 - 01678013 _____ () C:\Users\NANNERGTO\Downloads\pc-decrapifier-2.3.1.exe
2014-12-16 18:22 - 2014-12-16 18:24 - 233663808 _____ (Emsisoft GmbH ) C:\Users\NANNERGTO\Downloads\EmsisoftAntiMalwareSetup.exe
2014-12-16 18:20 - 2014-12-16 18:20 - 00000000 ____D () C:\Users\NANNERGTO\Desktop\data
2014-12-16 18:20 - 2014-06-19 12:17 - 00414720 _____ () C:\Users\NANNERGTO\Desktop\GiveMePower.exe
2014-12-16 18:20 - 2014-06-19 12:17 - 00038400 _____ () C:\Users\NANNERGTO\Desktop\GiveMePower.pdb
2014-12-16 18:18 - 2014-12-16 18:18 - 00332171 _____ () C:\Users\NANNERGTO\Downloads\GiveMePower-v2.0.exe
2014-12-16 18:18 - 2014-06-19 12:17 - 00414720 _____ () C:\Users\NANNERGTO\Downloads\GiveMePower.exe
2014-12-16 18:18 - 2014-06-19 12:17 - 00038400 _____ () C:\Users\NANNERGTO\Downloads\GiveMePower.pdb
2014-12-16 18:17 - 2014-12-16 18:17 - 03699664 _____ (Zemana Ltd. ) C:\Users\NANNERGTO\Downloads\AntiLoggerFree_Setup.exe
2014-12-16 18:16 - 2014-12-16 18:16 - 03443632 _____ () C:\Users\NANNERGTO\Downloads\tweaking.com_simple_system_tweaker_setup.exe
2014-12-16 18:08 - 2014-12-16 18:08 - 00000000 ____D () C:\Users\NANNERGTO\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-12-16 17:58 - 2014-12-16 17:58 - 02373650 _____ (The EasyUEFI Development Team. ) C:\Users\NANNERGTO\Downloads\WinToUSB_Setup_1.6.exe
2014-12-16 17:47 - 2014-12-16 17:47 - 02721168 _____ (Microsoft Corporation) C:\Users\NANNERGTO\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2014-12-16 17:47 - 2014-12-16 17:47 - 00002543 _____ () C:\Users\NANNERGTO\Desktop\Windows 7 USB DVD Download Tool.lnk
2014-12-16 17:47 - 2014-12-16 17:47 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2014-12-16 17:47 - 2014-12-16 17:47 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-12-16 16:48 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-16 16:48 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-14 20:49 - 2014-12-14 20:49 - 00006127 _____ () C:\Users\NANNERGTO\Desktop\JRT.txt
2014-12-14 20:43 - 2014-12-14 20:43 - 01707646 _____ (Thisisu) C:\Users\NANNERGTO\Downloads\JRT.exe
2014-12-14 20:31 - 2014-12-14 20:36 - 00000000 ___DC () C:\AdwCleaner
2014-12-14 20:30 - 2014-12-14 20:30 - 02166272 _____ () C:\Users\NANNERGTO\Downloads\AdwCleaner.exe
2014-12-14 20:27 - 2014-12-16 18:36 - 00001666 _____ () C:\Users\NANNERGTO\Desktop\Rkill.txt
2014-12-14 20:27 - 2014-12-14 20:27 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\NANNERGTO\Downloads\rkill.exe
2014-12-14 20:21 - 2014-12-14 20:21 - 00448512 _____ (OldTimer Tools) C:\Users\NANNERGTO\Downloads\TFC.exe
2014-12-14 18:49 - 2014-03-27 10:24 - 00000000 ____D () C:\Users\NANNERGTO\Desktop\WinSetupFromUSB-1-4
2014-12-14 18:47 - 2014-12-14 18:47 - 23462809 _____ (Igor Pavlov) C:\Users\NANNERGTO\Downloads\WinSetupFromUSB-1-4.exe
2014-12-14 18:47 - 2014-03-27 10:24 - 00000000 ____D () C:\Users\NANNERGTO\Downloads\WinSetupFromUSB-1-4
2014-12-14 18:40 - 2014-12-14 18:40 - 00640424 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\NANNERGTO\Downloads\rufus-1.4.12.exe
2014-12-14 17:59 - 2014-12-14 18:37 - 3320903680 ____N () C:\Users\NANNERGTO\Downloads\X17-58997.iso
2014-12-14 17:18 - 2014-12-14 17:19 - 00000000 ____D () C:\Users\NANNERGTO\Desktop\hold my stuff
2014-12-14 17:02 - 2014-04-19 06:01 - 01037824 _____ () C:\Users\NANNERGTO\Desktop\WiNToBootic.exe
2014-12-14 07:52 - 2014-12-14 07:52 - 00061064 _____ () C:\Users\NANNERGTO\Downloads\winxpvirtualcdcontrolpanel_21.exe
2014-12-14 07:24 - 2014-12-14 07:24 - 06213933 _____ () C:\Users\NANNERGTO\Downloads\DeepBurnerPro.exe
2014-12-14 07:10 - 2014-12-14 07:12 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-12-14 07:05 - 2014-12-14 07:05 - 00624614 _____ (ISOImageBurner.com ) C:\Users\NANNERGTO\Downloads\iso_image_burner_setup.exe
2014-12-14 07:03 - 2014-12-14 07:03 - 00624614 _____ (ISOImageBurner.com ) C:\Users\NANNERGTO\Desktop\iso_image_burner_setup.exe
2014-12-13 19:59 - 2014-12-13 19:59 - 24743106 _____ () C:\Users\NANNERGTO\Downloads\vlc-2.1.5-win32(1).exe
2014-12-13 18:58 - 2014-12-13 18:58 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-12-12 23:33 - 2014-12-12 23:33 - 00001920 _____ () C:\Users\NANNERGTO\Desktop\cc_20141212_223345 #2.reg
2014-12-12 23:32 - 2014-12-12 23:33 - 00011566 _____ () C:\Users\NANNERGTO\Desktop\cc_20141212_223218.reg
2014-12-12 23:18 - 2014-12-12 23:18 - 05600944 _____ (Swearware) C:\Users\NANNERGTO\Downloads\ComboFix.exe
2014-12-12 16:58 - 2014-12-12 16:58 - 24743106 _____ () C:\Users\NANNERGTO\Downloads\vlc-2.1.5-win32.exe
2014-12-11 20:38 - 2014-12-11 20:38 - 00000000 __SHD () C:\Users\NANNERGTO\AppData\Local\EmieBrowserModeList
2014-12-11 19:37 - 2014-12-11 19:37 - 00000073 _____ () C:\Users\NANNERGTO\Desktop\DelWinLiveGenAcct.cmd
2014-12-11 18:02 - 2014-12-11 18:02 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-11 17:25 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-11 17:25 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 22:43 - 2014-12-10 22:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 22:00 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 22:00 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 22:00 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 22:00 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 22:00 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 22:00 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 22:00 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 22:00 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-10 21:59 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 21:59 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 21:59 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 21:59 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 21:59 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 21:59 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 21:59 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 21:59 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 21:59 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 21:59 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 21:59 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 21:59 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 21:59 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 21:59 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 21:59 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 21:59 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 21:59 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 21:59 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 21:59 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 21:59 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 21:59 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 21:59 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 21:59 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 21:59 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 21:59 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 21:59 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 21:59 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 21:59 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 21:59 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 21:59 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 21:59 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 21:59 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 21:59 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 21:59 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 21:58 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 21:58 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 21:58 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 21:58 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 21:58 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 21:58 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 21:58 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 21:58 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 21:58 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 21:58 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 21:58 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 21:58 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 21:58 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 21:58 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 21:58 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 21:58 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 21:58 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 21:58 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 21:58 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 21:58 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 21:58 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 21:58 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 21:58 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 21:57 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 21:57 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 21:57 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 21:57 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 21:57 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 21:57 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 21:57 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 21:57 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 21:57 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 21:57 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 21:57 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 21:57 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 21:56 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 21:56 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 21:31 - 2014-12-10 21:31 - 00000326 _____ () C:\windows\Tasks\1214aviUpdateInfo.job
2014-12-10 21:31 - 2014-12-10 21:31 - 00000000 ____D () C:\ProgramData\Avg_Update_1214avi
2014-12-06 16:53 - 2014-12-06 17:01 - 00000000 ____D () C:\AVG_Remover
2014-12-06 16:53 - 2014-12-06 16:53 - 01779224 _____ ( ) C:\Users\NANNERGTO\Downloads\AVG_Remover.exe
2014-12-06 16:53 - 2014-12-06 16:53 - 00000057 _____ () C:\Users\NANNERGTO\Downloads\avgremover.log
2014-12-06 16:52 - 2014-12-06 16:53 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\NANNERGTO\Downloads\avg_remover_stf_x64_2015_5501.exe
2014-12-06 16:31 - 2014-12-06 16:31 - 00000000 _____ () C:\Users\NANNERGTO\Downloads\TuneUp%202014%20Alternative%20Activator.rar.exe
2014-12-06 16:30 - 2014-12-06 16:30 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Local\qb0D3BC7.A6
2014-12-06 16:30 - 2013-12-07 20:33 - 00000106 _____ () C:\Users\NANNERGTO\Desktop\On HAX.url
2014-12-06 16:29 - 2014-12-06 16:29 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Local\qb0C530F.21
2014-12-06 16:28 - 2014-12-06 16:28 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Local\qb0AE34C.05
2014-12-04 17:39 - 2014-12-04 17:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-04 17:37 - 2014-12-04 17:37 - 11222744 _____ (SurfRight B.V.) C:\Users\NANNERGTO\Downloads\HitmanPro_x64.exe
2014-12-04 17:37 - 2014-12-04 17:37 - 02347384 _____ (ESET) C:\Users\NANNERGTO\Downloads\esetsmartinstaller_enu.exe
2014-12-04 17:35 - 2014-12-04 17:35 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\NANNERGTO\Downloads\tdsskiller.exe
2014-12-04 17:33 - 2014-12-04 17:34 - 125231864 _____ (Microsoft Corporation) C:\Users\NANNERGTO\Downloads\msert.exe
2014-12-03 18:11 - 2014-12-03 18:12 - 00000000 ____D () C:\Users\NANNERGTO\Desktop\New folder (2)
2014-12-03 18:10 - 2014-12-03 18:10 - 00000705 _____ () C:\Users\NANNERGTO\Desktop\iSunshare Windows 7 Password Genius Trial.lnk
2014-12-03 18:10 - 2014-12-03 18:10 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iSunshare Windows 7 Password Genius Trial
2014-12-03 18:07 - 2014-12-03 18:07 - 29233786 _____ () C:\Users\NANNERGTO\Downloads\isunshare-windows-7-password-genius.exe
2014-12-02 17:45 - 2014-12-02 17:45 - 10691640 _____ (VS Revo Group ) C:\Users\NANNERGTO\Downloads\RevoUninProSetup.exe
2014-12-02 17:39 - 2014-12-02 17:39 - 01210360 _____ ( ) C:\Users\NANNERGTO\Downloads\TuneUp_Remover.exe
2014-11-27 13:14 - 2014-11-27 13:14 - 04443312 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-23 14:06 - 2014-11-23 14:06 - 00000511 _____ () C:\Users\NANNERGTO\Desktop\show desktop - Shortcut (2).lnk
2014-11-23 13:59 - 2014-11-23 13:59 - 00659456 _____ () C:\Users\NANNERGTO\Downloads\MicrosoftFixit50530.msi
2014-11-23 13:57 - 2014-11-23 13:57 - 00000511 _____ () C:\Users\NANNERGTO\Desktop\show desktop - Shortcut.lnk
2014-11-23 13:54 - 2014-11-23 13:56 - 00000077 _____ () C:\Users\NANNERGTO\Desktop\show desktop.scf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 09:04 - 2011-11-20 20:05 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-23 08:28 - 2009-07-14 00:13 - 00926976 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-23 08:25 - 2011-09-04 03:54 - 01645668 _____ () C:\windows\WindowsUpdate.log
2014-12-22 20:36 - 2013-01-18 22:12 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 18:04 - 2012-01-29 05:15 - 01119232 ___SH () C:\Users\NANNERGTO\Desktop\Thumbs.db
2014-12-22 18:00 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 18:00 - 2009-07-13 23:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 16:38 - 2011-09-04 04:44 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-22 16:37 - 2014-11-11 16:56 - 00003304 _____ () C:\windows\setupact.log
2014-12-22 16:37 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-20 00:27 - 2012-03-01 23:58 - 00001425 _____ () C:\Users\NANNERGTO\AppData\Roaming\Microsoft\Windows\Start Menu\Install Windows.lnk
2014-12-19 13:48 - 2011-09-04 07:57 - 00000000 ____D () C:\Dell
2014-12-19 13:41 - 2011-12-11 14:14 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Local\Apps\2.0
2014-12-14 07:39 - 2014-09-25 21:07 - 00000000 ____D () C:\Users\NANNERGTO\Documents\Visual Studio 2005
2014-12-14 07:39 - 2013-09-06 17:34 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Local\Microsoft Help
2014-12-14 07:26 - 2012-01-29 12:47 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Roaming\dvdcss
2014-12-14 00:12 - 2014-09-25 22:20 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Roaming\DAEMON Tools Lite
2014-12-13 23:29 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-13 17:31 - 2011-12-24 16:27 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Roaming\vlc
2014-12-13 02:03 - 2011-09-04 04:30 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-12 23:30 - 2011-11-22 00:37 - 00000000 ____D () C:\Users\NANNERGTO\AppData\Roaming\uTorrent
2014-12-11 18:09 - 2013-12-17 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 18:05 - 2014-11-15 00:57 - 00004078 _____ () C:\windows\PFRO.log
2014-12-11 18:02 - 2014-05-07 21:26 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-11 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-11 18:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-11 17:46 - 2013-09-06 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 17:41 - 2013-12-15 04:08 - 00000000 ____D () C:\windows\system32\MRT
2014-12-11 17:36 - 2013-01-18 22:12 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 17:28 - 2011-11-20 18:12 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-11 17:20 - 2012-05-20 12:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-27 13:14 - 2012-05-20 12:50 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 13:14 - 2012-02-09 22:58 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 15:04 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\NANNERGTO\AppData\Local\Temp\Quarantine.exe
C:\Users\NANNERGTO\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,241 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 AM

Posted 24 December 2014 - 11:22 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Policies\Explorer: []
IFEO\accuweather.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe extension manager cs5.5.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobeworkgrouphelper.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\devicecentral.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\extendscript toolkit.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\imageready.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\kies3.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\stage_primary.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\switchboard.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\wsplayer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-261891553-3558682979-1933133282-1000] =>
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=13892&tm=473&src=ds&p={searchTerms}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Autocopy - C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\NANNERGTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\NANNERGTO\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [Not Found]
CHR HKU\S-1-5-21-261891553-3558682979-1933133282-1000\...\Chrome\Extension: [oahepomnpijmejhllnialnkhnadmcjdp] - C:\Users\NANNERGTO\AppData\Local\CRE\oahepomnpijmejhllnialnkhnadmcjdp.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\NANNERGTO\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fcbabdgdkjjdgbejjfclhfeacjodcdgb] - C:\ProgramData\Zoomex\fcbabdgdkjjdgbejjfclhfeacjodcdgb.crx [2012-12-09]
CHR HKLM-x32\...\Chrome\Extension: [oahepomnpijmejhllnialnkhnadmcjdp] - C:\Users\NANNERGTO\AppData\Local\CRE\oahepomnpijmejhllnialnkhnadmcjdp.crx [Not Found]
S2 4b46e14a; "C:\windows\system32\rundll32.exe" "c:\progra~2\ss-sup~1\AssistantSvc.dll",service
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
C:\Users\NANNERGTO\AppData\Roaming\Mozilla\Firefox\Profiles\cnqj4i6f.default-1414379921456\Extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
C:\ProgramData\Zoomex
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#10 NANNER

NANNER
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 24 December 2014 - 12:55 PM

I copied the above and then saved it as fixlist.txt and saved it in the same folder as FRST. As i was running FRST and clicked FIX it was running for a little bit and then My AVG popped up and showed a screen to ALLOW or DENY. When I clicked ALLOW it said I needed to be signed in as admin, and can't make any changes in my AVG.

 

I restarted the computer to try again to get a screenshot of the message, and now it wont allow me to run FRST.exe now. a screen comes up and says:

 

Windows Security    The files can't be opened

Your Internet security settings prevented one or more file from being opened. When I click show details its shows

 

C:\Users\NANNERGTO\Downloads\FRST64.exe

 

SO pretty much any program i try to open now shows the same message for that program. I tried to open Paint.exe to show the screenshot, but same message. I did get one screenshot, before this was happening. cant attach since its too big

 

Attached File  windows security 1.jpg   35.25KB   0 downloads

 

 

 

 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,241 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 AM

Posted 24 December 2014 - 01:55 PM

Avast must have quarantined the file.

If you cannot find it download it again.
If AVG blocks it make sure you tell AVG that it's OK.

Place the File in the FRST folder this time.
The Fixlist.txt must already be in that folder.
Run the Fix with the tool.

#12 NANNER

NANNER
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 24 December 2014 - 02:21 PM

I tried downloading the FRST64.exe file again and get the same windows security screen (screen shot attached in previous reply). I tried to open up internet explorer and all my security settings are blank. There is no option to view or choose a zone  (Local Intranet, Trusted Sites, or Restricted sites )or security setting. The security level for this zone slider can move but level name , level description is shown but no changes. Also I get the windows security screen if i try to open AVG now, and does not open.

 

At the bottom of the internet properties screen it has an exclamation point and then says : Some <A>settings</A> are managed by your system.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,241 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 AM

Posted 25 December 2014 - 08:45 AM

Try to Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

If that fails downlload and run this tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

#14 NANNER

NANNER
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 25 December 2014 - 05:31 PM

No that didnt work. I cant open my internt explorer or mozilla firefox to download combofix. It gives me the windiws security screen. I cant open the files. Im now sending this from my phone since its the only way i can communicate back and forth for now. I tried to repair my computer but it tells me i have a bad corrupt restore file. When i try to do a dell factory reset it tells me the same thing. Tries booting in safe mode. No luck there. So its looking kind of bad right now. No dice!!

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,241 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 AM

Posted 26 December 2014 - 07:57 AM

Can you download this tool some how.

Using a good computer and downloading it to a flash drive would be ideal.
Copy the file to the desktop of the problem computer and run it from there.

If you do have access to a good computer download the other tools also and copy them to the desktop also.
Post any log you can get.

ttLR1ki.jpg
  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users