Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect to Yahoo and Express Find Ads Popups


  • This topic is locked This topic is locked
12 replies to this topic

#1 sukaiz

sukaiz

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 19 May 2015 - 12:08 AM

Greetings all,

 

First off, just want to thank you all for what you do.

 

Now, my sister's notebook has a Yahoo redirect hijack on Chrome and Firefox. Also on certain pages, Express Find Ads pollute the screen.

 

Thanks for the help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Nub (administrator) on DANG06 on 19-05-2015 15:00:19
Running from C:\Users\Nub\Desktop
Loaded Profiles: Nub (Available profiles: Nub)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS PowerWiz\PowerWiz.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(SanDisk Corporation) C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NewSoft) C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [961184 2011-08-03] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [798880 2011-08-03] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-10-17] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-22] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-09] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [ChangeFilterMerit] => C:\Program Files (x86)\NewSoft\Presto! PVR\ChangeFilterMerit.exe [51280 2007-06-08] (NewSoft)
HKLM-x32\...\Run: [Presto! PVR Monitor] => C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe [157520 2009-11-26] (NewSoft)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695928 2009-08-19] (brother)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1351212739-674943970-396268751-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1351212739-674943970-396268751-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-02]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
CHR HKU\S-1-5-21-1351212739-674943970-396268751-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1351212739-674943970-396268751-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1351212739-674943970-396268751-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> OldSearch URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-11] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-08-03] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-11] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\31dlpynk.default-1431916177371
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Nub\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Nub\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (Google Drive) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (YouTube) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-18]
CHR Extension: (Google Search) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (Bookmark Manager) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-18]
CHR Extension: (Avast Online Security) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (Gmail) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-08-03] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [103584 2011-08-03] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-27] (Avast Software s.r.o.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-28] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [374784 2015-04-09] (SanDisk Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27056 2011-10-28] (ASUS Corporation) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-27] ()
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [98816 2010-12-31] (ASIX Electronics Corp.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69888 2011-10-17] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [174368 2010-01-22] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2010-01-22] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 15:00 - 2015-05-19 15:00 - 00024579 _____ () C:\Users\Nub\Desktop\FRST.txt
2015-05-19 14:59 - 2015-05-19 15:00 - 00000000 ____D () C:\FRST
2015-05-19 14:59 - 2015-05-19 14:59 - 02107392 _____ (Farbar) C:\Users\Nub\Desktop\FRST64.exe
2015-05-18 13:26 - 2015-05-18 13:26 - 00448512 _____ (OldTimer Tools) C:\Users\Nub\Downloads\TFC.exe
2015-05-18 12:38 - 2015-05-18 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-18 12:36 - 2015-05-18 12:36 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nub\Downloads\mbar-1.09.1.1004.exe
2015-05-18 12:34 - 2015-05-18 12:34 - 00852639 _____ () C:\Users\Nub\Downloads\SecurityCheck.exe
2015-05-18 12:31 - 2015-05-18 12:31 - 00000000 __SHD () C:\Users\Nub\AppData\Local\EmieBrowserModeList
2015-05-18 12:29 - 2015-05-19 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:29 - 2015-05-18 12:29 - 00000000 ____D () C:\Users\Nub\Desktop\Old Firefox Data
2015-05-17 21:48 - 2015-05-17 21:48 - 00034721 _____ () C:\ComboFix.txt
2015-05-17 21:09 - 2015-05-17 21:53 - 00000000 ____D () C:\Windows\erdnt
2015-05-17 21:04 - 2015-05-17 21:04 - 00002315 _____ () C:\Users\Nub\Downloads\software_removal_tool.log
2015-05-17 21:04 - 2015-05-17 21:04 - 00000198 _____ () C:\Users\Nub\Downloads\debug.log
2015-05-17 20:56 - 2015-05-17 21:01 - 00000000 ____D () C:\AdwCleaner
2015-05-17 20:55 - 2015-05-17 20:55 - 02209792 _____ () C:\Users\Nub\Downloads\adwcleaner_4.204.exe
2015-05-17 20:39 - 2015-05-19 08:09 - 00000336 _____ () C:\Windows\setupact.log
2015-05-17 20:39 - 2015-05-17 20:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-17 19:58 - 2015-05-17 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanDisk
2015-05-13 23:04 - 2015-05-01 23:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:04 - 2015-05-01 23:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:40 - 2015-05-19 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-13 22:40 - 2015-05-13 22:40 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-13 22:40 - 2015-05-13 22:40 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-13 22:37 - 2015-05-13 22:37 - 00243400 _____ () C:\Users\Nub\Downloads\Firefox Setup Stub 38.0.exe
2015-05-13 21:24 - 2015-05-13 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-13 18:38 - 2015-04-22 12:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 18:38 - 2015-04-22 11:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 18:38 - 2015-04-22 03:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 18:38 - 2015-04-22 03:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 18:38 - 2015-04-22 02:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 18:38 - 2015-04-22 02:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 18:38 - 2015-04-22 02:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 18:38 - 2015-04-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 18:38 - 2015-04-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 18:38 - 2015-04-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 18:38 - 2015-04-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 18:38 - 2015-04-22 02:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 18:38 - 2015-04-22 02:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 18:38 - 2015-04-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 18:38 - 2015-04-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 18:38 - 2015-04-22 02:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 18:38 - 2015-04-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 18:38 - 2015-04-22 02:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 18:38 - 2015-04-22 02:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 18:38 - 2015-04-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 18:38 - 2015-04-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 18:38 - 2015-04-22 02:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 18:38 - 2015-04-22 02:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 18:38 - 2015-04-22 02:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 18:38 - 2015-04-22 02:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 18:38 - 2015-04-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 18:38 - 2015-04-22 02:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 18:38 - 2015-04-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 18:38 - 2015-04-22 02:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 18:38 - 2015-04-22 02:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 18:38 - 2015-04-22 02:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 18:38 - 2015-04-22 02:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 18:38 - 2015-04-22 01:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 18:38 - 2015-04-22 01:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 18:38 - 2015-04-22 01:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 18:38 - 2015-04-22 01:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 18:38 - 2015-04-22 01:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 18:38 - 2015-04-22 01:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 18:38 - 2015-04-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 18:38 - 2015-04-22 01:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 18:38 - 2015-04-22 01:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 18:38 - 2015-04-22 01:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 18:38 - 2015-04-22 01:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 18:38 - 2015-04-22 01:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 18:38 - 2015-04-22 01:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 18:38 - 2015-04-22 01:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 18:38 - 2015-04-22 01:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 18:38 - 2015-04-22 01:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 18:38 - 2015-04-22 01:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 18:38 - 2015-04-22 01:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 18:38 - 2015-04-22 01:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 18:38 - 2015-04-22 01:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 18:38 - 2015-04-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 18:38 - 2015-04-22 01:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 18:38 - 2015-04-22 00:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 18:38 - 2015-04-22 00:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 18:37 - 2015-04-22 03:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 18:37 - 2015-04-22 02:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 18:37 - 2015-04-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 18:37 - 2015-04-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 18:33 - 2015-05-05 11:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 18:33 - 2015-05-05 11:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 18:33 - 2015-04-18 13:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 18:33 - 2015-04-18 12:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 18:29 - 2015-04-13 13:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 18:29 - 2015-03-04 14:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 18:29 - 2015-03-04 14:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 18:29 - 2015-03-04 14:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 18:29 - 2015-03-04 14:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 18:29 - 2015-03-04 14:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 18:29 - 2015-03-04 14:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 18:29 - 2015-03-04 14:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 18:28 - 2015-04-28 05:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 18:28 - 2015-04-28 05:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 18:28 - 2015-04-28 04:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 18:27 - 2015-04-28 05:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 18:27 - 2015-04-28 05:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 18:27 - 2015-04-28 05:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 18:27 - 2015-04-28 05:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 18:27 - 2015-04-28 05:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 18:27 - 2015-04-28 05:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 18:27 - 2015-04-28 05:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 18:27 - 2015-04-28 05:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 18:27 - 2015-04-28 05:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 18:27 - 2015-04-28 05:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 18:27 - 2015-04-28 05:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 18:27 - 2015-04-28 05:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 18:27 - 2015-04-28 05:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 18:27 - 2015-04-28 05:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 18:27 - 2015-04-28 05:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 18:27 - 2015-04-28 05:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 18:27 - 2015-04-28 05:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 18:27 - 2015-04-28 05:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 18:27 - 2015-04-28 05:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 18:27 - 2015-04-28 05:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 18:27 - 2015-04-28 05:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 18:27 - 2015-04-28 05:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 18:27 - 2015-04-28 05:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 18:27 - 2015-04-28 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 18:27 - 2015-04-28 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 03:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 18:27 - 2015-04-28 03:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 18:27 - 2015-04-28 03:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 03:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 18:26 - 2015-04-20 13:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 18:26 - 2015-04-20 13:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 18:26 - 2015-04-20 12:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 18:26 - 2015-04-20 12:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 18:26 - 2015-04-08 13:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 18:26 - 2015-04-08 13:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 18:25 - 2015-04-08 13:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 18:25 - 2015-01-29 13:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 18:25 - 2015-01-29 13:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 18:24 - 2015-02-18 17:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 18:24 - 2015-02-18 17:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-08 16:07 - 2015-05-08 16:07 - 00031753 _____ () C:\Users\Nub\Desktop\Turnitin Originality Report.html
2015-05-08 16:07 - 2015-05-08 16:07 - 00000000 ____D () C:\Users\Nub\Desktop\Turnitin Originality Report_files
2015-05-02 13:00 - 2015-05-02 13:01 - 14215760 _____ () C:\Users\Nub\Downloads\UPDATE.zip
2015-04-27 12:13 - 2015-04-27 12:13 - 00880208 _____ (Google Inc.) C:\Users\Nub\Downloads\ChromeSetup (3).exe
2015-04-27 12:09 - 2015-04-27 12:09 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-27 12:09 - 2015-04-27 12:09 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-21 15:16 - 2015-04-21 15:16 - 00880208 _____ (Google Inc.) C:\Users\Nub\Downloads\ChromeSetup (2).exe
2015-04-21 13:06 - 2015-04-21 13:06 - 00000973 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 14:47 - 2013-04-22 18:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-19 14:09 - 2013-05-20 20:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 14:07 - 2011-11-02 20:43 - 01529417 _____ () C:\Windows\WindowsUpdate.log
2015-05-19 09:08 - 2013-05-20 20:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 09:03 - 2013-05-20 20:49 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 09:03 - 2013-05-20 20:49 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 08:17 - 2009-07-14 14:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-19 08:17 - 2009-07-14 14:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-19 08:14 - 2009-07-14 15:13 - 00797890 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 08:10 - 2014-07-05 12:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-19 08:10 - 2011-12-25 10:56 - 00000000 ____D () C:\Users\Nub\Documents\Bluetooth Folder
2015-05-19 08:09 - 2011-12-25 10:55 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2015-05-19 08:09 - 2011-04-02 14:17 - 00806398 _____ () C:\Windows\PFRO.log
2015-05-19 08:09 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-18 13:27 - 2012-09-01 12:58 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-18 12:38 - 2014-04-10 13:12 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 12:37 - 2014-04-10 13:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-17 21:40 - 2009-07-14 12:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-17 20:42 - 2013-10-18 21:50 - 00000258 __RSH () C:\Users\Nub\ntuser.pol
2015-05-17 20:42 - 2011-12-25 10:55 - 00000000 ____D () C:\Users\Nub
2015-05-17 20:39 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\tracing
2015-05-17 20:12 - 2012-10-21 17:07 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-17 18:55 - 2014-04-10 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-17 18:55 - 2014-04-10 13:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-17 18:50 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-14 18:58 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 07:05 - 2013-04-21 22:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 06:40 - 2011-12-25 11:38 - 00000000 ____D () C:\Users\Nub\AppData\Local\Google
2015-05-14 06:39 - 2009-07-14 14:45 - 00412504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 06:36 - 2013-03-15 01:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 06:36 - 2013-03-15 01:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 06:36 - 2009-07-14 17:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 06:36 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 00:18 - 2012-01-03 00:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 00:14 - 2013-08-15 00:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:13 - 2011-12-25 11:39 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 23:04 - 2013-03-15 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 22:43 - 2009-07-29 16:03 - 00000000 ____D () C:\Windows\Panther
2015-05-13 21:40 - 2014-12-31 20:31 - 00000000 ____D () C:\Users\Nub\AppData\Roaming\uTorrent
2015-05-13 21:29 - 2014-09-25 12:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-13 18:01 - 2015-04-12 15:15 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-08 14:07 - 2013-05-20 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-04-27 12:09 - 2014-04-25 22:13 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-27 12:09 - 2013-12-27 22:36 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-27 12:09 - 2013-03-14 20:49 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-27 12:09 - 2013-03-14 20:49 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-27 12:09 - 2012-02-25 16:05 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-27 12:09 - 2011-12-25 22:30 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-27 12:09 - 2011-12-25 22:30 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-27 12:08 - 2011-12-25 22:30 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-21 14:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-21 13:48 - 2013-04-22 18:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-21 13:47 - 2013-04-21 22:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-21 13:47 - 2013-04-21 22:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-07-20 20:24 - 2013-07-20 20:24 - 0003584 _____ () C:\Users\Nub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 00:20

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:13 PM

Posted 19 May 2015 - 03:27 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    systemspecs;
    filesrcm;
    autoclean;
    emptyclsid;
    CHRdefaults; 
    FFdefaults;
    iedefaults;
    shortcutfix;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 sukaiz

sukaiz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 19 May 2015 - 07:46 PM

# AdwCleaner v4.204 - Logfile created 20/05/2015 at 09:45:34
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Nub - DANG06
# Running from : C:\Users\Nub\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Google Chrome v42.0.2311.152


*************************

AdwCleaner[R0].txt - [2300 bytes] - [17/05/2015 20:56:21]
AdwCleaner[R1].txt - [905 bytes] - [20/05/2015 09:44:44]
AdwCleaner[S0].txt - [2080 bytes] - [17/05/2015 21:01:21]
AdwCleaner[S1].txt - [831 bytes] - [20/05/2015 09:45:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [889  bytes] ##########

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/05/2015
Scan Time: 9:51:09 AM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.19.06
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nub

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383244
Time Elapsed: 13 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.PricePeep.A, C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Quarantined, [057de2b3ddadc1752870defa4db6a25e],
PUP.Optional.PricePeep.A, C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [f48e128397f3e353ebad4f8971928b75],
PUP.OptionalExpressFind..A, C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_expressfind-a.akamaihd.net_0.localstorage, Quarantined, [8bf797fe87035cda3f32cf0bbe45dc24],
PUP.OptionalExpressFind..A, C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_expressfind-a.akamaihd.net_0.localstorage-journal, Quarantined, [6c16573e5e2c90a63041eaf02bd87d83],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Nub on Wed 20/05/2015 at 10:10:31.27.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nub\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20/05/2015 10:14:54 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\Google deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Yahoo! deleted successfully
C:\Users\Nub\AppData\Roaming\uTorrent deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\31dlpynk.default-1431916177371\prefs.js:

Added to C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\31dlpynk.default-1431916177371\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~3\InstallMate deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\AI_RecycleBin deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3999 MB
CPU Info: Intel® Core™ i5-2557M CPU @ 1.70GHz
CPU Speed: 1723.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Atheros AR9485WB-EG Wireless Network Adapter
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C:  111.2GB
Hard Disks - Free: C:  5.1GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/08/11 | _ASUS_ - 6222004
Time Zone: AUS Eastern Standard Time
Motherboard *: ASUSTeK Computer Inc. UX31E
Country: Australia
Language: ENA

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 11.0.9600.17801
Mozilla Firefox version: 38.0.1 (x86 en-US)
Google Chrome version: 42.0.2311.152
Adobe Reader version: 11.0.11.18
Sun Java version: 1.8.0_45 (32-bit)
Sun Java version: 1.8.0_45 (64-bit)
Flash Player version: 17.0.0.169

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-04-27 02:09:01    2169B4B1EFAA3453A4DA732F1F94C1E1    43112    ----a-w-    C:\Windows\avastSS.scr
====== C:\Users\Nub\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-05-13 13:04:27    858EB73F68B20A2A5C66B6C000D1C0DD    102608    ----a-w-    C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:38:35    C3120D99E6DA7878A1DD2D88138AC60A    30720    ----a-w-    C:\Windows\SysWOW64\iernonce.dll
2015-05-13 08:38:35    9025CA7BCD6B7956366FC90B3D6E3933    47616    ----a-w-    C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 08:38:29    CFCB89C0FE8EF502A7934C0D20E5DBD6    76288    ----a-w-    C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 08:38:29    8C00AB01B1BC1E2F69765776BBC5A5D1    64000    ----a-w-    C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 08:38:18    6388FC82897DDDA607BBE3580D75AE15    342736    ----a-w-    C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 08:38:17    D74445161E58644309F858342F5E265C    19691008    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2015-05-13 08:38:17    C2EB0AA5570CF8BC881B36EE55A59337    688640    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 08:38:17    C1A32612710492D0C3339E46EC15E333    504320    ----a-w-    C:\Windows\SysWOW64\vbscript.dll
2015-05-13 08:38:17    AA2F2D55DEF98007839D0189D721D70B    1310208    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2015-05-13 08:38:17    7B4FA4B41FBDBB12C5038FCB6E6652AA    285696    ----a-w-    C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 08:38:17    746BBC86351D07859D8B40056447F7B2    60416    ----a-w-    C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 08:38:16    E993B5E929F46A52E9F4EB68A7855CDF    62464    ----a-w-    C:\Windows\SysWOW64\iesetup.dll
2015-05-13 08:38:16    63A2E3E9C771B1D4D7D84942D6FCB661    710144    ----a-w-    C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 08:38:16    28313FF0DE83EAD8F5EF1B963D9078C3    2724864    ----a-w-    C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 08:38:10    C525258A00ECFB4CE089F54C163268C3    2278400    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2015-05-13 08:38:10    136687227F11CE928CB05F4FD90319AC    2052608    ----a-w-    C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 08:38:09    F2DB87F164BC13AB8EF90FBF5D866B65    664576    ----a-w-    C:\Windows\SysWOW64\jscript.dll
2015-05-13 08:38:09    CC4974FCF9387F32A0FF87BCE093A5AD    620032    ----a-w-    C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 08:38:09    BCFA71A878903B5F92A7AFEFCCC5CA97    478208    ----a-w-    C:\Windows\SysWOW64\ieui.dll
2015-05-13 08:38:09    5AAC24BF6C4A54DA526CC6244DEBE227    418304    ----a-w-    C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 08:38:09    3CE5DE0730C22A54FE783DB8A989E8BD    47104    ----a-w-    C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 08:38:09    1BBC9CFD29A62D80FB77BB69BFF7513C    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 08:38:08    0E22CD36FC3292CB812CC46CBCFD8444    12828672    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2015-05-13 08:38:05    6E2B4875B968324E5844F35A37A79260    4305920    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2015-05-13 08:38:05    1C5C5B5EF9CFDFC897D4549A2385DB3A    1155072    ----a-w-    C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 08:38:04    CB5F450D21B9D76B7F01D006E4AEDB40    1882112    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2015-05-13 08:38:04    07E82A31808C8BC053D1DE547082C58F    341504    ----a-w-    C:\Windows\SysWOW64\html.iec
2015-05-13 08:38:02    37625FC1DAF886F1980E2D8F315B93AC    168960    ----a-w-    C:\Windows\SysWOW64\msrating.dll
2015-05-13 08:33:01    D0CA74BE380498A0111A73EB9C76CF8F    342016    ----a-w-    C:\Windows\SysWOW64\certcli.dll
2015-05-13 08:33:01    2665A3D34D1C62DF303723422215B001    248832    ----a-w-    C:\Windows\SysWOW64\schannel.dll
2015-05-13 08:29:31    DCA2C6E7990771209CDD8E9DA90ED0E2    5120    ----a-w-    C:\Windows\SysWOW64\shimeng.dll
2015-05-13 08:29:31    D3E8C7FADB758E5D222C639CC65790AD    295936    ----a-w-    C:\Windows\SysWOW64\apphelp.dll
2015-05-13 08:29:31    715C060150D969B0DE5DD5B365A712AF    20992    ----a-w-    C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 08:27:56    D0F574320615303ADECDCB452EBB8930    635392    ----a-w-    C:\Windows\SysWOW64\tdh.dll
2015-05-13 08:27:56    A44680B810977EA64E280523E96F2EA9    1310744    ----a-w-    C:\Windows\SysWOW64\ntdll.dll
2015-05-13 08:27:56    8D50ED3F0FBE3590AB0D43BF7B60E57A    3989440    ----a-w-    C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 08:27:56    7A5824DC9A85FCE4334F57FF0795853E    641536    ----a-w-    C:\Windows\SysWOW64\advapi32.dll
2015-05-13 08:27:56    0A66C88B087249742381924AB8F9EFCC    3934144    ----a-w-    C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 08:27:55    FCB1C8345C794FE89ABA03B4CA3131BB    65536    ----a-w-    C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 08:27:55    EB058143B57ED460AC4F2DFBA104BBFF    364544    ----a-w-    C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 08:27:55    D9E25B4BD2120CC5183CCCE9421C7AFE    25600    ----a-w-    C:\Windows\SysWOW64\setup16.exe
2015-05-13 08:27:55    C6D2D384B6232B0B800234C03C50979F    82944    ----a-w-    C:\Windows\SysWOW64\logman.exe
2015-05-13 08:27:55    AFFE5747054D03F8CEE18A8518A9AA34    50176    ----a-w-    C:\Windows\SysWOW64\auditpol.exe
2015-05-13 08:27:55    97B30711DC6CA0EA4EACEDCE8080A3B4    37888    ----a-w-    C:\Windows\SysWOW64\relog.exe
2015-05-13 08:27:55    8C45A65ED20B487085B79EEFCC08D160    92160    ----a-w-    C:\Windows\SysWOW64\sechost.dll
2015-05-13 08:27:55    850F756363237A2EB069B9B25EF8BEC3    172032    ----a-w-    C:\Windows\SysWOW64\wdigest.dll
2015-05-13 08:27:55    7F99900705E249E9D5C55E490B7D076E    274944    ----a-w-    C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 08:27:55    74C0EC1257698176E288DA282F318E1C    40448    ----a-w-    C:\Windows\SysWOW64\typeperf.exe
2015-05-13 08:27:55    66D6A06936088E412E29A182679F0D71    259584    ----a-w-    C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 08:27:55    54A01CC4BC47B31C5CD082D064AB37BC    550912    ----a-w-    C:\Windows\SysWOW64\kerberos.dll
2015-05-13 08:27:55    1569F20BB9DB9FDC87A6D3C8A3726ABF    1114112    ----a-w-    C:\Windows\SysWOW64\kernel32.dll
2015-05-13 08:27:55    0B6E937863837BA3383E9CE9200DDF1E    221184    ----a-w-    C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 08:27:54    F43CB86F9536B17E5C7CFCFB48ACBE54    7680    ----a-w-    C:\Windows\SysWOW64\instnm.exe
2015-05-13 08:27:54    F286528898342F0F1EB402606750C391    17408    ----a-w-    C:\Windows\SysWOW64\diskperf.exe
2015-05-13 08:27:54    D9716B488CC27652C12B1B5E0944987E    2048    ----a-w-    C:\Windows\SysWOW64\user.exe
2015-05-13 08:27:54    ABA025664F9F42C568B2C022AADCB18F    43008    ----a-w-    C:\Windows\SysWOW64\srclient.dll
2015-05-13 08:27:54    99A508910BB06DFBE99D9AF7D6B4E950    22016    ----a-w-    C:\Windows\SysWOW64\secur32.dll
2015-05-13 08:27:54    9638DA21E965E23C85C4319F3F66D824    6656    ----a-w-    C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 08:27:54    86B2AC15999BB4F8B5C84AB6154A1783    686080    ----a-w-    C:\Windows\SysWOW64\adtschema.dll
2015-05-13 08:27:54    79AF005633B7E41B7A194A7E7B9D3D93    17408    ----a-w-    C:\Windows\SysWOW64\credssp.dll
2015-05-13 08:27:54    741DB93796E7D4F3F804C13537FB40F4    96768    ----a-w-    C:\Windows\SysWOW64\sspicli.dll
2015-05-13 08:27:54    6BB13D5E12C5C4D829C1D640DF269EA0    5120    ----a-w-    C:\Windows\SysWOW64\wow32.dll
2015-05-13 08:27:54    3346701038E55BD366F3D5CE31F55483    14336    ----a-w-    C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 08:27:53    D079A408CC3E22A09D1260A6F18FC0FD    146432    ----a-w-    C:\Windows\SysWOW64\msaudite.dll
2015-05-13 08:27:53    BF9BB4113E9FCDABD4C703DDD06293F3    60416    ----a-w-    C:\Windows\SysWOW64\msobjs.dll
2015-05-13 08:26:12    C22AB1781BC6F0BB1C9B352CF66DBFFC    1250816    ----a-w-    C:\Windows\SysWOW64\DWrite.dll
2015-05-13 08:26:01    418AEC0CE89A13200F2820079B9CDFD9    216064    ----a-w-    C:\Windows\SysWOW64\InkEd.dll
2015-05-13 08:25:30    744AB3C1A73A57DEED49D631F1BDEA1D    2311168    ----a-w-    C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 08:24:55    C489D8B4D8C64F20CC75A93F541F7D91    123904    ----a-w-    C:\Windows\SysWOW64\poqexec.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-05-13 13:04:27    189FB45D7442083AE8A2E4E612233EF7    124112    ----a-w-    C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:38:35    9DCD15027A13195ABA68B40A5EB26691    114688    ----a-w-    C:\Windows\Sysnative\ieetwcollector.exe
2015-05-13 08:38:33    E802824B9B4A16355A5233A7B8215ECE    48640    ----a-w-    C:\Windows\Sysnative\ieetwproxystub.dll
2015-05-13 08:38:19    70EDB996FE1BCB699232A15CB0D0FA32    2724864    ----a-w-    C:\Windows\Sysnative\mshtml.tlb
2015-05-13 08:38:18    5EDC6AF7589B65C89CB1154B3377D0C4    720384    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2015-05-13 08:38:18    1122DD841CCB7E07EF41039CBD66A29E    34304    ----a-w-    C:\Windows\Sysnative\iernonce.dll
2015-05-13 08:38:17    6D2787CD32595A91969502A399E7BA48    77824    ----a-w-    C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-05-13 08:38:10    ED4EB5A0CDD251A17B946C515CB94D70    1547264    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2015-05-13 08:38:10    D7B9EEF960F68DC18724BB5F89A464DD    389840    ----a-w-    C:\Windows\Sysnative\iedkcs32.dll
2015-05-13 08:38:09    EB9FCD39D65E23380CB2C2F0E6F2ED53    316928    ----a-w-    C:\Windows\Sysnative\dxtrans.dll
2015-05-13 08:38:09    E20B5098C8707B2CF0858024568234FF    801280    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2015-05-13 08:38:09    2A2CDE78F9E9019AD0E4D804A02688A3    968704    ----a-w-    C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-05-13 08:38:09    010F562B961AB8CAEC7A0C72F8FDD690    4096    ----a-w-    C:\Windows\Sysnative\ieetwcollectorres.dll
2015-05-13 08:38:06    F28577138120BA7E5423820D4B4C4727    66560    ----a-w-    C:\Windows\Sysnative\iesetup.dll
2015-05-13 08:38:06    49B1935F131A44CD29857D6900CB643F    800768    ----a-w-    C:\Windows\Sysnative\ieapfltr.dll
2015-05-13 08:38:05    F918BE3C5ACA0B6485D725CC1A5348DC    2125824    ----a-w-    C:\Windows\Sysnative\inetcpl.cpl
2015-05-13 08:38:05    B85ECB91C88F6E74045061B7F7DDEFA2    584192    ----a-w-    C:\Windows\Sysnative\vbscript.dll
2015-05-13 08:38:05    843D063E75B19188759CBEC82828BCB1    2885120    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2015-05-13 08:38:04    29BBA65402DD568F49C837533F269482    144384    ----a-w-    C:\Windows\Sysnative\ieUnatt.exe
2015-05-13 08:38:04    0B4E78E6E65D1FD2CE55C93CF1EFD623    54784    ----a-w-    C:\Windows\Sysnative\jsproxy.dll
2015-05-13 08:38:01    E061B5A1D0F9BBACA41149201ADF4A3B    14401536    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2015-05-13 08:38:01    CA0369799519F33DDE8FD26F5D87D014    490496    ----a-w-    C:\Windows\Sysnative\dxtmsft.dll
2015-05-13 08:38:01    1D610F215769E4FF56C7B1847DE4B86D    633856    ----a-w-    C:\Windows\Sysnative\ieui.dll
2015-05-13 08:38:00    FFC30231459FC44FD73E07532C707791    1359360    ----a-w-    C:\Windows\Sysnative\mshtmlmedia.dll
2015-05-13 08:38:00    F0289B3A341429117696F0279DA977B6    2352128    ----a-w-    C:\Windows\Sysnative\wininet.dll
2015-05-13 08:38:00    DC1200D3C3AC1E69A4DAD053BC26BF0D    814080    ----a-w-    C:\Windows\Sysnative\jscript9diag.dll
2015-05-13 08:38:00    79A4C71CD8B610DE9F66B72B5654C450    6025728    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2015-05-13 08:38:00    63061A0826839DE8F5B4713976C99F1B    816640    ----a-w-    C:\Windows\Sysnative\jscript.dll
2015-05-13 08:38:00    1921A72BF1273BED72E569EF1F1A0611    92160    ----a-w-    C:\Windows\Sysnative\mshtmled.dll
2015-05-13 08:37:59    F2A1718334172C0F4E231E998F6CB8AB    199680    ----a-w-    C:\Windows\Sysnative\msrating.dll
2015-05-13 08:37:59    C31D57F7A58FACDA2671075CEBA75199    24971776    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2015-05-13 08:37:59    C1D6BD834E69E8F77C8B4DDFCEE073F6    417792    ----a-w-    C:\Windows\Sysnative\html.iec
2015-05-13 08:37:59    5A18ACE782C215300BE1C82D9EDC565B    88064    ----a-w-    C:\Windows\Sysnative\MshtmlDac.dll
2015-05-13 08:33:01    ED4B980701D081AC42F7B121C1E42149    460800    ----a-w-    C:\Windows\Sysnative\certcli.dll
2015-05-13 08:33:01    8AD8D17425C75D2621B2CDFE0DEABD21    342016    ----a-w-    C:\Windows\Sysnative\schannel.dll
2015-05-13 08:29:32    71C85477DF9347FE8E7BC55768473FCA    328704    ----a-w-    C:\Windows\Sysnative\services.exe
2015-05-13 08:29:31    F55F287810AAF708618793764AF7D1BB    23552    ----a-w-    C:\Windows\Sysnative\sdbinst.exe
2015-05-13 08:29:31    83BFCCAC53795E8A5055A93672D0C46C    72192    ----a-w-    C:\Windows\Sysnative\aelupsvc.dll
2015-05-13 08:29:31    7E21D3072EB20D5400919D435D549A9B    6656    ----a-w-    C:\Windows\Sysnative\shimeng.dll
2015-05-13 08:29:31    31D260ADAF1CCFEFC49DB9FBCE9986DA    342016    ----a-w-    C:\Windows\Sysnative\apphelp.dll
2015-05-13 08:28:11    EA8A3E8C674B03CB4AFA1D344DBD7BC1    1254400    ----a-w-    C:\Windows\Sysnative\diagtrack.dll
2015-05-13 08:28:11    D449C36379EBEFD3CCDAEC328002BB5B    36864    ----a-w-    C:\Windows\Sysnative\UtcResources.dll
2015-05-13 08:28:10    A985325F4FE72FB003749A2FBBA9952E    5569984    ----a-w-    C:\Windows\Sysnative\ntoskrnl.exe
2015-05-13 08:27:57    8453010B6512DAEAFC61CC0836FA137E    1728960    ----a-w-    C:\Windows\Sysnative\ntdll.dll
2015-05-13 08:27:56    DA8B541825991F6699790E617FF0FF60    1461760    ----a-w-    C:\Windows\Sysnative\lsasrv.dll
2015-05-13 08:27:56    B01B21E15671ACD3F0AD131DC4CABFC7    879104    ----a-w-    C:\Windows\Sysnative\advapi32.dll
2015-05-13 08:27:56    408A8232E84515E4AA819E0C95E65257    314880    ----a-w-    C:\Windows\Sysnative\msv1_0.dll
2015-05-13 08:27:56    1C9F2F4A2C603739BD8CC8C64310AFD7    1162752    ----a-w-    C:\Windows\Sysnative\kernel32.dll
2015-05-13 08:27:56    10D39E74B0D5011A8C199B9646579C3F    879104    ----a-w-    C:\Windows\Sysnative\tdh.dll
2015-05-13 08:27:55    FE60A67032A5C94F6ACE483C8FE84105    47104    ----a-w-    C:\Windows\Sysnative\typeperf.exe
2015-05-13 08:27:55    FDF1E0FD74DED0034BA6FFB665E0641E    424448    ----a-w-    C:\Windows\Sysnative\KernelBase.dll
2015-05-13 08:27:55    EE27E1D639E3807229C15AF94320CF0A    404992    ----a-w-    C:\Windows\Sysnative\tracerpt.exe
2015-05-13 08:27:55    E55A72876BC5E244D0A8F7F07862A939    338432    ----a-w-    C:\Windows\Sysnative\conhost.exe
2015-05-13 08:27:55    DA5EF2CC0764BE7097BAFA9CAF903FE8    112640    ----a-w-    C:\Windows\Sysnative\smss.exe
2015-05-13 08:27:55    D17DD01601460F5899E5C154B3FD0BFA    215040    ----a-w-    C:\Windows\Sysnative\winsrv.dll
2015-05-13 08:27:55    CD3770C78AFFC223A3B9D38F27B7A309    309760    ----a-w-    C:\Windows\Sysnative\ncrypt.dll
2015-05-13 08:27:55    CCAB9BE9C9100C5F54A5A8F355730841    728064    ----a-w-    C:\Windows\Sysnative\kerberos.dll
2015-05-13 08:27:55    BB7BAF9532DBA5AB4009E981687D1EA6    19456    ----a-w-    C:\Windows\Sysnative\diskperf.exe
2015-05-13 08:27:55    ACE24D86D2714FCC1639F890DF54951B    86528    ----a-w-    C:\Windows\Sysnative\TSpkg.dll
2015-05-13 08:27:55    A3DCC3D8BB57E31EA07949313CC3A3CF    43520    ----a-w-    C:\Windows\Sysnative\csrsrv.dll
2015-05-13 08:27:55    A0BCD6A64281492EFAE02AC144A335F1    243712    ----a-w-    C:\Windows\Sysnative\wow64.dll
2015-05-13 08:27:55    9C5DBA74D0C641C2A4ABDC79969B7BEF    104448    ----a-w-    C:\Windows\Sysnative\logman.exe
2015-05-13 08:27:55    9262D6E2C239EDD6D87B080F2BCCEC9F    31232    ----a-w-    C:\Windows\Sysnative\lsass.exe
2015-05-13 08:27:55    79F036EB691ABBA84E8EB1715E5F2B17    43008    ----a-w-    C:\Windows\Sysnative\relog.exe
2015-05-13 08:27:55    52935C072F8D5A92508AA3A3CC9133C7    296960    ----a-w-    C:\Windows\Sysnative\rstrui.exe
2015-05-13 08:27:55    52146DBFE253B83FAB1980AA704C7974    113664    ----a-w-    C:\Windows\Sysnative\sechost.dll
2015-05-13 08:27:55    4DD0098FFAB4664DB979537C48AE055F    64000    ----a-w-    C:\Windows\Sysnative\auditpol.exe
2015-05-13 08:27:55    40C5EA47D4AEC96249B09BF0C076A60C    136192    ----a-w-    C:\Windows\Sysnative\sspicli.dll
2015-05-13 08:27:55    2292CD8500725B94B7D2E3C0C84F2D19    210944    ----a-w-    C:\Windows\Sysnative\wdigest.dll
2015-05-13 08:27:55    0CD609B1143961F5C3BA691729A6A5DA    503808    ----a-w-    C:\Windows\Sysnative\srcore.dll
2015-05-13 08:27:54    E1B0C7042BA7B8903D60DF3885F2DFE7    16384    ----a-w-    C:\Windows\Sysnative\ntvdm64.dll
2015-05-13 08:27:54    D2602AC48B38FA10956E32D18E7143B0    362496    ----a-w-    C:\Windows\Sysnative\wow64win.dll
2015-05-13 08:27:54    D205305FB0E352A9D4CF922D6A016BF4    13312    ----a-w-    C:\Windows\Sysnative\wow64cpu.dll
2015-05-13 08:27:54    AF278DB00C43E925E58C8CA2C0CF4C71    686080    ----a-w-    C:\Windows\Sysnative\adtschema.dll
2015-05-13 08:27:54    ADC2D7B5BFF277E5A9FACE6A21A24ABC    29184    ----a-w-    C:\Windows\Sysnative\sspisrv.dll
2015-05-13 08:27:54    90293AAC2AB0908BFF98ADB89CEBC931    6656    ----a-w-    C:\Windows\Sysnative\apisetschema.dll
2015-05-13 08:27:54    8C711AF30BE3991050D0D011D92CFBE0    50176    ----a-w-    C:\Windows\Sysnative\srclient.dll
2015-05-13 08:27:54    50EBA6640805F6D5EF4A0DCEF2D180AB    22016    ----a-w-    C:\Windows\Sysnative\credssp.dll
2015-05-13 08:27:54    0D9BDBE780DD81757AC5AF87E8B1EBEC    28160    ----a-w-    C:\Windows\Sysnative\secur32.dll
2015-05-13 08:27:53    90DC7B112F946B412C9CDC6F459F4053    60416    ----a-w-    C:\Windows\Sysnative\msobjs.dll
2015-05-13 08:27:53    7A448B8CED7F7348C36159D5CC8E19ED    146432    ----a-w-    C:\Windows\Sysnative\msaudite.dll
2015-05-13 08:26:45    E612E86FA15EA1EF9A52433A2743C447    1179136    ----a-w-    C:\Windows\Sysnative\FntCache.dll
2015-05-13 08:26:13    490505F6E53EF046EC70A353BC9CD615    1647104    ----a-w-    C:\Windows\Sysnative\DWrite.dll
2015-05-13 08:26:12    D858C33B133740D5F1F1CF71C33F6355    3204608    ----a-w-    C:\Windows\Sysnative\win32k.sys
2015-05-13 08:26:01    2B36E0C5C262437E1B098344DEFA55F8    275456    ----a-w-    C:\Windows\Sysnative\InkEd.dll
2015-05-13 08:25:31    6B0F962B1EE486FFE7BCABBC9C736976    24576    ----a-w-    C:\Windows\Sysnative\jnwmon.dll
2015-05-13 08:25:30    E5404072A5A9E0B452ADDF1D1339176C    2543104    ----a-w-    C:\Windows\Sysnative\wpdshext.dll
2015-05-13 08:24:55    C7E50B04623FC6FF54EAF88938A8936E    142336    ----a-w-    C:\Windows\Sysnative\poqexec.exe
====== C:\Windows\Sysnative\drivers =====
2015-05-13 08:27:55    F7DFAE6040AC910B7C64EE208A34157D    95680    ----a-w-    C:\Windows\Sysnative\drivers\ksecdd.sys
2015-05-13 08:27:55    8FE94F2EF9BF444E93E35D87E210D02F    155584    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-05-13 12:40:20    --------    d-----w-    C:\PROGRA~2\Mozilla Maintenance Service
2015-05-13 11:33:12    --------    d-----w-    C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Nub\AppData\Roaming ======
2015-05-18 02:31:39    --------    d-sh--w-    C:\Users\Nub\AppData\Local\EmieBrowserModeList
2015-05-17 11:48:18    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2015-05-17 11:48:18    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2015-05-17 11:48:18    --------    d-----w-    C:\Users\Default User\AppData\Local\temp
====== C:\Users\Nub ======
2015-05-19 23:43:27    33C195F50AAECA7337A7B493359E91F3    2209792    ----a-w-    C:\Users\Nub\Downloads\AdwCleaner.exe
2015-05-19 04:59:23    CC74A1A66ECB147BE341D6357D2B3A09    2107392    ----a-w-    C:\Users\Nub\Desktop\FRST64.exe
2015-05-18 03:26:54    788FCDDD88240A85039F7F561093B118    448512    ----a-w-    C:\Users\Nub\Downloads\TFC.exe
2015-05-18 02:36:13    56A375A83CED75C331A67882D0C0F9DA    16502728    ----a-w-    C:\Users\Nub\Downloads\mbar-1.09.1.1004.exe
2015-05-17 11:48:18    --------    d-----w-    C:\Users\Public\AppData
2015-05-17 09:58:35    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanDisk
2015-05-13 12:37:18    F60899A35B1D3F668C83A9281198ED4C    243400    ----a-w-    C:\Users\Nub\Downloads\Firefox Setup Stub 38.0.exe
2015-05-13 11:24:21    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

====== C: exe-files ==
2015-05-19 23:43:27    33C195F50AAECA7337A7B493359E91F3    2209792    ----a-w-    C:\Users\Nub\Downloads\AdwCleaner.exe
2015-05-19 04:59:23    CC74A1A66ECB147BE341D6357D2B3A09    2107392    ----a-w-    C:\Users\Nub\Desktop\FRST64.exe
2015-05-18 23:03:04    6732C4A894855042FD3618406B6BBD48    88392    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe
2015-05-18 23:03:04    0894890F30B5F6510DF953BC50B5504F    88392    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateWebPlugin.exe
2015-05-18 23:03:03    F6EEE6848E933962E12E7B3F25C73C88    88392    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateBroker.exe
2015-05-18 23:03:03    C990A8EAD57DA59FA8156CC02D3B7DA5    931408    ----a-w-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateSetup.exe
2015-05-18 23:02:55    BB3045B399D898061B926B447C446E05    127816    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateComRegisterShell64.exe
2015-05-18 23:02:55    8715A0D10CFFC8DEE923957F07DAA042    244040    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
2015-05-18 23:02:55    6509A96DAE25340772B51AC020CB1094    304968    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
2015-05-18 23:02:54    0C03FB91E17987EED93F60007B08DAA0    144200    ----atw-    C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdate.exe
2015-05-18 23:02:52    C990A8EAD57DA59FA8156CC02D3B7DA5    931408    ----a-w-    C:\Program Files (x86)\Google\Update\Install\{643EF561-7FC7-4DE3-A6BC-20807503AB49}\GoogleUpdateSetup.exe
2015-05-18 23:02:52    C990A8EAD57DA59FA8156CC02D3B7DA5    931408    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.27.5\GoogleUpdateSetup.exe
2015-05-18 03:26:54    788FCDDD88240A85039F7F561093B118    448512    ----a-w-    C:\Users\Nub\Downloads\TFC.exe
2015-05-18 02:36:13    56A375A83CED75C331A67882D0C0F9DA    16502728    ----a-w-    C:\Users\Nub\Downloads\mbar-1.09.1.1004.exe
2015-05-17 09:59:02    7E9F5FA909528A25FA0C1E64E3AF15BA    1610752    ----a-w-    C:\Program Files (x86)\SanDisk\SSD Dashboard\Resources\LaunchApp.exe
2015-05-17 09:58:33    9ABFE30FBB883F08A07C1524CF30421D    4173280    ----a-w-    C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboard.exe
2015-05-17 09:58:03    CC9D20CC7ACA844A99F8E11E94A94D60    220508    ----a-w-    C:\Program Files (x86)\SanDisk\SSD Dashboard\Img\mkisofs.exe
2015-05-17 09:58:03    838C340363C0BBF0F1F59583A236B2AA    79007    ----a-w-    C:\Program Files (x86)\SanDisk\SSD Dashboard\Img\grubinst.exe
2015-05-17 09:55:36    B97CA9ACC89B219DA746FDC709CA1D92    132867552    ----a-w-    C:\Program Files (x86)\SanDisk\SSD Dashboard\Resources\SanDiskSSDDashboardSetup.exe
2015-05-14 07:55:59    EB81815F1628247337DCF5C44A137366    869192    ----a-w-    C:\Users\Nub\AppData\Local\Google\Chrome\User Data\SwReporter\3.20.1\software_reporter_tool.exe
2015-05-13 12:40:40    31F2B8CCA58B66BF3D85314490CDC70C    103588    ----a-w-    C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
2015-05-13 12:40:31    DD370A8148862150BA81A3F5C56A1E40    148080    ----a-w-    C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
2015-05-13 12:37:18    F60899A35B1D3F668C83A9281198ED4C    243400    ----a-w-    C:\Users\Nub\Downloads\Firefox Setup Stub 38.0.exe
2015-05-13 11:29:20    F65FA872AB42C3F0DBDDE26DF9609F5C    159656    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\unpack200.exe
2015-05-13 11:29:20    EEF1E60EE8CD91EB27B465DF7D97D747    16296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmiregistry.exe
2015-05-13 11:29:20    EECA4389069973E098AC4A167D58DC47    30632    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\jabswitch.exe
2015-05-13 11:29:20    E830232219E9156AF3E7F0ACB1B85FC8    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\ktab.exe
2015-05-13 11:29:20    D7168BCC2877E533EB32E0E00DCEEAE6    51112    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssvagent.exe
2015-05-13 11:29:20    C885370364208460FD31001113F2B2A2    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\java-rmi.exe
2015-05-13 11:29:20    BDFE80354D388518D8C4E71F2734796D    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\pack200.exe
2015-05-13 11:29:20    B406B32BDFDE96384C5F0A93D0090403    16296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\tnameserv.exe
2015-05-13 11:29:20    B2ED82B1A6ACCED29498BB9BA43D430F    16296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\servertool.exe
2015-05-13 11:29:20    B175AD07294EB83FD12947B47B009D66    190888    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
2015-05-13 11:29:20    9A78F5C33E24C55B7025416C79658759    16296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\orbd.exe
2015-05-13 11:29:20    90D8F0F8665DFE0F5616902F8A0E8561    76712    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe
2015-05-13 11:29:20    7AEB4F5D482E1167E1FE9A726584BCD6    68520    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe
2015-05-13 11:29:20    6EE11615820FCCBC8879FD86DD033515    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmid.exe
2015-05-13 11:29:20    6045943DD4B9731735DB0774B25AE114    191400    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
2015-05-13 11:29:20    57631CADE6FE87A131913D6241A5343A    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\kinit.exe
2015-05-13 11:29:20    3C07B66A8BB9F028DC8EB87F84915DF0    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\jjs.exe
2015-05-13 11:29:20    33EF14CDCDD35CB53D3C3FCB3C2819CC    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\keytool.exe
2015-05-13 11:29:20    12F3D9FC2D1D68BB1C9AF782F94E4CF8    272296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaws.exe
2015-05-13 11:29:20    11EEA5DB4A0B073867E3DCBCDBF12118    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\klist.exe
2015-05-13 11:29:20    01E2DB324E5D3C31D1C31D7E3B9748CF    16296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\bin\policytool.exe
2015-05-13 11:18:07    E3F74344B42FBE3A5E2AD3B92844483B    54432    ----a-w-    C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe
2015-05-13 11:18:07    E3F74344B42FBE3A5E2AD3B92844483B    54432    ----a-w-    C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe
2015-05-13 11:18:07    C1C6D60A0DA80AD0D7544E438C954B15    96768    ----a-w-    C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
2015-05-13 11:18:07    83F1842C132FCEC19C0F36CA9587527A    130208    ----a-w-    C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
2015-05-13 11:18:07    369D5ED65BC3185DFEB92255E32598A0    59392    ----a-w-    C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe
2015-05-13 08:38:35    9DCD15027A13195ABA68B40A5EB26691    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2015-05-13 08:38:18    5EDC6AF7589B65C89CB1154B3377D0C4    720384    ----a-w-    C:\Windows\System32\ie4uinit.exe
2015-05-13 08:38:18    4B3D652AACEE4FE636F74CB8015BF00E    221184    ----a-w-    C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2015-05-13 08:38:10    A2A98DBD9E13B81AB68FB6A699A157CB    469504    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2015-05-13 08:38:10    2AA6685FC67CDD231BA0345112DFEE89    222720    ----a-w-    C:\Program Files\Internet Explorer\ielowutil.exe
2015-05-13 08:38:09    EC75F14CC85659C780A0DC575F7B1242    815304    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-05-13 08:38:09    2A2CDE78F9E9019AD0E4D804A02688A3    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-13 08:38:09    1BBC9CFD29A62D80FB77BB69BFF7513C    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 08:38:05    CDBB6EFC96D0567951A13A6ABDCA1FDE    484864    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2015-05-13 08:38:05    ABE6FDB01D22FD63BB190BF95F5BC9B6    813776    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2015-05-13 08:38:04    29BBA65402DD568F49C837533F269482    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2015-05-13 08:29:32    71C85477DF9347FE8E7BC55768473FCA    328704    ----a-w-    C:\Windows\System32\services.exe
2015-05-13 08:29:31    F55F287810AAF708618793764AF7D1BB    23552    ----a-w-    C:\Windows\System32\sdbinst.exe
2015-05-13 08:29:31    715C060150D969B0DE5DD5B365A712AF    20992    ----a-w-    C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 08:28:10    A985325F4FE72FB003749A2FBBA9952E    5569984    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2015-05-13 08:27:56    8D50ED3F0FBE3590AB0D43BF7B60E57A    3989440    ----a-w-    C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 08:27:56    0A66C88B087249742381924AB8F9EFCC    3934144    ----a-w-    C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 08:27:55    FE60A67032A5C94F6ACE483C8FE84105    47104    ----a-w-    C:\Windows\System32\typeperf.exe
2015-05-13 08:27:55    EE27E1D639E3807229C15AF94320CF0A    404992    ----a-w-    C:\Windows\System32\tracerpt.exe
2015-05-13 08:27:55    EB058143B57ED460AC4F2DFBA104BBFF    364544    ----a-w-    C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 08:27:55    E55A72876BC5E244D0A8F7F07862A939    338432    ----a-w-    C:\Windows\System32\conhost.exe
2015-05-13 08:27:55    DA5EF2CC0764BE7097BAFA9CAF903FE8    112640    ----a-w-    C:\Windows\System32\smss.exe
2015-05-13 08:27:55    D9E25B4BD2120CC5183CCCE9421C7AFE    25600    ----a-w-    C:\Windows\SysWOW64\setup16.exe
2015-05-13 08:27:55    C6D2D384B6232B0B800234C03C50979F    82944    ----a-w-    C:\Windows\SysWOW64\logman.exe
2015-05-13 08:27:55    BB7BAF9532DBA5AB4009E981687D1EA6    19456    ----a-w-    C:\Windows\System32\diskperf.exe
2015-05-13 08:27:55    AFFE5747054D03F8CEE18A8518A9AA34    50176    ----a-w-    C:\Windows\SysWOW64\auditpol.exe
2015-05-13 08:27:55    9C5DBA74D0C641C2A4ABDC79969B7BEF    104448    ----a-w-    C:\Windows\System32\logman.exe
2015-05-13 08:27:55    97B30711DC6CA0EA4EACEDCE8080A3B4    37888    ----a-w-    C:\Windows\SysWOW64\relog.exe
2015-05-13 08:27:55    9262D6E2C239EDD6D87B080F2BCCEC9F    31232    ----a-w-    C:\Windows\System32\lsass.exe
2015-05-13 08:27:55    79F036EB691ABBA84E8EB1715E5F2B17    43008    ----a-w-    C:\Windows\System32\relog.exe
2015-05-13 08:27:55    74C0EC1257698176E288DA282F318E1C    40448    ----a-w-    C:\Windows\SysWOW64\typeperf.exe
2015-05-13 08:27:55    52935C072F8D5A92508AA3A3CC9133C7    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2015-05-13 08:27:55    4DD0098FFAB4664DB979537C48AE055F    64000    ----a-w-    C:\Windows\System32\auditpol.exe
2015-05-13 08:27:54    F43CB86F9536B17E5C7CFCFB48ACBE54    7680    ----a-w-    C:\Windows\SysWOW64\instnm.exe
2015-05-13 08:27:54    F286528898342F0F1EB402606750C391    17408    ----a-w-    C:\Windows\SysWOW64\diskperf.exe
2015-05-13 08:27:54    D9716B488CC27652C12B1B5E0944987E    2048    ----a-w-    C:\Windows\SysWOW64\user.exe
2015-05-13 08:26:01    D5E35700566B225CBF8ECD7F92C460C8    2164224    ----a-w-    C:\Program Files\Windows Journal\Journal.exe
2015-05-13 08:25:37    0DBC9BB05703CA0D8792E2075D62B3C3    51200    ----a-w-    C:\Program Files\Windows Journal\PDIALOG.exe
2015-05-13 08:24:55    C7E50B04623FC6FF54EAF88938A8936E    142336    ----a-w-    C:\Windows\System32\poqexec.exe
2015-05-13 08:24:55    C489D8B4D8C64F20CC75A93F541F7D91    123904    ----a-w-    C:\Windows\SysWOW64\poqexec.exe
2015-05-13 07:55:57    D114497B17F8118E6AAD27735B467D3A    41774672    ----a-w-    C:\Program Files (x86)\Google\Update\Install\{6C9A3892-C812-44B5-8AD6-F0EEA2B804F7}\42.0.2311.152_chrome_installer.exe
2015-05-13 07:55:55    D114497B17F8118E6AAD27735B467D3A    41774672    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\42.0.2311.152\42.0.2311.152_chrome_installer.exe
=== C: other files ==
2015-05-19 23:47:21    D61107ABD03C3CA03C2EA9D9B1336448    78822    ----a-w-    C:\Users\Nub\Downloads\AutoLogon.zip
2015-05-18 02:29:41    E53CA224EC1BFAD22B97C50FF191C1D9    970672    ----a-w-    C:\Users\Nub\Desktop\Old Firefox Data\36af0rl1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2015-05-18 02:29:41    73AA4B6F4C1191FE944574AEC7E3D55C    124845    ----a-w-    C:\Users\Nub\Desktop\Old Firefox Data\36af0rl1.default\extensions\elemhidehelper@adblockplus.org.xpi
2015-05-13 11:29:20    34AD992DE8D6023490DB5C9017FAE6E8    14130    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\ffjcext.zip
2015-05-13 08:27:55    F7DFAE6040AC910B7C64EE208A34157D    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2015-05-13 08:27:55    8FE94F2EF9BF444E93E35D87E210D02F    155584    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2015-05-13 08:26:12    D858C33B133740D5F1F1CF71C33F6355    3204608    ----a-w-    C:\Windows\System32\win32k.sys

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\31dlpynk.default-1431916177371
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [27/04/2015 12:08 PM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Fake Chromium Profiles Check ======================

Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 42.0.2311.152

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17/03/2015 08:37 PM]
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]

Bookmark Manager - Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Avast Online Security - Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Chromium Startpages ======================

C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://www.google.com/" ]


==== Chromium Fix ======================

C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage deleted successfully
C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully
C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully
C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data-journal was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1351212739-674943970-396268751-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\Nub\Desktop\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe
C:\Users\Nub\Desktop\GAMES\Theme Hospital\Theme Hospital\Launch Graphic Mode Setup.lnk - C:\Users\Nub\Desktop\GAMES\Theme Hospital\Theme Hospital\DOSBOX\GOGDOSConfig.exe GOGTHEMEHOSPITAL
C:\Users\Nub\Desktop\GAMES\Theme Hospital\Theme Hospital\Launch Multiplayer.lnk - C:\Users\Nub\Desktop\GAMES\Theme Hospital\Theme Hospital\DOSBOX\GOGDOSConfig.exe GOGTHEMEHOSPITAL NET
C:\Users\Nub\Desktop\GAMES\Theme Hospital\Theme Hospital\Launch Settings.lnk - C:\Users\Nub\Desktop\GAMES\Theme Hospital\Theme Hospital\DOSBOX\DOSBox.exe -conf "..\dosboxTH.conf" -conf "..\dosboxTH_settings.conf" -noconsole -c exit
C:\Users\Nub\Desktop\GAMES\Theme Hospital\Theme Hospital\Launch Theme Hospital.lnk - C:\Users\Nub\Desktop\GAMES\Theme Hospital\Theme Hospital\DOSBOX\DOSBox.exe -conf "..\dosboxTH.conf" -conf "..\dosboxTH_single.conf" -noconsole -c exit

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WinFlash.Lnk - C:\Program Files (x86)\ASUS\WinFlash\WinFlash.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanDisk\SSD Dashboard\SanDisk SSD Dashboard.lnk - C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboard.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanDisk\SSD Dashboard\Uninstall.lnk - C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardSetup.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=Default
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Theme Hospital.lnk - C:\Users\Nub\Desktop\GAMES\ct\CorsixTH\CorsixTH_SDL.exe
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ASUS PowerWiz.lnk - C:\Windows\Installer\{B2DB883F-1AF3-4BE6-BE04-710D9C556C44}\_A982CB99A9B19E940FE6EA.exe
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Presto PVR.lnk -  
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Nub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49E37014-928B-FB38-0269-A19839FE8EEE} deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=13 folders=6 1174020 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Nub\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Nub\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 20/05/2015 at 10:43:59.10 ======================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:13 PM

Posted 20 May 2015 - 02:32 AM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 sukaiz

sukaiz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 20 May 2015 - 06:07 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Nub (administrator) on DANG06 on 21-05-2015 09:04:38
Running from C:\Users\Nub\Desktop
Loaded Profiles: Nub (Available profiles: Nub)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SanDisk Corporation) C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(NewSoft) C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [961184 2011-08-03] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [798880 2011-08-03] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-10-17] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-22] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-09] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [ChangeFilterMerit] => C:\Program Files (x86)\NewSoft\Presto! PVR\ChangeFilterMerit.exe [51280 2007-06-08] (NewSoft)
HKLM-x32\...\Run: [Presto! PVR Monitor] => C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe [157520 2009-11-26] (NewSoft)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695928 2009-08-19] (brother)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1351212739-674943970-396268751-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1351212739-674943970-396268751-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-02]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1351212739-674943970-396268751-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1351212739-674943970-396268751-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> OldSearch URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1351212739-674943970-396268751-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-1351212739-674943970-396268751-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-11] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-08-03] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-11] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\31dlpynk.default-1431916177371
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-25]

Chrome:
=======
CHR Profile: C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-21]
CHR Extension: (Google Docs) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-21]
CHR Extension: (Google Drive) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-21]
CHR Extension: (YouTube) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-21]
CHR Extension: (Google Search) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-21]
CHR Extension: (Google Sheets) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-21]
CHR Extension: (Bookmark Manager) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-21]
CHR Extension: (Avast Online Security) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-21]
CHR Extension: (Google Wallet) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-21]
CHR Extension: (Gmail) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-21]
CHR Profile: C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-21]
CHR Extension: (Google Docs) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (Google Drive) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (YouTube) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-18]
CHR Extension: (Google Search) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (Google Sheets) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-21]
CHR Extension: (Bookmark Manager) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-18]
CHR Extension: (Avast Online Security) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (Gmail) - C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-08-03] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [103584 2011-08-03] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-27] (Avast Software s.r.o.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-28] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [374784 2015-04-09] (SanDisk Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27056 2011-10-28] (ASUS Corporation) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-27] ()
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [98816 2010-12-31] (ASIX Electronics Corp.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69888 2011-10-17] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [174368 2010-01-22] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2010-01-22] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 09:03 - 2015-05-21 09:03 - 00030291 _____ () C:\Users\Nub\Desktop\Addition.txt
2015-05-21 09:02 - 2015-05-21 09:02 - 00000000 ____D () C:\Users\Nub\Desktop\FRST-OlderVersion
2015-05-20 10:44 - 2015-05-20 10:44 - 00049311 _____ () C:\Users\Nub\Desktop\zoek-results.txt
2015-05-20 10:37 - 2015-05-20 10:10 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-20 10:14 - 2015-05-20 10:43 - 00049311 _____ () C:\zoek-results.log
2015-05-20 10:10 - 2015-05-20 10:33 - 00000000 ____D () C:\zoek_backup
2015-05-20 10:10 - 2015-05-20 10:10 - 01308672 _____ () C:\Users\Nub\Desktop\zoek.exe
2015-05-20 10:09 - 2015-05-20 10:09 - 00001860 _____ () C:\Users\Nub\Desktop\Malwarebytes.txt
2015-05-20 09:49 - 2015-05-20 09:49 - 00000968 _____ () C:\Users\Nub\Desktop\AdwCleaner[S1].txt
2015-05-20 09:47 - 2015-05-20 09:47 - 00078822 _____ () C:\Users\Nub\Downloads\AutoLogon.zip
2015-05-20 09:43 - 2015-05-20 09:43 - 02209792 _____ () C:\Users\Nub\Downloads\AdwCleaner.exe
2015-05-19 15:00 - 2015-05-21 09:04 - 00023393 _____ () C:\Users\Nub\Desktop\FRST.txt
2015-05-19 14:59 - 2015-05-21 09:04 - 00000000 ____D () C:\FRST
2015-05-19 14:59 - 2015-05-21 09:02 - 02107904 _____ (Farbar) C:\Users\Nub\Desktop\FRST64.exe
2015-05-18 13:26 - 2015-05-18 13:26 - 00448512 _____ (OldTimer Tools) C:\Users\Nub\Downloads\TFC.exe
2015-05-18 12:36 - 2015-05-18 12:36 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Nub\Downloads\mbar-1.09.1.1004.exe
2015-05-18 12:34 - 2015-05-18 12:34 - 00852639 _____ () C:\Users\Nub\Downloads\SecurityCheck.exe
2015-05-18 12:31 - 2015-05-18 12:31 - 00000000 __SHD () C:\Users\Nub\AppData\Local\EmieBrowserModeList
2015-05-18 12:29 - 2015-05-19 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:29 - 2015-05-18 12:29 - 00000000 ____D () C:\Users\Nub\Desktop\Old Firefox Data
2015-05-17 21:48 - 2015-05-17 21:48 - 00034721 _____ () C:\ComboFix.txt
2015-05-17 21:09 - 2015-05-17 21:53 - 00000000 ____D () C:\Windows\erdnt
2015-05-17 21:04 - 2015-05-17 21:04 - 00002315 _____ () C:\Users\Nub\Downloads\software_removal_tool.log
2015-05-17 21:04 - 2015-05-17 21:04 - 00000198 _____ () C:\Users\Nub\Downloads\debug.log
2015-05-17 20:56 - 2015-05-20 09:45 - 00000000 ____D () C:\AdwCleaner
2015-05-17 20:39 - 2015-05-21 07:05 - 00000560 _____ () C:\Windows\setupact.log
2015-05-17 20:39 - 2015-05-17 20:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-17 19:58 - 2015-05-17 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanDisk
2015-05-13 23:04 - 2015-05-01 23:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:04 - 2015-05-01 23:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:40 - 2015-05-19 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-13 22:40 - 2015-05-13 22:40 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-13 22:40 - 2015-05-13 22:40 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-13 22:37 - 2015-05-13 22:37 - 00243400 _____ () C:\Users\Nub\Downloads\Firefox Setup Stub 38.0.exe
2015-05-13 21:24 - 2015-05-13 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-13 18:38 - 2015-04-22 12:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 18:38 - 2015-04-22 11:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 18:38 - 2015-04-22 03:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 18:38 - 2015-04-22 03:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 18:38 - 2015-04-22 02:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 18:38 - 2015-04-22 02:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 18:38 - 2015-04-22 02:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 18:38 - 2015-04-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 18:38 - 2015-04-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 18:38 - 2015-04-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 18:38 - 2015-04-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 18:38 - 2015-04-22 02:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 18:38 - 2015-04-22 02:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 18:38 - 2015-04-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 18:38 - 2015-04-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 18:38 - 2015-04-22 02:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 18:38 - 2015-04-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 18:38 - 2015-04-22 02:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 18:38 - 2015-04-22 02:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 18:38 - 2015-04-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 18:38 - 2015-04-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 18:38 - 2015-04-22 02:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 18:38 - 2015-04-22 02:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 18:38 - 2015-04-22 02:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 18:38 - 2015-04-22 02:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 18:38 - 2015-04-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 18:38 - 2015-04-22 02:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 18:38 - 2015-04-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 18:38 - 2015-04-22 02:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 18:38 - 2015-04-22 02:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 18:38 - 2015-04-22 02:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 18:38 - 2015-04-22 02:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 18:38 - 2015-04-22 01:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 18:38 - 2015-04-22 01:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 18:38 - 2015-04-22 01:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 18:38 - 2015-04-22 01:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 18:38 - 2015-04-22 01:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 18:38 - 2015-04-22 01:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 18:38 - 2015-04-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 18:38 - 2015-04-22 01:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 18:38 - 2015-04-22 01:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 18:38 - 2015-04-22 01:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 18:38 - 2015-04-22 01:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 18:38 - 2015-04-22 01:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 18:38 - 2015-04-22 01:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 18:38 - 2015-04-22 01:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 18:38 - 2015-04-22 01:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 18:38 - 2015-04-22 01:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 18:38 - 2015-04-22 01:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 18:38 - 2015-04-22 01:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 18:38 - 2015-04-22 01:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 18:38 - 2015-04-22 01:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 18:38 - 2015-04-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 18:38 - 2015-04-22 01:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 18:38 - 2015-04-22 00:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 18:38 - 2015-04-22 00:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 18:37 - 2015-04-22 03:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 18:37 - 2015-04-22 02:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 18:37 - 2015-04-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 18:37 - 2015-04-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 18:33 - 2015-05-05 11:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 18:33 - 2015-05-05 11:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 18:33 - 2015-04-18 13:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 18:33 - 2015-04-18 12:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 18:29 - 2015-04-13 13:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 18:29 - 2015-03-04 14:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 18:29 - 2015-03-04 14:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 18:29 - 2015-03-04 14:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 18:29 - 2015-03-04 14:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 18:29 - 2015-03-04 14:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 18:29 - 2015-03-04 14:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 18:29 - 2015-03-04 14:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 18:28 - 2015-04-28 05:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 18:28 - 2015-04-28 05:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 18:28 - 2015-04-28 04:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 18:27 - 2015-04-28 05:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 18:27 - 2015-04-28 05:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 18:27 - 2015-04-28 05:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 18:27 - 2015-04-28 05:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 18:27 - 2015-04-28 05:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 18:27 - 2015-04-28 05:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 18:27 - 2015-04-28 05:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 18:27 - 2015-04-28 05:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 18:27 - 2015-04-28 05:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 05:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 18:27 - 2015-04-28 05:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 18:27 - 2015-04-28 05:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 18:27 - 2015-04-28 05:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 18:27 - 2015-04-28 05:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 18:27 - 2015-04-28 05:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 18:27 - 2015-04-28 05:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 18:27 - 2015-04-28 05:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 18:27 - 2015-04-28 05:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 18:27 - 2015-04-28 05:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 18:27 - 2015-04-28 05:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 18:27 - 2015-04-28 05:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 18:27 - 2015-04-28 05:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 18:27 - 2015-04-28 05:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 18:27 - 2015-04-28 05:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 18:27 - 2015-04-28 05:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 18:27 - 2015-04-28 05:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 18:27 - 2015-04-28 05:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 18:27 - 2015-04-28 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 18:27 - 2015-04-28 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 03:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 18:27 - 2015-04-28 03:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 18:27 - 2015-04-28 03:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 03:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 18:27 - 2015-04-28 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 18:26 - 2015-04-20 13:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 18:26 - 2015-04-20 13:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 18:26 - 2015-04-20 12:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 18:26 - 2015-04-20 12:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 18:26 - 2015-04-08 13:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 18:26 - 2015-04-08 13:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 18:25 - 2015-04-08 13:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 18:25 - 2015-01-29 13:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 18:25 - 2015-01-29 13:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 18:24 - 2015-02-18 17:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 18:24 - 2015-02-18 17:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-08 16:07 - 2015-05-08 16:07 - 00031753 _____ () C:\Users\Nub\Desktop\Turnitin Originality Report.html
2015-05-08 16:07 - 2015-05-08 16:07 - 00000000 ____D () C:\Users\Nub\Desktop\Turnitin Originality Report_files
2015-05-02 13:00 - 2015-05-02 13:01 - 14215760 _____ () C:\Users\Nub\Downloads\UPDATE.zip
2015-04-27 12:13 - 2015-04-27 12:13 - 00880208 _____ (Google Inc.) C:\Users\Nub\Downloads\ChromeSetup (3).exe
2015-04-27 12:09 - 2015-04-27 12:09 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-27 12:09 - 2015-04-27 12:09 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-21 15:16 - 2015-04-21 15:16 - 00880208 _____ (Google Inc.) C:\Users\Nub\Downloads\ChromeSetup (2).exe
2015-04-21 13:06 - 2015-04-21 13:06 - 00000973 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 08:47 - 2013-04-22 18:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 08:15 - 2011-11-02 20:43 - 01716542 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 08:08 - 2013-05-20 20:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-21 07:14 - 2009-07-14 14:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 07:14 - 2009-07-14 14:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 07:10 - 2009-07-14 15:13 - 00797890 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 07:06 - 2013-05-20 20:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 07:05 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 18:00 - 2015-04-05 18:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 18:00 - 2015-04-05 18:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 10:44 - 2011-12-25 10:56 - 00000000 ____D () C:\Users\Nub\Documents\Bluetooth Folder
2015-05-20 10:43 - 2013-10-18 21:50 - 00000008 __RSH () C:\Users\Nub\ntuser.pol
2015-05-20 10:43 - 2011-12-25 10:55 - 00000000 ____D () C:\Users\Nub
2015-05-20 10:43 - 2011-04-02 14:17 - 00806726 _____ () C:\Windows\PFRO.log
2015-05-20 10:29 - 2009-07-14 13:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-20 10:29 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-20 09:51 - 2014-04-10 13:12 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 09:47 - 2011-02-22 14:18 - 00148856 _____ (Sysinternals - www.sysinternals.com) C:\Users\Nub\Desktop\Autologon.exe
2015-05-20 08:09 - 2014-07-05 12:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-19 09:03 - 2013-05-20 20:49 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 09:03 - 2013-05-20 20:49 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 08:09 - 2011-12-25 10:55 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2015-05-18 13:27 - 2012-09-01 12:58 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-18 12:37 - 2014-04-10 13:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-17 21:40 - 2009-07-14 12:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-17 20:39 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\tracing
2015-05-17 20:12 - 2012-10-21 17:07 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-17 18:55 - 2014-04-10 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-17 18:55 - 2014-04-10 13:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-17 18:50 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-14 18:58 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 07:05 - 2013-04-21 22:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 06:40 - 2011-12-25 11:38 - 00000000 ____D () C:\Users\Nub\AppData\Local\Google
2015-05-14 06:39 - 2009-07-14 14:45 - 00412504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 06:36 - 2013-03-15 01:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 06:36 - 2013-03-15 01:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 06:36 - 2009-07-14 17:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 06:36 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 00:18 - 2012-01-03 00:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 00:14 - 2013-08-15 00:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:13 - 2011-12-25 11:39 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 23:04 - 2013-03-15 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 22:43 - 2009-07-29 16:03 - 00000000 ____D () C:\Windows\Panther
2015-05-13 21:29 - 2014-09-25 12:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-13 18:01 - 2015-04-12 15:15 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-08 14:07 - 2013-05-20 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-04-27 12:09 - 2014-04-25 22:13 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-27 12:09 - 2013-12-27 22:36 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-27 12:09 - 2013-03-14 20:49 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-27 12:09 - 2013-03-14 20:49 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-27 12:09 - 2012-02-25 16:05 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-27 12:09 - 2011-12-25 22:30 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-27 12:09 - 2011-12-25 22:30 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-27 12:08 - 2011-12-25 22:30 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-21 14:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-21 13:48 - 2013-04-22 18:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-21 13:47 - 2013-04-21 22:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-21 13:47 - 2013-04-21 22:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-07-20 20:24 - 2013-07-20 20:24 - 0003584 _____ () C:\Users\Nub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 00:20

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by Nub at 2015-05-21 09:05:13
Running from C:\Users\Nub\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1351212739-674943970-396268751-500 - Administrator - Disabled)
Guest (S-1-5-21-1351212739-674943970-396268751-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1351212739-674943970-396268751-1142 - Limited - Enabled)
Nub (S-1-5-21-1351212739-674943970-396268751-1001 - Administrator - Enabled) => C:\Users\Nub

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS PowerWiz (HKLM-x32\...\{B2DB883F-1AF3-4BE6-BE04-710D9C556C44}) (Version: 1.0.6 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0009 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.2 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{AECA3622-E634-4A55-A696-70A511CBE06E}) (Version: 2.0.3 - AsusTek Computer Inc.)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
AX88772B Windows 7 Drivers (HKLM-x32\...\InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}) (Version: 1.0.1.1 - ASIX Electronics Corporation)
AX88772B Windows 7 Drivers (x32 Version: 1.0.1.1 - ASIX Electronics Corporation) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.90 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2150N (HKLM-x32\...\{8FE0E756-0347-403A-9264-D004D8DEB782}) (Version: 1.00 - Brother)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CorsixTH 0.30 (HKLM-x32\...\CorsixTH) (Version: 0.30 - CorsixTH Team)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1351212739-674943970-396268751-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ETDWare PS/2-X64 10.5.5.0 (HKLM\...\Elantech) (Version: 10.5.5.0 - ELAN Microelectronic Corp.)
Free GIF2SWF Converter v1.0 (HKLM-x32\...\{003471DA-FA41-4ADE-83C6-56A3FED6E820}_is1) (Version:  - ETC Company, Inc.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{01E66AC4-B28B-494C-993D-3CD17020BEBC}) (Version: 3.5.4.0 - Fresco Logic Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.134 - PandoraTV)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Presto! PVR (HKLM-x32\...\{BC0DCD27-345B-4013-A6E0-67EC92DF32C8}) (Version: 5.73.03 - NewSoft)
PWR Option (HKLM-x32\...\{B7B60C4F-0DB8-42EF-8EDC-5F21D4C2D73F}) (Version: 1.0.8 - ASUS)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.0 - SanDisk Corporation)
SanDisk SSD Dashboard Service (HKLM-x32\...\{EE9255E4-283A-4318-ABB6-A75BEE59ACA3}) (Version: 1.0.0 - SanDisk Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}) (Version: 3.0.23 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1351212739-674943970-396268751-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nub\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1351212739-674943970-396268751-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Nub\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1351212739-674943970-396268751-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nub\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1351212739-674943970-396268751-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Nub\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1351212739-674943970-396268751-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Nub\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1351212739-674943970-396268751-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1351212739-674943970-396268751-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1351212739-674943970-396268751-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1351212739-674943970-396268751-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1351212739-674943970-396268751-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nub\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

20-05-2015 10:14:45 zoek.exe restore point
20-05-2015 18:00:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2015-05-17 21:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {084CCA37-2BA9-4AB3-9E36-6225E1502182} - System32\Tasks\RunGadgetController => C:\Program Files (x86)\ASUS\InstantOn for NB\GadgetController.exe [2012-02-03] (ASUS)
Task: {1CA3026A-E905-4BA6-8586-B6A15705F58F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {1DE57BA1-C073-40F6-B574-4599241A3459} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {3130814C-7657-4705-892A-AC29C9807E98} - System32\Tasks\PowerWiz => C:\Program Files (x86)\ASUS\ASUS PowerWiz\PowerWiz.exe [2011-12-05] (ASUSTek Computer Inc.)
Task: {3A42C2F8-BBA7-4DFD-A522-F890BE2414B1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {427F9F83-6BBC-4DA3-BA19-889FFDD4A020} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1351212739-674943970-396268751-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {49DF3642-F86A-4104-9DAA-816AEF1A32FC} - System32\Tasks\Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2011-11-28] ()
Task: {4B8C0692-4516-4113-82C9-B99B7EF1098B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)
Task: {73CD3F05-3E05-40A5-95D3-AD7A42129C00} - System32\Tasks\{A848D099-15E6-4D9B-967E-4AACF35DA2D4} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {81792D3C-F5EF-4E8A-8D4A-110366B9D4CA} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {9D11AA95-398B-40A8-B55E-8D6F4BD18E4E} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-30] (ASUSTek Computer Inc.)
Task: {A5606CED-D9FC-486E-897B-2201E0150039} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A6CE5739-EC75-4764-8F1A-6B54F5894CA2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-27] (Avast Software s.r.o.)
Task: {B6332B00-EFA5-45D6-A4A1-0A304BD89918} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {B9566117-714B-4126-A1B4-8953D72A2FFA} - System32\Tasks\{B0CED683-DC66-442A-8EAA-D9E3CD1C48B9} => pcalua.exe -a "C:\Users\Nub\Downloads\EzTV Software\Drivers\Setup.exe" -d "C:\Users\Nub\Downloads\EzTV Software\Drivers"
Task: {BC1211AD-55F0-4401-A132-34640F84D685} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {CA214B7E-1855-4D27-9699-6507866CFB2D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1351212739-674943970-396268751-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D88C0B8F-1056-4E69-8C68-9A3C013069F8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {DA07CD18-DAAF-4791-9E77-87BAD369DC68} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-21] (Adobe Systems Incorporated)
Task: {DF889AC5-4D09-4BE0-B4A2-A06BEDB5DEF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)
Task: {E35CEC2B-F753-40B2-86D6-C0F59DB88E5A} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-22] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2011-11-28 08:58 - 2011-11-28 08:58 - 00556976 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2011-10-20 16:46 - 2011-09-16 13:35 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-04-27 12:09 - 2015-04-27 12:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-27 12:09 - 2015-04-27 12:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-20 08:09 - 2015-05-20 08:09 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051901\algo.dll
2015-05-21 07:07 - 2015-05-21 07:07 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15052000\algo.dll
2011-12-06 15:21 - 2011-12-06 15:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-09 15:10 - 2011-09-09 15:10 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2015-03-17 20:38 - 2015-03-17 20:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1351212739-674943970-396268751-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{E6B0EF51-00A0-4BC8-8249-D6D366A96D6E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2CE2C232-DEBE-48D9-BAB6-AFF70DA911C3}] => (Allow) LPort=2869
FirewallRules: [{1A165FF4-80F7-488F-A0ED-2A89D740AF12}] => (Allow) LPort=1900
FirewallRules: [{2B0A300F-2FA9-4EE6-98F0-44D93A1F0EB4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{32CA6032-93C4-4472-A793-FC6A795651DE}] => (Allow) LPort=5353
FirewallRules: [{86315A17-DE80-44ED-9DB5-8C8C466070A4}] => (Allow) LPort=8182
FirewallRules: [{407232D7-1A04-429D-8967-1CC070465D1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5EAC20D6-CFF2-4C1E-9AD9-E997EDCA3872}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E0B42137-6936-4650-8EF6-2598CA4F51A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{583AA650-33F5-449C-AD43-CF57231D00E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{D27322AD-0ECF-46DD-B31E-F484CC2EE81F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{4905C964-292E-4EA5-B7E9-2CC31596FF8F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{D55C9766-F872-42FD-85E0-FB0364359364}] => (Allow) C:\Users\Nub\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{03120A26-9EAA-4B4F-94CA-9F72B69D5F16}] => (Allow) C:\Users\Nub\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{92DE4DBA-2FE6-454D-8342-B182F76155B4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{1843B51A-A3C3-409E-AFC6-A9C7BBB8E2CE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{005CD4BB-A0A9-478C-991F-A5F6D3F2065E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{47138BF0-35A8-482D-8CC0-DCAA377E148B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [TCP Query User{69798AA5-8D26-4866-999E-D56E19B55617}C:\users\nub\downloads\utorrent.exe] => (Allow) C:\users\nub\downloads\utorrent.exe
FirewallRules: [UDP Query User{2307D7CE-067C-462E-B386-AAF17564281A}C:\users\nub\downloads\utorrent.exe] => (Allow) C:\users\nub\downloads\utorrent.exe
FirewallRules: [{23CC2375-0EA8-490F-81B0-B35866CA97B6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A954F0D7-8888-4E50-8148-6B879C884F08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{14A78D68-0414-469D-8E27-1401452C9660}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{864B9804-0BF4-4C42-BE4C-ABB2BB377A02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E43B602E-AECA-43D2-AA77-B1D2182A9453}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FA52B80A-DA38-4374-97D0-2F47D305CE4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DD282C39-FE0E-49B5-B29A-23A2F39D1C6B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D7BF277E-A26D-49B0-A4F3-F90B9ECF9ED4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2015 07:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1186

Error: (05/17/2015 07:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1186

Error: (05/17/2015 07:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2015 02:11:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2137

Error: (05/15/2015 02:11:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2137

Error: (05/15/2015 02:11:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/15/2015 02:11:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1108

Error: (05/15/2015 02:11:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1108

Error: (05/15/2015 02:11:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/14/2015 06:51:45 AM) (Source: MsiInstaller) (EventID: 1024) (User: DANG06)
Description: Product: Adobe Reader XI (11.0.10) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011011}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (05/21/2015 07:08:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (05/21/2015 07:08:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (05/21/2015 07:06:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/20/2015 10:43:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/20/2015 10:29:32 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/20/2015 10:29:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/20/2015 10:29:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/20/2015 10:29:30 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/20/2015 10:29:29 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/20/2015 10:10:16 AM) (Source: DCOM) (EventID: 10016) (User: DANG06)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}DANG06NubS-1-5-21-1351212739-674943970-396268751-1001LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-17 21:38:33.465
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-17 21:38:33.325
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2557M CPU @ 1.70GHz
Percentage of memory in use: 44%
Total physical RAM: 3998.66 MB
Available physical RAM: 2205.3 MB
Total Pagefile: 7995.54 MB
Available Pagefile: 6010.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:111.24 GB) (Free:4.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:13 PM

Posted 21 May 2015 - 02:25 AM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 sukaiz

sukaiz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 21 May 2015 - 05:19 AM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=051743e97efc414c9a881b82a4d9b0d6
# engine=23948
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-21 09:06:00
# local_time=2015-05-21 07:06:00 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 0 196616050 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 183832610 0 0
# scanned=154485
# found=1
# cleaned=0
# scan_time=2940
sh=85FD231DFF0A97F70361AA2413861EDC5D0B8BFD ft=1 fh=6e634a93cb0ae455 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Nub\Downloads\cbsidlm-cbsi5_3_0_93-KMPlayer-BP-10659939.exe"



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:13 PM

Posted 21 May 2015 - 11:21 AM


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 sukaiz

sukaiz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 21 May 2015 - 06:48 PM

Thank you for all the help but unfortunately I am still getting Yahoo redirects and Express Find Ads still appear in Chrome.



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:13 PM

Posted 21 May 2015 - 06:50 PM

Step 1

revouninstaller.pngRevo Uninstaller Free
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), to remove it:
    Google Chrome 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Reinstall Google Chrome. Download
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 sukaiz

sukaiz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 21 May 2015 - 07:05 PM

I believe that has fixed it, thank you very much for all your assistance Jürgen.



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:13 PM

Posted 22 May 2015 - 02:11 AM

Thank you very much!

 

 

It's good to hear that your problems appear to be solved.

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:13 PM

Posted 22 May 2015 - 02:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users