Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome is hidden on machine


  • Please log in to reply
6 replies to this topic

#1 joetink

joetink

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 13 February 2015 - 07:28 PM

Hello all,

 

I posted a topic yesterday because my machine keeps telling me google chrome, which I don't have installed, is running and I have to force close it at times (particularly when I run Ccleaner or any other 'cleaner' app).  The original topic, which included diagnostic logs, can be located here: http://www.bleepingcomputer.com/forums/t/566576/virus-that-says-i-have-google-chrome-running/#entry3624334.  At the request of the moderator, I've started a new topic to find out the root of the hidden chrome problem.  I've used ad-aware and malwarebytes to try to remedy the problem, but it persists.  I cannot see chrome ever running in task manager.  Below are the logs from the FRST scan, and the addition log is attached.  Any help is appreciated!  Thank you!

-Joe

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Joe Tink (administrator) on JOETINK-PC on 13-02-2015 19:20:02
Running from C:\Users\Joe Tink\Downloads\Antivirus stuff
Loaded Profiles: Joe Tink (Available profiles: Joe Tink)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\PreSonus\UniversalControl\Universal Control.exe
(Line 6, Inc.) C:\Program Files (x86)\Line6\POD HD500 Edit\POD HD500 Edit.exe
(Cakewalk, Inc.) C:\Program Files (x86)\Cakewalk\SONAR X1 Producer\SONARPDR.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-555985796-3256097970-2052031181-1000\...\Run: [Universal Control] => [X]
HKU\S-1-5-21-555985796-3256097970-2052031181-1000\...\MountPoints2: {12f35f10-0080-11e3-a435-c0675cf15b25} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-555985796-3256097970-2052031181-1000\...\MountPoints2: {20d196c0-5965-11e1-8e07-feda3e99603a} - F:\setup.exe -a
HKU\S-1-5-21-555985796-3256097970-2052031181-1000\...\MountPoints2: {6cf24862-c227-11e1-b05e-8f37a600c440} - J:\setup.exe -a
HKU\S-1-5-21-555985796-3256097970-2052031181-1000\...\MountPoints2: {7d25b0d9-fa56-11e3-9518-b49faf101426} - F:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-555985796-3256097970-2052031181-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-555985796-3256097970-2052031181-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Joe Tink\AppData\Roaming\Mozilla\Firefox\Profiles\ber4nt17.default-1386110689713
FF DefaultSearchEngine: Ad-Aware SecureSearch
FF SearchEngineOrder.3: Bing
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-12]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Joe Tink\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Joe Tink\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-07]
CHR Extension: (Google Search) - C:\Users\Joe Tink\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [1364392 2015-01-23] (Lavasoft Limited)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-01-12] (Ninja Soft Inc.)
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-01-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-11] (DT Soft Ltd)
R3 L6PODHD5; C:\Windows\System32\Drivers\L6PODHD564.sys [772864 2013-09-23] (Line 6)
S3 MAFW; C:\Windows\System32\DRIVERS\mafw.sys [235312 2012-01-24] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 PaeFireStudio; C:\Windows\System32\Drivers\PaeFireStudio.sys [226720 2013-09-06] (PreSonus Audio Electronics)
R3 PaeFireStudioAudio; C:\Windows\System32\drivers\PaeFireStudioAudio.sys [47392 2013-09-06] (PreSonus Audio Electronics)
R3 PaeFireStudioMidi; C:\Windows\System32\drivers\PaeFireStudioMidi.sys [36256 2013-09-06] (PreSonus Audio Electronics)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 18:30 - 2015-02-11 18:30 - 00000000 __SHD () C:\found.002
2015-02-11 17:43 - 2015-02-11 17:43 - 00602610 _____ () C:\Users\Joe Tink\Downloads\VK_logo (2).eps
2015-02-11 17:27 - 2015-02-11 17:27 - 00602610 _____ () C:\Users\Joe Tink\Downloads\VK_logo (1).eps
2015-02-11 17:14 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 17:14 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 17:14 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 17:14 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 17:10 - 2015-02-13 18:31 - 00000616 _____ () C:\Windows\setupact.log
2015-02-11 17:10 - 2015-02-11 17:10 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-11 05:44 - 2015-02-11 05:44 - 00166913 _____ () C:\Users\Joe Tink\Downloads\5B0E.tmp
2015-02-10 22:01 - 2015-02-10 22:02 - 02187006 _____ () C:\Users\Joe Tink\Downloads\ter_1500200483GameCen680F29F2D52FC9259C49DFB783CD6157.apk.crdownload
2015-02-10 22:01 - 2015-02-10 22:02 - 01944064 _____ () C:\Users\Joe Tink\Downloads\ter_1500336590GameCen469EE5CEED42DFB6B670949814DBA8A9.apk.crdownload
2015-02-10 20:12 - 2015-02-10 20:13 - 00602610 _____ () C:\Users\Joe Tink\Downloads\VK_logo.eps
2015-02-10 19:17 - 2015-02-10 19:17 - 00112419 _____ () C:\Users\Joe Tink\Downloads\VK_logo.psd
2015-02-10 19:10 - 2015-02-10 19:11 - 10294488 _____ (Microsoft Corporation) C:\Users\Joe Tink\Downloads\Unconfirmed 830983.crdownload
2015-02-10 19:05 - 2015-02-13 19:20 - 00000000 ____D () C:\Users\Joe Tink\Downloads\Antivirus stuff
2015-02-10 19:00 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 19:00 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 19:00 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 19:00 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 19:00 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 19:00 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 19:00 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 19:00 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 19:00 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 19:00 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 19:00 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 19:00 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 19:00 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 19:00 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 19:00 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 19:00 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 19:00 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:00 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 19:00 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 19:00 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:00 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 19:00 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 19:00 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 19:00 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 19:00 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 19:00 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 19:00 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 19:00 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 19:00 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 19:00 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 19:00 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 19:00 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 19:00 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 19:00 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 19:00 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 19:00 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 19:00 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 19:00 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 19:00 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 19:00 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 19:00 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 19:00 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 19:00 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 19:00 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 19:00 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 19:00 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 19:00 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 19:00 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 19:00 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 19:00 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 19:00 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 19:00 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 18:58 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 18:58 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 18:57 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 18:57 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 18:57 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 18:57 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 18:57 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 18:57 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 18:57 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 18:57 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 18:57 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 18:57 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 18:57 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 18:57 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 18:57 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 18:57 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 18:57 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 18:57 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 18:57 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 18:57 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 18:57 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 18:57 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 18:57 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 18:57 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 18:57 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 18:57 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 18:57 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 18:57 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 18:57 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 18:57 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 18:57 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 18:57 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 18:57 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 18:57 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-10 18:57 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-10 18:57 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-10 18:56 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 18:27 - 2015-02-10 18:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-10 17:49 - 2015-02-10 17:49 - 00037293 _____ () C:\Users\Joe Tink\Downloads\Addition.txt
2015-02-10 17:48 - 2015-02-10 17:49 - 00034457 _____ () C:\Users\Joe Tink\Downloads\FRST.txt
2015-02-10 17:47 - 2015-02-13 19:20 - 00000000 ____D () C:\FRST
2015-02-10 17:44 - 2015-02-10 17:44 - 00000000 _____ () C:\Users\Joe Tink\Downloads\forumdisplay.php
2015-02-09 20:39 - 2015-02-10 18:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 20:39 - 2015-02-09 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 20:38 - 2015-02-09 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 20:38 - 2015-02-09 20:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 20:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 20:38 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 20:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-09 20:01 - 2015-02-09 20:01 - 00000000 ____D () C:\Users\Joe Tink\AppData\Local\Lavasoft
2015-02-09 20:00 - 2015-02-09 20:00 - 00005104 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-02-09 20:00 - 2015-02-09 20:00 - 00002800 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-02-09 20:00 - 2015-02-09 20:00 - 00002800 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-09 20:00 - 2015-01-23 06:39 - 00378832 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-02-09 20:00 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-02-09 19:59 - 2015-02-09 19:59 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-02-09 19:58 - 2015-02-09 20:27 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\Lavasoft
2015-02-09 19:57 - 2015-02-09 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-09 19:54 - 2015-02-09 19:54 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-09 19:51 - 2015-02-09 19:51 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\LavasoftStatistics
2015-02-09 19:50 - 2015-02-09 19:50 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-02-09 19:47 - 2015-02-09 19:58 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-09 09:33 - 2015-02-09 09:33 - 00000000 ____D () C:\Users\Joe Tink\.cache
2015-02-09 09:17 - 2015-02-09 09:20 - 00000000 ____D () C:\Users\Joe Tink\AppData\Local\Ninja Loader
2015-02-09 09:17 - 2015-02-09 09:17 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-02-09 09:17 - 2015-02-09 09:17 - 00000000 ____D () C:\Program Files (x86)\Ninja Loader
2015-02-09 09:13 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
2015-02-09 09:13 - 2005-07-14 12:31 - 00032256 ___SH () C:\Windows\SysWOW64\AVSredirect.dll
2015-02-09 09:13 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2015-02-09 09:13 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2015-02-09 09:13 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2015-02-09 09:11 - 2015-02-09 09:11 - 00000000 ____D () C:\Users\Joe Tink\Documents\eRightSoft
2015-02-09 09:11 - 2004-10-10 08:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2015-02-09 09:11 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2015-02-09 09:10 - 2015-02-10 17:37 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2015-02-08 14:54 - 2015-02-11 03:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-08 12:35 - 2015-02-08 15:11 - 00000000 ____D () C:\Users\Joe Tink\Downloads\Cakewalk SONAR X3d Producer Edition UNLOCKED - CHAOS [deepstatus][h33t][1337x]
2015-02-08 12:34 - 2015-02-08 12:49 - 00000000 ____D () C:\Users\Joe Tink\Downloads\Waves All Plugins Bundle v9r21
2015-02-04 18:51 - 2015-02-04 18:51 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-01 09:41 - 2015-02-01 09:41 - 00035905 _____ () C:\Users\Joe Tink\Downloads\robert_palmer-addicted_to_love.mid
2015-02-01 09:37 - 2015-02-01 09:37 - 00037925 _____ () C:\Users\Joe Tink\Downloads\summerbreeze.mid
2015-01-30 18:46 - 2015-01-30 18:46 - 00000000 ____D () C:\Users\Joe Tink\Documents\Presonus
2015-01-30 17:58 - 2015-01-30 17:58 - 00001051 _____ () C:\Users\Joe Tink\Desktop\PreSonus Universal Control.lnk
2015-01-30 17:58 - 2015-01-30 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PreSonus
2015-01-30 17:58 - 2015-01-30 17:58 - 00000000 ____D () C:\Program Files\PreSonus
2015-01-30 17:58 - 2013-09-06 23:16 - 00226720 _____ (PreSonus Audio Electronics) C:\Windows\system32\Drivers\PaeFireStudio.sys
2015-01-30 17:58 - 2013-09-06 23:16 - 00047392 _____ (PreSonus Audio Electronics) C:\Windows\system32\Drivers\PaeFireStudioAudio.sys
2015-01-30 17:58 - 2013-09-06 23:16 - 00036256 _____ (PreSonus Audio Electronics) C:\Windows\system32\Drivers\PaeFireStudioMidi.sys
2015-01-30 17:58 - 2013-09-06 18:53 - 00112128 _____ (PreSonus Audio Electronics) C:\Windows\system32\PaeFireStudioAsio.dll
2015-01-30 17:58 - 2013-09-06 18:53 - 00100352 _____ (PreSonus Audio Electronics) C:\Windows\SysWOW64\PaeFireStudioAsio.dll
2015-01-30 17:57 - 2015-01-30 17:57 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\FireControlSettings
2015-01-30 13:03 - 2015-01-30 13:03 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\PreSonus
2015-01-27 15:30 - 2015-01-27 15:30 - 00000000 __SHD () C:\Users\Joe Tink\AppData\Local\EmieBrowserModeList
2015-01-26 17:40 - 2015-01-26 17:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 07:27 - 2015-01-21 07:27 - 00042194 _____ () C:\Users\Joe Tink\Downloads\Wishing_Well.mid
2015-01-14 03:23 - 2015-02-10 07:24 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 19:18 - 2013-03-02 18:11 - 00623104 ___SH () C:\Users\Joe Tink\Downloads\Thumbs.db
2015-02-13 18:40 - 2013-01-04 17:47 - 01824516 _____ () C:\Windows\WindowsUpdate.log
2015-02-13 18:32 - 2012-02-11 21:11 - 00000032 _____ () C:\Windows\msocreg32.dat
2015-02-13 05:03 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 05:03 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 18:32 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 17:24 - 2012-02-11 18:30 - 00000000 ____D () C:\Users\Joe Tink\AppData\Local\VirtualStore
2015-02-11 07:09 - 2012-02-12 07:38 - 00000000 ____D () C:\Users\Joe Tink\AppData\Local\CrashDumps
2015-02-11 05:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 03:23 - 2009-07-13 23:45 - 00269152 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 03:04 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:02 - 2012-03-12 05:22 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 19:06 - 2011-07-25 05:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-10 18:33 - 2013-03-25 18:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 18:31 - 2014-08-30 10:29 - 00000000 ____D () C:\AdwCleaner
2015-02-10 17:37 - 2012-02-11 21:40 - 00000000 ____D () C:\Program Files (x86)\Toontrack
2015-02-10 17:35 - 2014-05-18 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontrack
2015-02-10 07:25 - 2013-03-25 18:41 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-10 07:23 - 2012-05-27 17:48 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\uTorrent
2015-02-10 07:06 - 2012-07-18 18:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-10 07:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-02-09 20:50 - 2012-02-16 17:49 - 00000000 ____D () C:\Users\Joe Tink\AppData\Local\Adobe
2015-02-09 10:59 - 2012-11-08 20:57 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\Winamp
2015-02-09 10:21 - 2012-02-11 21:11 - 00000000 ____D () C:\Program Files (x86)\Cakewalk
2015-02-09 10:21 - 2012-02-11 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2015-02-09 10:21 - 2012-02-11 20:58 - 00000000 ____D () C:\ProgramData\Cakewalk
2015-02-09 10:18 - 2012-06-16 15:48 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\Dropbox
2015-02-09 10:16 - 2014-11-12 16:45 - 00000082 _____ () C:\Windows\SysWOW64\winsevr.dat
2015-02-09 09:33 - 2012-02-11 18:29 - 00000000 ____D () C:\Users\Joe Tink
2015-02-08 16:37 - 2009-07-14 00:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 16:35 - 2012-06-16 15:50 - 00000000 ___RD () C:\Users\Joe Tink\Dropbox
2015-02-08 15:17 - 2012-02-11 21:02 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\Cakewalk
2015-02-08 14:57 - 2012-02-11 20:58 - 00000000 ____D () C:\Cakewalk Projects
2015-02-08 14:54 - 2012-04-21 20:22 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\vlc
2015-02-08 14:53 - 2012-04-01 11:51 - 00000000 ____D () C:\Cakewalk Content
2015-02-04 18:51 - 2013-03-25 18:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 18:51 - 2011-07-25 05:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 12:46 - 2012-04-26 16:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-20 17:37 - 2014-11-05 18:46 - 00000000 ____D () C:\Users\Joe Tink\Downloads\Unleashed in Japan 2013
2015-01-16 21:50 - 2013-08-21 11:14 - 00364032 ___SH () C:\Users\Joe Tink\Desktop\Thumbs.db

==================== Files in the root of some directories =======

2014-07-01 16:16 - 2014-07-01 16:16 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-04-21 19:18 - 2014-11-20 20:25 - 0027136 _____ () C:\Users\Joe Tink\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-18 11:41 - 2014-11-18 11:41 - 0007775 _____ () C:\Users\Joe Tink\AppData\Local\recently-used.xbel
2012-02-16 06:30 - 2012-02-16 06:30 - 0000017 _____ () C:\Users\Joe Tink\AppData\Local\resmon.resmoncfg
2012-02-12 07:49 - 2012-02-12 07:49 - 0000004 _____ () C:\ProgramData\sysid100.dat

Files to move or delete:
====================
C:\ProgramData\sysid100.dat


Some content of TEMP:
====================
C:\Users\Joe Tink\AppData\Local\Temp\d343bf33-e2e8-43cd-b77e-b6b29209c599.exe
C:\Users\Joe Tink\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7jrs2r.dll
C:\Users\Joe Tink\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Joe Tink\AppData\Local\Temp\Quarantine.exe
C:\Users\Joe Tink\AppData\Local\Temp\SpOrder.dll
C:\Users\Joe Tink\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 00:06

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:17 PM

Posted 15 February 2015 - 02:29 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 joetink

joetink
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 15 February 2015 - 04:29 PM

Here is the ADW log, but please note I have a new symptom.  I have several "VK_logo.eps" files in my download folder, as well as several instances of "Yandex-Images-2015-02-11", which is a picture. 

 

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 16:24:22
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Joe Tink - JOETINK-PC
# Running from : C:\Users\Joe Tink\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [7366 bytes] - [30/08/2014 10:29:50]
AdwCleaner[R1].txt - [5052 bytes] - [10/02/2015 18:15:17]
AdwCleaner[R2].txt - [3978 bytes] - [10/02/2015 18:30:48]
AdwCleaner[R3].txt - [1080 bytes] - [15/02/2015 16:23:06]
AdwCleaner[S0].txt - [4118 bytes] - [10/02/2015 18:31:45]
AdwCleaner[S1].txt - [1010 bytes] - [15/02/2015 16:24:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1069  bytes] ##########
 



#4 joetink

joetink
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 15 February 2015 - 04:41 PM

Here is the scan from Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/15/2015
Scan Time: 4:30:53 PM
Logfile: scan.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.15.05
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joe Tink

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342878
Time Elapsed: 9 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#5 joetink

joetink
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 15 February 2015 - 04:46 PM

Here is the log from JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Joe Tink on Sun 02/15/2015 at 16:42:16.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Joe Tink\AppData\Roaming\mozilla\firefox\profiles\ber4nt17.default-1386110689713\prefs.js

user_pref("browser.search.defaultenginename", "Ad-Aware SecureSearch");
Emptied folder: C:\Users\Joe Tink\AppData\Roaming\mozilla\firefox\profiles\ber4nt17.default-1386110689713\minidumps [49 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/15/2015 at 16:45:40.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 joetink

joetink
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 15 February 2015 - 04:47 PM

Below is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Joe Tink (administrator) on JOETINK-PC on 15-02-2015 16:46:46
Running from C:\Users\Joe Tink\Downloads\Antivirus stuff
Loaded Profiles: Joe Tink (Available profiles: Joe Tink)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(The Chromium Authors) C:\Users\Joe Tink\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Joe Tink\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Joe Tink\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Joe Tink\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Joe Tink\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Joe Tink\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Joe Tink\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Joe Tink\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\avast.setup


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-555985796-3256097970-2052031181-1000\...\Run: [Universal Control] => [X]
HKU\S-1-5-21-555985796-3256097970-2052031181-1000\...\MountPoints2: {12f35f10-0080-11e3-a435-c0675cf15b25} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-555985796-3256097970-2052031181-1000\...\MountPoints2: {20d196c0-5965-11e1-8e07-feda3e99603a} - F:\setup.exe -a
HKU\S-1-5-21-555985796-3256097970-2052031181-1000\...\MountPoints2: {6cf24862-c227-11e1-b05e-8f37a600c440} - J:\setup.exe -a
HKU\S-1-5-21-555985796-3256097970-2052031181-1000\...\MountPoints2: {7d25b0d9-fa56-11e3-9518-b49faf101426} - F:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-555985796-3256097970-2052031181-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-555985796-3256097970-2052031181-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Joe Tink\AppData\Roaming\Mozilla\Firefox\Profiles\ber4nt17.default-1386110689713
FF SearchEngineOrder.3: Bing
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-12]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Joe Tink\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Joe Tink\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-07]
CHR Extension: (Google Search) - C:\Users\Joe Tink\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [1364392 2015-01-23] (Lavasoft Limited)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-01-12] (Ninja Soft Inc.)
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-01-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-11] (DT Soft Ltd)
S3 L6PODHD5; C:\Windows\System32\Drivers\L6PODHD564.sys [772864 2013-09-23] (Line 6)
S3 MAFW; C:\Windows\System32\DRIVERS\mafw.sys [235312 2012-01-24] (Avid Technology, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 PaeFireStudio; C:\Windows\System32\Drivers\PaeFireStudio.sys [226720 2013-09-06] (PreSonus Audio Electronics)
R3 PaeFireStudioAudio; C:\Windows\System32\drivers\PaeFireStudioAudio.sys [47392 2013-09-06] (PreSonus Audio Electronics)
R3 PaeFireStudioMidi; C:\Windows\System32\drivers\PaeFireStudioMidi.sys [36256 2013-09-06] (PreSonus Audio Electronics)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 16:45 - 2015-02-15 16:45 - 00001000 _____ () C:\Users\Joe Tink\Desktop\JRT.txt
2015-02-15 16:20 - 2015-02-15 16:21 - 02112512 _____ () C:\Users\Joe Tink\Downloads\AdwCleaner.exe
2015-02-11 18:30 - 2015-02-11 18:30 - 00000000 __SHD () C:\found.002
2015-02-11 17:43 - 2015-02-11 17:43 - 00602610 _____ () C:\Users\Joe Tink\Downloads\VK_logo (2).eps
2015-02-11 17:27 - 2015-02-11 17:27 - 00602610 _____ () C:\Users\Joe Tink\Downloads\VK_logo (1).eps
2015-02-11 17:14 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 17:14 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 17:14 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 17:14 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 17:10 - 2015-02-15 16:25 - 00000952 _____ () C:\Windows\setupact.log
2015-02-11 17:10 - 2015-02-11 17:10 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-11 05:44 - 2015-02-11 05:44 - 00166913 _____ () C:\Users\Joe Tink\Downloads\5B0E.tmp
2015-02-10 22:01 - 2015-02-10 22:02 - 02187006 _____ () C:\Users\Joe Tink\Downloads\ter_1500200483GameCen680F29F2D52FC9259C49DFB783CD6157.apk.crdownload
2015-02-10 22:01 - 2015-02-10 22:02 - 01944064 _____ () C:\Users\Joe Tink\Downloads\ter_1500336590GameCen469EE5CEED42DFB6B670949814DBA8A9.apk.crdownload
2015-02-10 20:12 - 2015-02-10 20:13 - 00602610 _____ () C:\Users\Joe Tink\Downloads\VK_logo.eps
2015-02-10 19:17 - 2015-02-10 19:17 - 00112419 _____ () C:\Users\Joe Tink\Downloads\VK_logo.psd
2015-02-10 19:10 - 2015-02-10 19:11 - 10294488 _____ (Microsoft Corporation) C:\Users\Joe Tink\Downloads\Unconfirmed 830983.crdownload
2015-02-10 19:05 - 2015-02-15 16:46 - 00000000 ____D () C:\Users\Joe Tink\Downloads\Antivirus stuff
2015-02-10 19:00 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 19:00 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 19:00 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 19:00 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 19:00 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 19:00 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 19:00 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 19:00 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 19:00 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 19:00 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 19:00 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 19:00 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 19:00 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 19:00 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 19:00 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 19:00 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 19:00 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:00 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 19:00 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 19:00 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:00 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 19:00 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 19:00 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 19:00 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 19:00 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 19:00 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 19:00 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 19:00 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 19:00 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 19:00 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 19:00 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 19:00 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 19:00 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 19:00 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 19:00 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 19:00 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 19:00 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 19:00 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 19:00 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 19:00 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 19:00 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 19:00 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 19:00 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 19:00 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 19:00 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 19:00 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 19:00 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 19:00 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 19:00 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 19:00 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 19:00 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 19:00 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 19:00 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 19:00 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 18:58 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 18:58 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 18:57 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 18:57 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 18:57 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 18:57 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 18:57 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 18:57 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 18:57 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 18:57 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 18:57 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 18:57 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 18:57 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 18:57 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 18:57 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 18:57 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 18:57 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 18:57 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 18:57 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 18:57 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 18:57 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 18:57 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 18:57 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 18:57 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 18:57 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 18:57 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 18:57 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 18:57 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 18:57 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 18:57 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 18:57 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 18:57 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 18:57 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 18:57 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-10 18:57 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-10 18:57 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-10 18:56 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 18:27 - 2015-02-10 18:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-10 17:49 - 2015-02-10 17:49 - 00037293 _____ () C:\Users\Joe Tink\Downloads\Addition.txt
2015-02-10 17:47 - 2015-02-15 16:46 - 00000000 ____D () C:\FRST
2015-02-10 17:44 - 2015-02-10 17:44 - 00000000 _____ () C:\Users\Joe Tink\Downloads\forumdisplay.php
2015-02-09 20:39 - 2015-02-15 16:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 20:39 - 2015-02-09 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 20:38 - 2015-02-09 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 20:38 - 2015-02-09 20:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 20:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 20:38 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 20:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-09 20:01 - 2015-02-09 20:01 - 00000000 ____D () C:\Users\Joe Tink\AppData\Local\Lavasoft
2015-02-09 20:00 - 2015-02-09 20:00 - 00005104 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-02-09 20:00 - 2015-02-09 20:00 - 00002800 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-02-09 20:00 - 2015-02-09 20:00 - 00002800 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-09 20:00 - 2015-01-23 06:39 - 00378832 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-02-09 20:00 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-02-09 19:59 - 2015-02-09 19:59 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-02-09 19:58 - 2015-02-09 20:27 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\Lavasoft
2015-02-09 19:57 - 2015-02-09 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-09 19:54 - 2015-02-09 19:54 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-09 19:51 - 2015-02-09 19:51 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\LavasoftStatistics
2015-02-09 19:50 - 2015-02-09 19:50 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-02-09 19:47 - 2015-02-09 19:58 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-09 09:33 - 2015-02-09 09:33 - 00000000 ____D () C:\Users\Joe Tink\.cache
2015-02-09 09:17 - 2015-02-09 09:20 - 00000000 ____D () C:\Users\Joe Tink\AppData\Local\Ninja Loader
2015-02-09 09:17 - 2015-02-09 09:17 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-02-09 09:17 - 2015-02-09 09:17 - 00000000 ____D () C:\Program Files (x86)\Ninja Loader
2015-02-09 09:13 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
2015-02-09 09:13 - 2005-07-14 12:31 - 00032256 ___SH () C:\Windows\SysWOW64\AVSredirect.dll
2015-02-09 09:13 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2015-02-09 09:13 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2015-02-09 09:13 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2015-02-09 09:11 - 2015-02-09 09:11 - 00000000 ____D () C:\Users\Joe Tink\Documents\eRightSoft
2015-02-09 09:11 - 2004-10-10 08:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2015-02-09 09:11 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2015-02-09 09:10 - 2015-02-10 17:37 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2015-02-08 14:54 - 2015-02-11 03:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-08 12:35 - 2015-02-08 15:11 - 00000000 ____D () C:\Users\Joe Tink\Downloads\Cakewalk SONAR X3d Producer Edition UNLOCKED - CHAOS [deepstatus][h33t][1337x]
2015-02-08 12:34 - 2015-02-08 12:49 - 00000000 ____D () C:\Users\Joe Tink\Downloads\Waves All Plugins Bundle v9r21
2015-02-04 18:51 - 2015-02-04 18:51 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-01 09:41 - 2015-02-01 09:41 - 00035905 _____ () C:\Users\Joe Tink\Downloads\robert_palmer-addicted_to_love.mid
2015-02-01 09:37 - 2015-02-01 09:37 - 00037925 _____ () C:\Users\Joe Tink\Downloads\summerbreeze.mid
2015-01-30 18:46 - 2015-01-30 18:46 - 00000000 ____D () C:\Users\Joe Tink\Documents\Presonus
2015-01-30 17:58 - 2015-01-30 17:58 - 00001051 _____ () C:\Users\Joe Tink\Desktop\PreSonus Universal Control.lnk
2015-01-30 17:58 - 2015-01-30 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PreSonus
2015-01-30 17:58 - 2015-01-30 17:58 - 00000000 ____D () C:\Program Files\PreSonus
2015-01-30 17:58 - 2013-09-06 23:16 - 00226720 _____ (PreSonus Audio Electronics) C:\Windows\system32\Drivers\PaeFireStudio.sys
2015-01-30 17:58 - 2013-09-06 23:16 - 00047392 _____ (PreSonus Audio Electronics) C:\Windows\system32\Drivers\PaeFireStudioAudio.sys
2015-01-30 17:58 - 2013-09-06 23:16 - 00036256 _____ (PreSonus Audio Electronics) C:\Windows\system32\Drivers\PaeFireStudioMidi.sys
2015-01-30 17:58 - 2013-09-06 18:53 - 00112128 _____ (PreSonus Audio Electronics) C:\Windows\system32\PaeFireStudioAsio.dll
2015-01-30 17:58 - 2013-09-06 18:53 - 00100352 _____ (PreSonus Audio Electronics) C:\Windows\SysWOW64\PaeFireStudioAsio.dll
2015-01-30 17:57 - 2015-01-30 17:57 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\FireControlSettings
2015-01-30 13:03 - 2015-01-30 13:03 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\PreSonus
2015-01-27 15:30 - 2015-01-27 15:30 - 00000000 __SHD () C:\Users\Joe Tink\AppData\Local\EmieBrowserModeList
2015-01-26 17:40 - 2015-01-26 17:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 07:27 - 2015-01-21 07:27 - 00042194 _____ () C:\Users\Joe Tink\Downloads\Wishing_Well.mid

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 16:46 - 2012-07-18 18:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-15 16:36 - 2013-01-04 17:47 - 01977845 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 16:33 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 16:33 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 16:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 16:24 - 2014-08-30 10:29 - 00000000 ____D () C:\AdwCleaner
2015-02-15 16:12 - 2012-02-11 21:11 - 00000032 _____ () C:\Windows\msocreg32.dat
2015-02-13 19:18 - 2013-03-02 18:11 - 00623104 ___SH () C:\Users\Joe Tink\Downloads\Thumbs.db
2015-02-11 17:24 - 2012-02-11 18:30 - 00000000 ____D () C:\Users\Joe Tink\AppData\Local\VirtualStore
2015-02-11 07:09 - 2012-02-12 07:38 - 00000000 ____D () C:\Users\Joe Tink\AppData\Local\CrashDumps
2015-02-11 05:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 03:23 - 2009-07-13 23:45 - 00269152 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 03:04 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:02 - 2012-03-12 05:22 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 19:06 - 2011-07-25 05:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-10 18:33 - 2013-03-25 18:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 17:37 - 2012-02-11 21:40 - 00000000 ____D () C:\Program Files (x86)\Toontrack
2015-02-10 17:35 - 2014-05-18 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontrack
2015-02-10 07:25 - 2013-03-25 18:41 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-10 07:24 - 2015-01-14 03:23 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-02-10 07:23 - 2012-05-27 17:48 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\uTorrent
2015-02-10 07:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-02-09 20:50 - 2012-02-16 17:49 - 00000000 ____D () C:\Users\Joe Tink\AppData\Local\Adobe
2015-02-09 10:59 - 2012-11-08 20:57 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\Winamp
2015-02-09 10:21 - 2012-02-11 21:11 - 00000000 ____D () C:\Program Files (x86)\Cakewalk
2015-02-09 10:21 - 2012-02-11 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2015-02-09 10:21 - 2012-02-11 20:58 - 00000000 ____D () C:\ProgramData\Cakewalk
2015-02-09 10:18 - 2012-06-16 15:48 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\Dropbox
2015-02-09 10:16 - 2014-11-12 16:45 - 00000082 _____ () C:\Windows\SysWOW64\winsevr.dat
2015-02-09 09:33 - 2012-02-11 18:29 - 00000000 ____D () C:\Users\Joe Tink
2015-02-08 16:37 - 2009-07-14 00:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 16:35 - 2012-06-16 15:50 - 00000000 ___RD () C:\Users\Joe Tink\Dropbox
2015-02-08 15:17 - 2012-02-11 21:02 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\Cakewalk
2015-02-08 14:57 - 2012-02-11 20:58 - 00000000 ____D () C:\Cakewalk Projects
2015-02-08 14:54 - 2012-04-21 20:22 - 00000000 ____D () C:\Users\Joe Tink\AppData\Roaming\vlc
2015-02-08 14:53 - 2012-04-01 11:51 - 00000000 ____D () C:\Cakewalk Content
2015-02-04 18:51 - 2013-03-25 18:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 18:51 - 2011-07-25 05:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 12:46 - 2012-04-26 16:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-20 17:37 - 2014-11-05 18:46 - 00000000 ____D () C:\Users\Joe Tink\Downloads\Unleashed in Japan 2013
2015-01-16 21:50 - 2013-08-21 11:14 - 00364032 ___SH () C:\Users\Joe Tink\Desktop\Thumbs.db

==================== Files in the root of some directories =======

2014-07-01 16:16 - 2014-07-01 16:16 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-04-21 19:18 - 2014-11-20 20:25 - 0027136 _____ () C:\Users\Joe Tink\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-18 11:41 - 2014-11-18 11:41 - 0007775 _____ () C:\Users\Joe Tink\AppData\Local\recently-used.xbel
2012-02-16 06:30 - 2012-02-16 06:30 - 0000017 _____ () C:\Users\Joe Tink\AppData\Local\resmon.resmoncfg
2012-02-12 07:49 - 2012-02-12 07:49 - 0000004 _____ () C:\ProgramData\sysid100.dat

Files to move or delete:
====================
C:\ProgramData\sysid100.dat


Some content of TEMP:
====================
C:\Users\Joe Tink\AppData\Local\Temp\d343bf33-e2e8-43cd-b77e-b6b29209c599.exe
C:\Users\Joe Tink\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7jrs2r.dll
C:\Users\Joe Tink\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Joe Tink\AppData\Local\Temp\Quarantine.exe
C:\Users\Joe Tink\AppData\Local\Temp\SpOrder.dll
C:\Users\Joe Tink\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 00:06

==================== End Of Log ============================



#7 joetink

joetink
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 18 February 2015 - 04:36 PM

Another newly noticed symptom is that in addition to the picture files that say "Yandex-Images-2015-02-11" and the file that is called "VK_logo.eps", there are also several files like "Unconfirmed 873043.crdownload", each with a differrent number set in my download folder. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users