Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG detecting corrupted executable file


  • This topic is locked This topic is locked
7 replies to this topic

#1 buckybear

buckybear

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 29 April 2015 - 09:16 AM

Hello.

 

So in the past day or two my AVG scan has started detecting a "corrupted executable file." It calls for a restart and says the issue has been secured, but typically another scan and it will detect it once more. It has been the same file. Yesterday, it also picked up what it calls an "Archive Bomb" and it secured that as well, but but it has not detected any more of those.

 

I have not been any noticeable errors on my computer, no slowness or strange pop ups as far as symptoms go. I used MalwareBytes (as I do regularly) and it has not detected anything malicious. Nor did the Windows Malicious Software tool And this morning when AVG did it's regular start up scan it did not detect anything, but I just want to ensure that my computer is genuinely clean of whatever I may have picked up.   

 

I've attached a screenshot of the detection from AVG, as well as the required logs. I have Windows 7 (the 64 bit version), as well as a recovery disk and backups should that be necessary.  

 

 

Many, many thanks in advance!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Victoria (administrator) on VLM-PC on 29-04-2015 00:37:13
Running from C:\Users\Victoria\Desktop
Loaded Profiles: Victoria (Available profiles: Victoria & Do all Homework)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(Spotify Ltd) C:\Users\Victoria\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Funai Electric. Co., LTD.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\nacl64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-353864902-1297983359-1388567871-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-353864902-1297983359-1388567871-1001\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\Victoria\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=3e7c77a40a1d47d087f1c1f60eee4617-4c002cb6d46d14bfd3ce6b3b6726f38ccdca8835 /CMPID=1113a
HKU\S-1-5-21-353864902-1297983359-1388567871-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-353864902-1297983359-1388567871-1001\...\Run: [Spotify Web Helper] => C:\Users\Victoria\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-24] (Spotify Ltd)
HKU\S-1-5-21-353864902-1297983359-1388567871-1001\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wi-Fi MediaConnect.lnk [2014-12-28]
ShortcutTarget: Wi-Fi MediaConnect.lnk -> C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Funai Electric. Co., LTD.)
Startup: C:\Users\Do all Homework\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-12-14]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-10-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-353864902-1297983359-1388567871-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-353864902-1297983359-1388567871-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-353864902-1297983359-1388567871-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-353864902-1297983359-1388567871-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-353864902-1297983359-1388567871-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2009-05-11] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-353864902-1297983359-1388567871-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Victoria\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-353864902-1297983359-1388567871-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://beautifulwar.jcink.net/", "https://www.tumblr.com/dashboard"
CHR Profile: C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-11]
CHR Extension: (Google Search) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-11]
CHR Extension: (Bookmark Manager) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (HeapNote Student) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpkjlfphbilckljgefidcggjagliide [2013-03-05]
CHR Extension: (Google Wallet) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Gmail) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-13] (NVIDIA Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows ® Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-07] (Windows ® Win 7 DDK provider)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
S3 PTDLBus; C:\Windows\System32\DRIVERS\PTDLBus.sys [66304 2008-07-20] (DEVGURU Co,LTD.)
S3 PTDLMdm; C:\Windows\System32\DRIVERS\PTDLMdm.sys [70784 2008-07-20] (DEVGURU Co,LTD.)
S3 PTDLVsp; C:\Windows\System32\DRIVERS\PTDLVsp.sys [66688 2008-07-20] (DEVGURU Co,LTD.)
S3 PTDLWWAN; C:\Windows\System32\DRIVERS\PTDLWWAN.sys [84480 2008-07-20] (DEVGURU Co,LTD.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-11] (Duplex Secure Ltd.)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-29 00:37 - 2015-04-29 00:37 - 00024066 _____ () C:\Users\Victoria\Desktop\FRST.txt
2015-04-29 00:36 - 2015-04-29 00:37 - 00000000 ____D () C:\FRST
2015-04-29 00:36 - 2015-04-29 00:36 - 02100736 _____ (Farbar) C:\Users\Victoria\Desktop\FRST64.exe
2015-04-18 20:09 - 2015-04-28 23:30 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-04-14 20:23 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 20:23 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 20:23 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 20:23 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 20:23 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 20:23 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 20:23 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 20:23 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 20:23 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 20:23 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 20:23 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 20:23 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 20:23 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 20:23 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 20:23 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 20:23 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 20:23 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 20:23 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 20:23 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 20:23 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 20:23 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 20:23 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 20:23 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 20:23 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 20:23 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 20:23 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 20:23 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 20:23 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 20:23 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 20:23 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 20:23 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 20:23 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 20:23 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 20:23 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 20:23 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 20:23 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 20:23 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 20:23 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 20:23 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 20:23 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 20:23 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 20:23 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 20:23 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 20:23 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 20:23 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 20:23 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 20:23 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 20:23 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 20:23 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 20:23 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 20:23 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 20:23 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 20:23 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 20:23 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 20:23 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 20:23 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 20:23 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 20:23 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 20:21 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 20:21 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 20:21 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 20:21 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 20:21 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 20:21 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 20:21 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 20:21 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 20:21 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 20:21 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 20:21 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 20:21 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 20:21 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 20:21 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 20:21 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 20:21 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 20:20 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 20:20 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 20:20 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 20:20 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 20:20 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 20:20 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 20:20 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 20:20 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 20:20 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 20:20 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 20:20 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 20:20 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 20:20 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 20:20 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 20:20 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 20:20 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 20:20 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 20:20 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 20:20 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 20:20 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 20:20 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 20:20 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 20:20 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 20:20 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 20:20 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 20:20 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 20:20 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 20:20 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 20:20 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 20:20 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 20:20 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 20:20 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 20:20 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 20:20 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 20:20 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 20:20 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 20:20 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 20:20 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 20:20 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 20:20 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 20:20 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 20:20 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 20:20 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 20:20 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 20:20 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 20:20 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 20:20 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 20:20 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 20:20 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 20:20 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 20:20 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 20:20 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 20:20 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 20:18 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 20:13 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 20:13 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 20:13 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-04 15:29 - 2015-04-05 00:03 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 15:29 - 2015-04-04 15:29 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-29 00:32 - 2015-01-30 20:45 - 00000000 ___RD () C:\Users\Victoria\Desktop\work
2015-04-29 00:28 - 2012-02-18 02:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 00:16 - 2013-12-22 21:16 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {AFB48AD7-892C-401C-B878-1E896865AA3E}.job
2015-04-29 00:16 - 2013-12-22 21:16 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {AFB48AD7-892C-401C-B878-1E896865AA3E}.job
2015-04-29 00:13 - 2014-04-22 00:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-29 00:07 - 2012-11-29 16:08 - 00007605 _____ () C:\Users\Victoria\AppData\Local\Resmon.ResmonCfg
2015-04-29 00:01 - 2012-11-24 13:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-28 23:40 - 2013-02-25 20:15 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BBDFBB5E-0784-4CC8-A6E4-C998FF739FD3}
2015-04-28 23:37 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 23:37 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 23:32 - 2012-05-18 20:36 - 01246826 _____ () C:\Windows\WindowsUpdate.log
2015-04-28 23:29 - 2015-01-24 23:31 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-28 23:29 - 2013-03-19 14:02 - 00000380 _____ () C:\Users\Victoria\AppData\Roaming\sp_data.sys
2015-04-28 23:29 - 2012-05-18 20:46 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-04-28 23:29 - 2012-02-18 02:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 23:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-28 23:29 - 2009-07-13 23:51 - 00177890 _____ () C:\Windows\setupact.log
2015-04-28 22:30 - 2014-09-29 19:23 - 00032790 _____ () C:\Users\Victoria\Desktop\CHECK REGISTER.xlsx
2015-04-28 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-28 22:15 - 2012-10-11 19:51 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-27 22:47 - 2014-11-02 21:47 - 00000000 ____D () C:\ProgramData\AVG2015
2015-04-25 23:02 - 2012-10-12 08:36 - 00000000 ____D () C:\Users\Victoria\AppData\Local\VirtualStore
2015-04-25 23:00 - 2013-12-23 20:35 - 00000000 ____D () C:\Users\Victoria\AppData\Roaming\Epson
2015-04-25 00:56 - 2012-10-11 20:28 - 00000000 ____D () C:\Users\Victoria\AppData\Local\Spotify
2015-04-25 00:52 - 2012-10-11 20:28 - 00000000 ____D () C:\Users\Victoria\AppData\Roaming\Spotify
2015-04-22 22:53 - 2014-04-13 13:11 - 00000000 ____D () C:\Users\Victoria\Desktop\making things
2015-04-21 19:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-20 16:16 - 2012-05-18 20:46 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-04-18 20:07 - 2012-02-18 02:15 - 00961372 _____ () C:\Windows\PFRO.log
2015-04-15 20:33 - 2014-12-10 22:30 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 20:33 - 2014-05-06 20:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 20:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-14 22:43 - 2012-10-11 20:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 22:42 - 2012-02-18 02:36 - 00775084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 22:42 - 2009-07-14 00:13 - 00775084 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 22:41 - 2013-07-25 23:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 21:02 - 2012-11-24 13:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 21:02 - 2012-11-24 13:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 21:02 - 2012-11-24 13:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 20:57 - 2012-10-12 18:05 - 00001456 _____ () C:\Users\Victoria\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-04-08 00:01 - 2012-11-19 21:26 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2015-04-05 13:38 - 2015-03-26 23:02 - 00000000 ____D () C:\Users\Victoria\Desktop\things and stuff
2015-04-05 12:53 - 2012-10-11 20:28 - 00001808 _____ () C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-01 11:16 - 2012-10-13 14:53 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-31 22:49 - 2014-03-31 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
 
==================== Files in the root of some directories =======
 
2015-02-04 20:22 - 2015-02-04 20:23 - 6103040 _____ () C:\Program Files (x86)\GUT10.tmp
2013-08-25 01:58 - 2013-08-25 01:58 - 0000132 _____ () C:\Users\Victoria\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-10-09 00:59 - 2015-03-23 19:02 - 0000132 _____ () C:\Users\Victoria\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-03-19 14:02 - 2015-04-28 23:29 - 0000380 _____ () C:\Users\Victoria\AppData\Roaming\sp_data.sys
2012-10-12 18:05 - 2015-04-14 20:57 - 0001456 _____ () C:\Users\Victoria\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-10-15 23:00 - 2014-05-30 01:24 - 0006144 _____ () C:\Users\Victoria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-29 16:08 - 2015-04-29 00:07 - 0007605 _____ () C:\Users\Victoria\AppData\Local\Resmon.ResmonCfg
2012-10-14 12:23 - 2012-10-14 12:23 - 0000252 _____ () C:\ProgramData\FastPics.log
2013-05-03 19:08 - 2013-12-22 21:01 - 0000907 _____ () C:\ProgramData\lxdu.log
2013-12-14 20:21 - 2013-12-14 20:23 - 0000248 _____ () C:\ProgramData\lxduDiagnostics.log
2012-10-28 12:00 - 2012-10-28 12:00 - 0004408 _____ () C:\ProgramData\lxduJSW.log
2013-12-05 01:18 - 2013-12-05 01:18 - 0893046 _____ () C:\ProgramData\SPL5EF.tmp
2013-12-14 20:03 - 2013-12-14 20:03 - 1694589 _____ () C:\ProgramData\SPL61BE.tmp
2013-03-13 17:20 - 2013-03-13 17:20 - 21286072 _____ () C:\ProgramData\SPLAF51.tmp
2013-12-14 19:56 - 2013-12-14 19:56 - 2086786 _____ () C:\ProgramData\SPLC310.tmp
2012-10-28 21:08 - 2012-10-28 21:08 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2012-05-18 20:56 - 2012-05-18 20:56 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-18 20:55 - 2012-05-18 20:56 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-18 20:55 - 2012-05-18 20:55 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-21 19:07
 
==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 03 May 2015 - 08:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


QuickShare (HKLM-x32\...\{CF56E507-A96E-4973-B7FB-E49542AE5875}) (Version: 1.148.60.12560 - Linkury Inc.) <==== ATTENTION
Parasite, detected by Bitdefender antivirus as Adware.Linkury.B
I suggest you remove it using the Add/Remove Programs applet.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-353864902-1297983359-1388567871-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#3 buckybear

buckybear
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 03 May 2015 - 12:56 PM

Thank you so much for you help!

 

Here is the fix log: 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2015
Ran by Victoria at 2015-05-03 12:49:15 Run:1
Running from C:\Users\Victoria\Desktop
Loaded Profiles: Victoria (Available profiles: Victoria & Do all Homework)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-353864902-1297983359-1388567871-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
End
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-353864902-1297983359-1388567871-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
McAfee SiteAdvisor Service => Service deleted successfully.
catchme => Service deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:49:15 ====
 
 
 
As far as the Quickshare goes, I actually got help here removing that awhile back. It still shows up in the add/remove program area though, but tells me there is nothing left to remove when I click on it? I think it might just be the icon left, not sure though.  


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 03 May 2015 - 01:51 PM

I can give you a fix if you want to remove them.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
==

Repeat the search for this key.

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninst‌​all /sub


Post the results.

How is the computer running now?

#5 buckybear

buckybear
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 03 May 2015 - 05:14 PM

Computer is running fine. No subsequent detections have been found in either AVG, or MalwareBytes at this point. 

 

 

here is the first log you requested though:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:10 on 03/05/2015 by Victoria
Administrator - Elevation successful
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal]
(Unable to open key - key not found)
 
-= EOF =-
 
And the second:
 
SystemLook 30.07.11 by jpshortstuff
Log created at 17:12 on 03/05/2015 by Victoria
Administrator - Elevation successful
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninst‌​all]
(Unable to open key - key not found)
 
-= EOF =-
 
 

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 04 May 2015 - 06:41 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 buckybear

buckybear
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 04 May 2015 - 10:38 PM

everything seems good. Thank you so much for your help! I appreciate it. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 05 May 2015 - 07:35 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users