Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 64 Bit Malware Issue


  • This topic is locked This topic is locked
27 replies to this topic

#1 stonemanjr

stonemanjr

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 22 May 2015 - 10:33 PM

Samsung machine is doing the slow down, stagger, freeze, then opens files/windows/ browser rapid one after another that were clicked on minutes prior. Then when we go to use the browser (Firefox) it goes into a slow stall again, and may or may not respond (25% of the time it outright freezes up)

 

Thank you



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:38 AM

Posted 23 May 2015 - 11:33 AM

Hello once again stonemanjr! :)

 

Would you please follow the Prep Guide starting with Step :step6: and post the FRST logs (FRST.txt and Addition.txt) so we can have a look at the current state of the machine?

 

If you have any questions, don't hesitate to ask! :)

 

Thanks,

 

bloopie



#3 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 26 May 2015 - 08:52 AM

Got it/ We have been on an out of town "relief" time!! Will run tonite :thumbsup:



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:38 AM

Posted 26 May 2015 - 05:42 PM

Okay no problem, and thanks for the note...post when ready! :)

#5 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 27 May 2015 - 11:53 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by man (administrator) on CORNERSTONE on 28-05-2015 00:18:17
Running from C:\Users\man\Downloads
Loaded Profiles: man (Available Profiles: UpdatusUser & man)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Duality Software) C:\Program Files (x86)\DS Clock\dsclock.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Duality Software) C:\Program Files (x86)\DS Clock\dsetime.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Farbar) C:\Users\man\Downloads\FRST64(1).exe
() C:\Users\man\Downloads\tweaking.com_windows_repair_aio_setup.exe
() C:\Users\man\Downloads\tweaking.com_windows_repair_aio_setup.exe
(Indigo Rose Corporation) C:\Users\man\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
(Indigo Rose Corporation) C:\Users\man\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11369576 2010-08-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2581384 2010-08-30] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-10-19] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-08-31] (Intel® Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SOSUAUI] => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [53144 2013-04-01] (Malwarebytes Secure Backup)
HKLM-x32\...\Run: [SMessaging] => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [63896 2013-04-01] (Malwarebytes Secure Backup)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2067896838-3830993589-4124492298-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2067896838-3830993589-4124492298-1001\...\Run: [DS Clock] => C:\Program Files (x86)\DS Clock\DSClock.exe [583560 2011-10-10] (Duality Software)
HKU\S-1-5-21-2067896838-3830993589-4124492298-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-2067896838-3830993589-4124492298-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2067896838-3830993589-4124492298-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2067896838-3830993589-4124492298-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-09-17] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2067896838-3830993589-4124492298-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\man\AppData\Roaming\Mozilla\Firefox\Profiles\czbc0kjm.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Firefox 3 Aero theme for Firefox 4+ - C:\Users\man\AppData\Roaming\Mozilla\Firefox\Profiles\czbc0kjm.default\Extensions\ffe_ff3aeroff4@game-point.net.xpi [2011-12-21]
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\man\AppData\Roaming\Mozilla\Firefox\Profiles\czbc0kjm.default\Extensions\firefox1@myibay.com.xpi [2014-09-03]
FF Extension: NoScript - C:\Users\man\AppData\Roaming\Mozilla\Firefox\Profiles\czbc0kjm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-02-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-27] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-20] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-08-31] (Red Bend Ltd.) [File not signed]
R2 DSClockSyncTime; C:\Program Files (x86)\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
U2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-10-19] ()
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3014488 2015-03-24] (Samsung Electronics CO., LTD.)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-08-31] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-23] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19936 2011-09-02] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [13280 2011-09-02] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-16] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [107872 2015-05-23] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [107872 2015-05-23] (Zemana Ltd.)
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 00:20 - 2015-05-28 00:21 - 00002206 _____ () C:\Users\man\Desktop\Tweaking.com - Windows Repair.lnk
2015-05-28 00:19 - 2015-05-28 00:21 - 00003656 _____ () C:\windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-05-28 00:18 - 2015-05-28 00:22 - 00018579 _____ () C:\Users\man\Downloads\FRST.txt
2015-05-28 00:15 - 2015-05-28 00:18 - 00000000 ____D () C:\FRST
2015-05-28 00:15 - 2015-05-28 00:15 - 02108928 _____ (Farbar) C:\Users\man\Downloads\FRST64(1).exe
2015-05-28 00:08 - 2015-05-28 00:08 - 01147392 _____ (Farbar) C:\Users\man\Downloads\FRST.exe
2015-05-27 23:56 - 2015-05-27 23:56 - 00002297 _____ () C:\Users\Public\Desktop\Toolbox.lnk
2015-05-27 23:55 - 2015-05-27 23:55 - 12888744 _____ () C:\Users\man\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-05-27 23:48 - 2015-05-27 23:50 - 06080840 _____ () C:\Users\man\Downloads\tweaking.com_technicians_toolbox_setup.exe
2015-05-23 17:06 - 2015-05-23 17:06 - 00001989 _____ () C:\Users\Public\Desktop\SW Update.lnk
2015-05-23 16:59 - 2015-05-23 17:00 - 02217040 _____ (Samsung Electronics Co., Ltd.) C:\Users\man\Downloads\BIOSUpdate.exe
2015-05-23 00:32 - 2015-05-23 00:32 - 00107872 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zam64.sys
2015-05-23 00:31 - 2015-05-23 00:31 - 00107872 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2015-05-23 00:31 - 2015-05-23 00:31 - 00000000 ____D () C:\Users\man\AppData\Local\Zemana
2015-05-23 00:27 - 2015-05-23 00:27 - 04772600 _____ ( ) C:\Users\man\Downloads\Zemana.AntiMalware.Setup.exe
2015-05-22 23:37 - 2015-05-22 23:38 - 02108416 _____ (Farbar) C:\Users\man\Downloads\FRST64.exe
2015-05-22 23:35 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-22 23:35 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-22 23:34 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-22 23:34 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-22 09:03 - 2015-05-22 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
2015-05-22 09:01 - 2015-05-22 09:05 - 00000000 ____D () C:\Program Files\Wipe
2015-05-22 09:01 - 2015-05-22 09:03 - 00000000 ____D () C:\Users\man\AppData\Roaming\Wipe
2015-05-22 08:59 - 2015-05-22 09:08 - 158158304 _____ () C:\Users\man\Downloads\mwav.exe
2015-05-22 08:42 - 2015-05-22 08:42 - 00000000 ____D () C:\windows\SysWOW64\NV
2015-05-22 08:42 - 2015-05-22 08:42 - 00000000 ____D () C:\windows\system32\NV
2015-05-22 04:38 - 2015-05-22 04:38 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-05-22 04:38 - 2015-05-22 04:38 - 00000000 ____D () C:\windows\system32\appraiser
2015-05-22 03:16 - 2015-05-22 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-22 03:15 - 2015-05-22 03:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-22 03:11 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-22 03:11 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-22 02:21 - 2015-05-22 02:21 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-05-21 23:45 - 2015-05-21 23:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-21 23:19 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-21 23:19 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-21 23:19 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-21 23:19 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-21 23:19 - 2015-04-03 23:29 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-21 23:19 - 2015-04-03 23:29 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-21 23:19 - 2015-04-03 23:22 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-21 23:19 - 2015-04-03 23:22 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-21 23:19 - 2015-04-03 23:22 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-21 23:19 - 2015-04-03 23:22 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-21 23:19 - 2015-04-03 23:22 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-21 23:19 - 2015-04-03 23:22 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-21 23:19 - 2015-04-03 23:22 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-21 23:19 - 2015-04-03 23:22 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-21 23:19 - 2015-04-03 23:22 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-21 23:19 - 2015-04-03 23:22 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-21 23:19 - 2015-04-03 23:20 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-21 23:19 - 2015-04-03 23:20 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-21 23:19 - 2015-04-03 23:17 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-21 23:19 - 2015-04-03 23:15 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-21 23:19 - 2015-04-03 23:05 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-21 23:19 - 2015-04-03 23:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-21 23:19 - 2015-04-03 23:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-21 23:19 - 2015-04-03 23:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-21 23:19 - 2015-04-03 23:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-21 23:19 - 2015-04-03 23:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-21 23:19 - 2015-04-03 23:05 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-21 23:19 - 2015-04-03 23:04 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-21 23:19 - 2015-04-03 23:04 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-21 23:19 - 2015-04-03 23:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-21 23:19 - 2015-04-03 22:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-21 23:18 - 2015-04-03 23:17 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-21 23:18 - 2015-04-03 23:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-21 23:17 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-21 23:17 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-21 23:17 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-21 23:17 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-21 23:17 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-21 23:17 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-21 23:17 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-21 23:17 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-21 23:17 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-21 23:17 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-21 23:17 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-21 23:17 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-21 23:17 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-21 23:17 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-21 23:17 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-21 23:16 - 2015-04-21 10:33 - 14374400 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-21 23:16 - 2015-04-21 10:33 - 13771776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-21 23:16 - 2015-04-21 10:33 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-21 23:16 - 2015-04-21 10:33 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-21 23:16 - 2015-04-21 10:33 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-21 23:16 - 2015-04-21 10:33 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-21 23:16 - 2015-04-21 10:33 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-21 23:16 - 2015-04-21 10:33 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-21 23:16 - 2015-04-21 10:33 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-21 23:16 - 2015-04-21 10:33 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-21 23:16 - 2015-04-21 10:33 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-21 23:16 - 2015-04-21 10:32 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-21 23:16 - 2015-04-21 09:53 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-21 23:16 - 2015-04-21 09:53 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-21 23:16 - 2015-04-21 09:53 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-21 23:16 - 2015-04-21 09:52 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-21 23:16 - 2015-04-21 09:52 - 15414784 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-21 23:16 - 2015-04-21 09:52 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-21 23:16 - 2015-04-21 09:52 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-21 23:16 - 2015-04-21 09:52 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-21 23:16 - 2015-04-21 09:52 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-21 23:16 - 2015-04-21 09:52 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-21 23:16 - 2015-04-17 22:37 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-21 23:16 - 2015-04-17 22:34 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-21 23:15 - 2015-04-21 10:33 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-21 23:15 - 2015-04-21 10:33 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-21 23:15 - 2015-04-21 10:33 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-21 23:15 - 2015-04-21 10:33 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-21 23:15 - 2015-04-21 10:33 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-05-21 23:15 - 2015-04-21 10:33 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-21 23:15 - 2015-04-21 10:33 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-21 23:15 - 2015-04-21 10:33 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-21 23:15 - 2015-04-21 09:53 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-21 23:15 - 2015-04-21 09:53 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-21 23:15 - 2015-04-21 09:52 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-21 23:15 - 2015-04-21 09:52 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-21 23:15 - 2015-04-21 09:52 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-21 23:15 - 2015-04-21 09:52 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-21 23:15 - 2015-04-21 09:52 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-05-21 23:15 - 2015-04-21 09:52 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-21 23:15 - 2015-04-21 09:52 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-21 23:15 - 2015-04-21 09:52 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-21 23:15 - 2015-04-21 09:52 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-21 23:15 - 2015-04-17 23:06 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-21 23:15 - 2015-04-17 22:59 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-21 23:15 - 2015-04-17 22:12 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-05-21 23:15 - 2015-04-17 22:09 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-05-21 22:40 - 2015-05-21 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-05-21 22:38 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys
2015-05-21 22:37 - 2015-05-27 23:54 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-05-21 22:12 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-05-21 22:12 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-05-21 22:12 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-05-21 22:12 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-05-21 22:12 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-05-21 22:12 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-05-21 22:12 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-05-21 22:12 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-05-21 22:12 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-05-21 22:12 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-05-21 22:12 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-05-21 22:12 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-05-21 22:12 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-05-21 22:12 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-05-21 22:12 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-05-21 22:12 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-05-21 22:12 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-05-21 22:12 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-05-21 22:11 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-05-21 22:11 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-05-21 22:11 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-05-21 22:11 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-05-21 22:11 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-05-21 22:11 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-05-21 22:11 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-05-21 22:11 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-05-21 22:11 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-21 22:11 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-21 22:11 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-21 22:11 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-21 22:11 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-21 22:11 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-21 22:11 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-21 22:11 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-21 22:11 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-21 22:11 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-21 22:11 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-21 22:11 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-21 22:11 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-21 22:11 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-21 22:11 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-21 22:11 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-21 22:11 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-21 22:11 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-21 22:11 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-21 22:11 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-21 22:11 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-21 22:11 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-21 22:11 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-21 22:11 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-21 22:11 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-21 22:11 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-21 22:11 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-21 22:11 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-21 22:11 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-21 22:11 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-21 22:11 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-21 22:11 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-05-21 22:11 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-05-21 22:11 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-05-21 22:11 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-05-21 22:11 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-05-20 01:56 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-05-20 01:55 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-05-20 01:55 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-05-20 01:54 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-05-20 01:46 - 2015-05-20 01:46 - 00000680 _____ () C:\Users\man\STONE - Shortcut.lnk
2015-05-20 01:24 - 2015-05-20 01:25 - 00138584 _____ (Kaspersky Lab ZAO) C:\Users\man\Downloads\virutkiller.exe
2015-05-20 00:56 - 2015-05-20 01:03 - 02209792 _____ () C:\Users\man\Downloads\AdwCleaner(2).exe
2015-05-20 00:54 - 2015-05-20 01:06 - 159485920 _____ (Emsisoft Ltd. ) C:\Users\man\Downloads\EmsisoftAntiMalwareSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 00:19 - 2013-11-29 02:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-05-28 00:18 - 2013-11-29 02:56 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-05-28 00:15 - 2012-10-15 19:48 - 00002086 _____ () C:\windows\epplauncher.mif
2015-05-28 00:15 - 2010-12-02 21:16 - 01186093 _____ () C:\windows\WindowsUpdate.log
2015-05-28 00:09 - 2012-09-17 12:48 - 00000000 ____D () C:\Users\man\Desktop\CORNER STONE
2015-05-28 00:01 - 2012-05-14 22:15 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 00:01 - 2009-07-14 00:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 00:01 - 2009-07-14 00:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 23:48 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\AppCompat
2015-05-27 23:46 - 2014-01-13 19:36 - 00000000 ____D () C:\ProgramData\VMware
2015-05-27 23:44 - 2011-12-16 00:46 - 00000320 _____ () C:\windows\Tasks\GlaryInitialize.job
2015-05-27 23:44 - 2011-12-12 03:40 - 00000000 ____D () C:\Users\man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-05-27 23:44 - 2010-12-02 21:18 - 00000050 _____ () C:\windows\system32\SupplicantTest.log
2015-05-27 23:43 - 2014-09-27 02:56 - 00000490 _____ () C:\windows\Tasks\Online Backup Update Notifier.job
2015-05-27 23:43 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-27 23:42 - 2014-03-24 12:25 - 00004660 _____ () C:\windows\setupact.log
2015-05-26 20:43 - 2014-08-17 02:41 - 00228174 _____ () C:\windows\PFRO.log
2015-05-26 20:43 - 2012-05-14 22:31 - 00000000 ____D () C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2015-05-23 17:06 - 2010-12-02 21:32 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-05-23 17:06 - 2010-12-02 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-05-23 17:05 - 2010-12-02 21:23 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-05-23 16:44 - 2015-03-22 17:15 - 00000000 ____D () C:\Users\man\Desktop\TOOLS
2015-05-23 16:42 - 2012-10-19 19:52 - 00000000 ____D () C:\Users\man\Desktop\NOTES
2015-05-23 16:26 - 2014-03-23 23:33 - 00000000 ____D () C:\Users\man\AppData\Local\CrashDumps
2015-05-23 15:47 - 2014-08-17 02:47 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 15:46 - 2014-08-17 02:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 01:46 - 2011-12-15 16:36 - 00000000 ___RD () C:\Users\man\Desktop\Windows Utilities
2015-05-22 08:42 - 2010-12-02 21:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-22 07:18 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2015-05-22 05:04 - 2014-08-17 15:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-22 05:04 - 2013-08-19 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-22 05:03 - 2013-08-19 21:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-05-22 04:54 - 2010-12-02 21:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-22 04:53 - 2009-08-01 22:27 - 00000000 ____D () C:\windows\Panther
2015-05-22 04:51 - 2009-07-14 00:45 - 00368816 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-22 04:50 - 2013-05-16 00:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-22 04:50 - 2013-05-16 00:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-22 04:50 - 2012-05-07 21:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 04:38 - 2010-12-03 14:59 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-22 04:38 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-22 04:38 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-05-22 03:58 - 2014-09-03 02:55 - 00002160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-22 03:55 - 2014-09-03 02:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-22 03:55 - 2014-09-03 02:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-22 03:49 - 2013-08-16 11:22 - 00000000 ____D () C:\windows\system32\MRT
2015-05-22 03:16 - 2010-12-02 21:33 - 00000000 ____D () C:\ProgramData\Skype
2015-05-22 03:10 - 2013-05-16 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-20 01:46 - 2011-12-12 03:40 - 00000000 ____D () C:\Users\man
2015-05-20 01:33 - 2015-03-14 23:23 - 00000000 ____D () C:\AdwCleaner
2015-05-20 01:32 - 2013-11-28 01:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-20 01:01 - 2013-08-19 21:09 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-05-20 01:01 - 2013-08-19 21:09 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-05-20 00:51 - 2012-05-14 22:15 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-05-20 00:51 - 2012-05-14 22:15 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-05-20 00:51 - 2011-12-15 22:09 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-30 10:07 - 2011-12-19 18:43 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-19 22:45 - 2011-12-23 17:35 - 0000090 _____ () C:\Users\man\AppData\Local\config.ini
2012-01-24 16:33 - 2012-01-24 16:33 - 0005120 _____ () C:\Users\man\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-19 21:47 - 2012-02-19 21:47 - 0004096 _____ () C:\Users\man\AppData\Local\keyfile3.drm
2011-12-22 12:40 - 2011-12-22 12:41 - 0001562 _____ () C:\Users\man\AppData\Local\PDLSetup.20111222.114059.txt
2012-01-22 23:40 - 2012-01-22 23:40 - 0001564 _____ () C:\Users\man\AppData\Local\PDLSetup.20120122.224013.txt
2012-10-19 19:53 - 2012-10-19 19:53 - 0001564 _____ () C:\Users\man\AppData\Local\PDLSetup.20121019.195331.txt
2014-03-16 22:56 - 2014-03-16 22:56 - 0001564 _____ () C:\Users\man\AppData\Local\PDLSetup.20140316.225613.txt
2014-03-22 01:07 - 2014-03-22 01:07 - 0001564 _____ () C:\Users\man\AppData\Local\PDLSetup.20140322.010743.txt
2011-12-18 22:08 - 2011-12-18 22:08 - 0000017 _____ () C:\Users\man\AppData\Local\resmon.resmoncfg
2010-12-02 21:31 - 2010-12-02 21:31 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-12-02 21:30 - 2010-12-02 21:30 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-12-02 21:26 - 2010-12-02 21:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-12-02 21:30 - 2010-12-02 21:31 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-12-02 21:26 - 2010-12-02 21:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-12-02 21:28 - 2010-12-02 21:29 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some files in TEMP:
====================
C:\Users\man\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 07:10

==================== End of log ============================



#6 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 27 May 2015 - 11:57 PM

see

Attached Files



#7 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 28 May 2015 - 12:03 AM

for some reason was unable to cut paste addition file as text here so attached



#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:38 AM

Posted 30 May 2015 - 11:38 AM

Hello again,
 
Okay...a few things. First, we need to address these:

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}

 
You should not have three installed antivirus programs (whether enabled or not), so I'd like you to follow the below instructions to use RevoUninstaller to remove Avira and MSE. Please keep Emsisoft Anti-Malware on your system:
 
Step :step1:
 
Remove Programs With Revo Uninstaller:

You have unwanted programs on your computer system that should be removed.
I recommend using the following program to do this because it is good at removing any stray remnants that uninstallers often leave behind.

1. Please download REVO UNINSTALLER
and save it on your computer.
 

2. Install Revo Uninstaller on your computer system.   <--You already have this installed

3. Once the program is installed start the program and insure the uninstaller tab is active. (See image below)

revo-main-menu.png

Icons from all your installed programs will appear alphabetically in the main window.

4. Right click the program you wish to uninstall by selecting the program's icon in the main window.
A menu will appear such as that shown below.

revo-uninstall.png

5. Next, choose Uninstall from this menu.

A confirmation from the program you wish to uninstall will appear on your screen, such as the one shown in the image below.

6. Please choose YES that you wish to uninstall the program.

revo-confirm.png

By default, Revo Uninstaller will be set to Moderate uninstall Mode.
Please change it to Advanced by clicking the radio button near Advanced as shown below and then click the NEXT button.

revo-advanced1.png

7. Next, you will see this screen where a system restore back up is made.

uninstall-1.png

The program's built in uninstaller will appear on screen, confirm removal and the uninstall procedure will begin.

confirm.png

The program you uninstalled will confirm it has been uninstalled and may ask for user feedback as shown below. It is really your choice if you wish to take the time to answer their survey, however it is not important if you do or not and you can skip it by clicking NO

uninstall-complete.png

If you are told to reboot to complete the uninstall, choose NO! We still have other things we need to remove from your computer using Revo Uninstaller's other features.

8. Once the program has been successfully uninstalled, click the NEXT button.

next-button.png

Revo Uninstaller will scan your computer for leftover information, files and registry entries.

leftover-info.png

If any registry entries are found, Revo Uninstaller will list those in BOLD text as shown below.

leftover-registry.png

It is safe to remove those entries as they are often only associated with the program you have just removed from your computer system.

9. Look for the Select All button and click it.
All the BOLD entries should now be checked off like shown in the image below.

select-all.png

Look for the DELETE button and click it.
When asked to confirm the deletion, click YES

confirm-delete-registry.png

When finished click the Next button.

Revo may confirm the uninstall is complete and offer a FINISH button. This means the program has been successfully uninstalled and no further action is needed.

If however, any leftover files and folders are found those will be presented. If you want to get rid of them click Select All then Delete.
This will remove those and send them to your RECYCLE BIN. The image below shows Revo Uninstaller asking for your confirmation, before sending them to the recycle bin, simply choose the Yes Button and away they go to the trash. You can then either retrieve them or clean your recycle bin permanently removing them from your computer system.

revo5.png

You can use Revo Uninstaller to remove other unwanted programs from your computer by performing the above procedures for each one. Please also remove the following program as well:
 

HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)


 
==========

 
Once you've removed Avira and MSE, please run this for me next:

Step :step2:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

========================================

In your next reply, please include the following:

  • The Combofix log
  • Did you remove both programs I requested?
  • How is the computer running now...any changes?

bloopie



#9 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 30 May 2015 - 11:53 PM

Ok looks like as soon as I removed the remnants of the Avira and Security Essentials, it is perforning great! wow- windows, files browsers are snapping open and closing with no hesitation or issue! Its like this things is brand new.  Do you still want me to run Combofix?



#10 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 30 May 2015 - 11:55 PM

Thats incredible!



#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:38 AM

Posted 31 May 2015 - 11:30 PM

Hello again,

 

Your logs are pretty clean as is, and running too many antimalware softwares at the same time will only cause trouble.

 

If this made an immediate difference in the performance of the machine, then you may skip Combofix at this time. If we don't need to run it, then we won't run it. :)

 

==========

 

Instead please update Malwarebytes Antimalware, run a hyper-scan (removing anything it finds), and post the log details when finished. I'd like to see if there is anything not showing up in the logs. :wink:

 

bloopie



#12 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 01 June 2015 - 11:18 PM

Ok running now :thumbup2:



#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:38 AM

Posted 02 June 2015 - 05:39 PM

Okay, post when ready! :)



#14 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 02 June 2015 - 11:07 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/2/2015
Scan Time: 12:19:26 AM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.02.01
Rootkit Database: v2015.05.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: man

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 639852
Time Elapsed: 23 hr, 46 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:38 AM

Posted 03 June 2015 - 05:19 PM

Hello again,
 
Okay, well done! :)  Things are looking good! Now I'd like to run one final scan with ESET (this scan may take some time):

ESET Online Scanner:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.
  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download it's components, register itself, and start itself.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.
Don't forget to re-enable your antivirus when finished!

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users