Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Backdoor Trojan, Keylogger, and Multiple Other Viruses


  • This topic is locked This topic is locked
16 replies to this topic

#1 Biina

Biina

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 28 June 2015 - 04:05 PM

Hello,

 

I've been having consistent problems with some malware program(s?) since late April, when I accidentally clicked on a shady-looking link posted to Reddit. I've installed antivirus program after antivirus program to some avail (mostly nailing registry keys and toolbars) but all were ultimately unable to root out whatever's generating the symptoms (suspicious tasks constantly respawning in the task scheduler, generic Windows processes doing things they're not supposed to, very high disk usage, etc.) and were even unable to erase some the stuff they detected!

 

I first suspected a keylogger when, after some incompetent messing around with my (Windows 8.1) security settings, the function key started malfunctioning and sometimes ceased to work altogether! In addition, the audio on my computer would also randomly cut out. I kept trying to update and/or rollback the keyboard and audio drivers with no lasting results. In addition, some of the antivirus programs had discovered a backdoor trojan in their scans (which may or may not have been completely removed).

 

However, I soon discovered that not only were both functions tied together in the Local System (Network Restricted) process but the audio and Stickykeys would restart after I terminated audiodg.exe in the Task Manager! Webroot had completely deleted the audiodg.exe file from my computer once before (which resulted in a frustrating evening of using resources from the Microsoft website to fix the ensuing damage...), so I suspect that file might have gotten reinfected. I certainly hope this isn't the case, but I can imagine pulling out malware that infects system files is a very difficult task!

 

So here's the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015
Ran by Christina (administrator) on CHRISTINA-PC on 28-06-2015 13:40:20
Running from C:\Users\Christina\Downloads
Loaded Profiles: Christina (Available Profiles: Christina)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [517536 2014-04-07] (TOSHIBA)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-05-17] (Webroot)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-21] (Avast Software s.r.o.)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-05-23] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-05-17]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-05-17]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-21] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1413609233-1213670485-2727946159-1001 -> {33F66FB0-AC64-4F7B-80B7-B9A98E8E90B7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-21] (Avast Software s.r.o.)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-02] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-21] (Avast Software s.r.o.)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-02] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-22] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{6A565FF7-A9A4-4DE1-86FA-12853B8108F9}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{B66E3A6E-0AB8-44F9-8093-2569B08C25BD}: [DhcpNameServer] 192.168.152.1

FireFox:
========
FF ProfilePath: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\hcscqtii.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: www.google.com
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-06-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\hcscqtii.default\searchplugins\yahoo-avast.xml [2015-06-21]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-21]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-05-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-21] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-21] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4259808 2014-10-06] (Nuance Communications, Inc.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-06-07] (WildTangent)
S2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-16] (SurfRight B.V.)
S2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [342928 2014-12-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-07-28] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-05-17] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmPeStor; C:\Windows\system32\drivers\AmPeStor.sys [150296 2014-04-29] (Alcor Micro, Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-21] ()
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-06-17] (Emsisoft GmbH)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [222152 2014-08-22] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-07-08] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-07-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [27136 2014-03-24] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-21] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-05-17] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-04] (Webroot)
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-28 12:20 - 2015-06-28 12:20 - 00000000 ____D C:\Users\Christina\Downloads\FRST-OlderVersion
2015-06-28 11:14 - 2015-06-28 11:15 - 21471480 _____ C:\Users\Christina\Downloads\RogueKillerX64(3).exe
2015-06-28 10:45 - 2015-06-28 10:45 - 00000692 _____ C:\Users\Christina\Desktop\JRT.txt
2015-06-22 23:04 - 2015-05-11 13:17 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-06-22 23:04 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-22 23:04 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-06-22 23:04 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-06-22 23:04 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-06-22 23:04 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-22 23:04 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-22 23:04 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-06-22 23:04 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-06-22 23:04 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-22 23:04 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-06-22 23:04 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-06-22 22:55 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-22 22:55 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-06-22 22:55 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-06-22 22:55 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-06-22 22:55 - 2015-04-30 20:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-06-22 22:55 - 2015-04-30 20:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-06-22 22:55 - 2015-04-30 20:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-06-22 22:55 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-06-22 22:55 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-06-22 22:55 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-22 22:55 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-22 22:54 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-06-22 22:54 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-22 22:54 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-06-22 22:54 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-06-22 22:54 - 2015-05-01 18:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-21 22:43 - 2015-06-21 22:43 - 00000000 ____D C:\Users\Christina\AppData\Roaming\AVAST Software
2015-06-21 22:42 - 2015-06-21 22:43 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-06-21 22:42 - 2015-06-21 22:43 - 00000000 ____D C:\Windows\system32\vbox
2015-06-21 22:42 - 2015-06-21 22:42 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-21 22:42 - 2015-06-21 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-21 22:41 - 2015-06-27 16:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-21 22:41 - 2015-06-27 16:33 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-21 22:41 - 2015-06-21 22:41 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys.1435441164750
2015-06-21 22:41 - 2015-06-21 22:41 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-21 22:41 - 2015-06-21 22:41 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-21 22:41 - 2015-06-21 22:41 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-21 22:38 - 2015-06-21 22:38 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-21 22:36 - 2015-06-21 22:36 - 05499984 _____ (Avast Software s.r.o.) C:\Users\Christina\Downloads\avast_free_antivirus_setup_online.exe
2015-06-21 21:40 - 2015-06-21 21:40 - 00451288 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150621.214044.1400.log
2015-06-21 21:40 - 2015-06-21 21:40 - 00000022 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150621.214044.1400.zip
2015-06-21 21:19 - 2015-06-21 21:20 - 02244096 _____ C:\Users\Christina\Downloads\adwcleaner_4.207.exe
2015-06-18 23:05 - 2015-06-18 23:05 - 02870984 _____ (ESET) C:\Users\Christina\Downloads\esetsmartinstaller_enu.exe
2015-06-18 23:05 - 2015-06-18 23:05 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-17 23:23 - 2015-06-17 23:23 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-17 23:23 - 2015-06-17 23:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-17 23:23 - 2015-06-17 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-17 23:22 - 2015-06-17 23:23 - 42898560 _____ (Skype Technologies S.A.) C:\Users\Christina\Downloads\SkypeSetupFull.exe
2015-06-17 18:18 - 2015-06-17 18:11 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-06-17 00:33 - 2015-06-28 12:22 - 00044143 _____ C:\Users\Christina\Downloads\Shortcut.txt
2015-06-17 00:26 - 2015-06-28 12:20 - 02112512 _____ (Farbar) C:\Users\Christina\Downloads\FRST64.exe
2015-06-16 23:38 - 2015-06-16 23:38 - 00290568 _____ C:\Windows\Minidump\061615-39625-01.dmp
2015-06-16 23:38 - 2015-06-16 23:38 - 00000000 ____D C:\Windows\Minidump
2015-06-16 23:37 - 2015-06-16 23:37 - 563572484 _____ C:\Windows\MEMORY.DMP
2015-06-16 23:33 - 2015-06-16 23:33 - 00003712 _____ C:\Users\Christina\Documents\HitmanPro_20150616_2333.log
2015-06-16 23:33 - 2015-06-16 23:33 - 00000334 _____ C:\Windows\system32\.crusader
2015-06-16 23:28 - 2015-06-16 23:28 - 21446904 _____ C:\Users\Christina\Downloads\RogueKillerX64(2).exe
2015-06-16 21:25 - 2015-06-27 16:33 - 00000000 ____D C:\EEK
2015-06-16 21:25 - 2015-06-16 21:25 - 00000766 _____ C:\Users\Christina\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-16 21:18 - 2015-06-28 00:24 - 00000000 ____D C:\Program Files\HitmanPro
2015-06-16 21:18 - 2015-06-16 23:33 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-16 21:18 - 2015-06-16 21:18 - 00001920 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-06-16 21:18 - 2015-06-16 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-06-16 21:17 - 2015-06-16 21:17 - 00451288 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150616.211744.828.log
2015-06-16 21:17 - 2015-06-16 21:17 - 00000022 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150616.211744.828.zip
2015-06-16 21:11 - 2015-06-16 21:16 - 158618944 _____ C:\Users\Christina\Downloads\EmsisoftEmergencyKit.exe
2015-06-16 21:09 - 2015-06-16 21:09 - 00221384 _____ (ESET) C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe
2015-06-16 21:08 - 2015-06-16 21:09 - 11032736 _____ (SurfRight B.V.) C:\Users\Christina\Downloads\HitmanPro_x64.exe
2015-06-14 23:03 - 2015-06-14 23:05 - 21426424 _____ C:\Users\Christina\Downloads\RogueKillerX64(1).exe
2015-06-14 20:27 - 2015-06-14 20:27 - 02945697 _____ (Thisisu) C:\Users\Christina\Downloads\JRT(1).exe
2015-06-10 21:42 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 21:42 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 21:42 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 21:42 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 21:42 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 21:42 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 21:42 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 21:42 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 21:42 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 21:42 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 21:42 - 2015-05-22 21:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 21:42 - 2015-05-22 21:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 21:42 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 21:42 - 2015-05-22 21:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 21:42 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 21:42 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 21:42 - 2015-05-22 21:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 21:42 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 21:42 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 21:42 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 21:42 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 21:42 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 21:42 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 21:42 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 21:42 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 21:42 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 21:42 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 21:42 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 21:42 - 2015-05-22 13:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 21:42 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 21:42 - 2015-05-22 13:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 21:42 - 2015-05-22 13:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 21:42 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 21:42 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 21:42 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 21:42 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 21:42 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 21:42 - 2015-05-22 12:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 21:42 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 21:42 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 21:41 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 21:41 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 20:45 - 2015-05-21 11:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 12:30 - 2015-06-09 12:30 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-07 17:18 - 2015-06-07 17:18 - 00002601 ____N C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2015-06-07 17:18 - 2015-06-07 17:18 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Mozilla
2015-06-07 17:18 - 2015-06-07 17:18 - 00000000 ____D C:\Users\Christina\AppData\Local\Mozilla
2015-06-07 17:17 - 2015-06-21 23:00 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-07 17:17 - 2015-06-21 23:00 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-07 17:17 - 2015-06-07 17:17 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-07 17:17 - 2015-06-07 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-07 17:17 - 2015-06-07 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-07 17:16 - 2015-06-07 17:16 - 00243408 _____ C:\Users\Christina\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-04 22:33 - 2015-06-04 22:33 - 00001776 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-04 22:33 - 2015-06-04 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-04 22:32 - 2015-06-04 22:33 - 00000000 ____D C:\Program Files\iTunes
2015-06-04 22:32 - 2015-06-04 22:32 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-06-04 22:32 - 2015-06-04 22:32 - 00000000 ____D C:\Program Files\iPod
2015-06-04 22:32 - 2015-06-04 22:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-04 22:32 - 2015-06-04 22:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-04 22:26 - 2015-06-04 22:31 - 152362800 _____ (Apple Inc.) C:\Users\Christina\Downloads\iTunes6464Setup (1).exe
2015-06-04 22:18 - 2015-06-04 22:18 - 00000000 ____D C:\Users\Christina\AppData\Local\GWX
2015-06-02 22:11 - 2015-06-02 22:11 - 01384064 _____ (Skype Technologies S.A.) C:\Users\Christina\Downloads\SkypeSetup.exe
2015-06-02 12:58 - 2015-05-25 08:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-02 12:58 - 2015-05-25 08:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-02 12:58 - 2015-05-22 08:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-02 12:58 - 2015-05-21 08:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-02 12:58 - 2015-05-21 08:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-02 12:58 - 2015-05-21 08:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-02 12:58 - 2015-05-21 08:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-02 12:58 - 2015-05-21 08:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-02 12:58 - 2015-05-21 08:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-02 12:58 - 2015-05-15 17:01 - 00133288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-02 12:58 - 2015-05-15 16:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-02 12:58 - 2015-05-15 15:47 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-02 12:58 - 2015-05-15 15:23 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-02 12:58 - 2015-05-15 14:42 - 03682304 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-02 12:58 - 2015-05-15 14:32 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-02 12:58 - 2015-05-15 14:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-02 12:58 - 2015-05-15 14:28 - 02223104 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-02 12:58 - 2015-05-15 14:28 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-06-02 12:58 - 2015-05-15 14:28 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-02 12:58 - 2015-05-15 14:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-02 12:58 - 2015-05-15 14:21 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-02 12:58 - 2015-05-15 14:21 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-02 12:58 - 2015-05-15 14:19 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-02 12:58 - 2015-05-15 14:19 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-02 12:58 - 2015-04-16 17:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-02 08:19 - 2015-06-02 08:19 - 04402098 _____ C:\Users\Christina\Documents\webroot scan log.log
2015-06-01 21:39 - 2015-06-01 21:39 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-01 20:32 - 2015-06-01 20:32 - 00003144 _____ C:\Windows\System32\Tasks\RTKCPL
2015-06-01 20:32 - 2015-06-01 20:32 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-06-01 20:32 - 2015-06-01 20:01 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-06-01 20:32 - 2015-06-01 20:01 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-06-01 20:32 - 2015-06-01 20:01 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-06-01 20:32 - 2015-06-01 20:01 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-06-01 20:32 - 2015-06-01 20:01 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-06-01 20:32 - 2015-06-01 20:01 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-06-01 20:32 - 2015-06-01 20:01 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-06-01 20:32 - 2015-06-01 20:01 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-06-01 20:32 - 2015-06-01 20:01 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-06-01 20:32 - 2015-06-01 20:01 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-06-01 20:32 - 2015-06-01 20:01 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-06-01 20:32 - 2015-06-01 20:01 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-06-01 20:31 - 2015-06-01 20:01 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-06-01 20:31 - 2015-06-01 20:01 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 04430808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-06-01 20:31 - 2015-06-01 20:01 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 03182104 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 02907864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 02812632 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-06-01 20:31 - 2015-06-01 20:01 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 01954478 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-06-01 20:31 - 2015-06-01 20:01 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 01709272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 01499984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 01298136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 01104040 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00979280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00943784 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00734376 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00250536 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-06-01 20:31 - 2015-06-01 20:01 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-06-01 20:31 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-06-01 20:31 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-06-01 20:31 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-06-01 20:31 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-06-01 20:31 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-06-01 20:30 - 2015-06-01 20:01 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-06-01 20:30 - 2015-06-01 20:01 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-06-01 20:30 - 2015-06-01 20:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2015-06-01 20:30 - 2015-06-01 20:01 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-06-01 20:30 - 2015-06-01 20:01 - 00096568 _____ C:\Windows\system32\audioLibVc.dll
2015-06-01 20:30 - 2014-09-24 11:31 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-06-01 20:30 - 2014-09-24 11:31 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-06-01 20:30 - 2014-09-24 11:31 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-06-01 20:30 - 2014-09-24 11:31 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-06-01 20:01 - 2015-06-01 20:01 - 00000000 ____D C:\Users\Christina\Downloads\Realtek Audio 6.0.1.7464 Win7_Win8.1 (1)
2015-06-01 19:50 - 2015-06-01 19:56 - 204570621 _____ C:\Users\Christina\Downloads\Realtek Audio 6.0.1.7464 Win7_Win8.1 (1).zip
2015-06-01 19:44 - 2015-06-01 19:47 - 204570621 _____ C:\Users\Christina\Downloads\Realtek Audio 6.0.1.7464 Win7_Win8.1.zip
2015-06-01 19:40 - 2015-06-01 19:40 - 00000000 ____D C:\Users\Christina\AppData\Local\Intel
2015-06-01 19:39 - 2015-06-01 19:39 - 00001193 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-06-01 19:39 - 2015-06-01 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-06-01 19:39 - 2015-06-01 19:39 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-06-01 19:38 - 2015-06-01 19:38 - 02333416 _____ (Intel) C:\Users\Christina\Downloads\Intel Driver Update Utility Installer.exe
2015-06-01 19:36 - 2015-06-01 19:36 - 00014636 _____ C:\Users\Christina\Downloads\AudioPlaybackDiagnostic.diagcab
2015-06-01 19:19 - 2015-06-01 19:19 - 00000000 ____D C:\Windows\system32\SRSLabs
2015-06-01 18:27 - 2015-06-01 18:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-01 18:22 - 2015-06-01 18:22 - 02947766 _____ (Thisisu) C:\Users\Christina\Desktop\JRT.exe
2015-06-01 18:05 - 2015-06-28 13:40 - 00025454 _____ C:\Users\Christina\Downloads\FRST.txt
2015-06-01 18:05 - 2015-06-28 13:40 - 00000000 ____D C:\FRST
2015-06-01 18:05 - 2015-06-28 12:22 - 00033803 _____ C:\Users\Christina\Downloads\Addition.txt
2015-06-01 17:45 - 2015-06-01 17:45 - 00001302 _____ C:\Users\Christina\Desktop\SystemLook.txt
2015-06-01 17:44 - 2015-06-01 17:44 - 00139264 _____ C:\Users\Christina\Desktop\SystemLook.exe
2015-06-01 17:38 - 2015-06-01 17:39 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Christina\Desktop\tdsskiller.exe
2015-06-01 16:32 - 2015-06-28 01:44 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Skype
2015-06-01 16:32 - 2015-06-01 16:32 - 00000000 ____D C:\Users\Christina\AppData\Local\Skype
2015-06-01 16:27 - 2015-04-16 01:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-01 16:27 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-01 16:27 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-01 16:27 - 2015-04-09 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-01 16:27 - 2015-04-09 19:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-01 16:27 - 2015-03-31 23:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-01 16:27 - 2015-03-31 23:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-01 16:27 - 2015-03-31 23:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-01 16:27 - 2015-03-31 23:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-01 16:27 - 2015-03-31 22:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-01 16:27 - 2015-03-31 22:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-01 16:27 - 2015-03-31 22:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-01 16:27 - 2015-03-31 21:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-01 16:27 - 2015-03-31 21:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-01 16:27 - 2015-03-31 21:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-01 16:27 - 2015-03-31 21:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-01 16:27 - 2015-03-31 21:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-01 16:27 - 2015-03-31 21:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-01 16:27 - 2015-03-19 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-01 16:27 - 2015-03-19 22:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-01 16:27 - 2015-03-19 21:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-01 16:27 - 2015-03-19 21:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-01 16:27 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-01 16:27 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-01 16:24 - 2015-04-08 17:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-01 15:46 - 2015-06-07 17:17 - 00000000 ____D C:\Users\Christina\AppData\Roaming\WildTangent
2015-05-30 02:26 - 2015-05-30 02:26 - 03627588 _____ C:\Users\Christina\Documents\scan log.log
2015-05-29 23:57 - 2015-05-29 23:57 - 02948651 _____ (Thisisu) C:\Users\Christina\Downloads\JRT (4).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-28 13:02 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-28 11:37 - 2015-01-19 07:48 - 01963363 _____ C:\Windows\WindowsUpdate.log
2015-06-28 11:16 - 2015-05-09 21:08 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-28 10:42 - 2015-05-09 23:32 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFB0FB57-B8C4-4E62-AA68-411E1A4ACD69}
2015-06-28 10:41 - 2015-05-07 19:56 - 00000000 ____D C:\AdwCleaner
2015-06-28 01:47 - 2015-05-10 20:47 - 00000000 ____D C:\Users\Christina\AppData\Local\CrashDumps
2015-06-28 00:50 - 2014-03-18 04:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-28 00:47 - 2013-08-22 09:46 - 00040453 _____ C:\Windows\setupact.log
2015-06-28 00:44 - 2015-05-20 03:27 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1413609233-1213670485-2727946159-1001
2015-06-27 16:44 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-27 16:34 - 2015-01-19 07:57 - 00053764 _____ C:\Windows\SysWOW64\Gms.log
2015-06-27 16:32 - 2015-05-17 22:59 - 00000770 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-06-27 16:32 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-25 23:17 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-06-25 11:22 - 2015-05-17 21:47 - 00000000 ____D C:\ProgramData\WRData
2015-06-24 22:14 - 2015-04-27 00:56 - 00000000 ____D C:\Users\Christina\Documents\To-Do Lists
2015-06-23 21:04 - 2015-05-22 01:30 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 20:50 - 2014-03-18 04:44 - 01383192 _____ C:\Windows\PFRO.log
2015-06-23 20:10 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-23 19:50 - 2015-03-29 19:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-22 23:08 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-22 23:08 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore
2015-06-22 23:08 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-21 12:51 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-19 22:02 - 2015-03-31 19:12 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 22:02 - 2015-03-31 19:12 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 11:18 - 2015-03-29 16:38 - 00000000 ____D C:\Users\Christina
2015-06-17 23:23 - 2015-01-19 08:36 - 00000000 ____D C:\ProgramData\Skype
2015-06-16 23:43 - 2015-05-04 21:59 - 00000000 ____D C:\ProgramData\Intel® Update Manager
2015-06-16 23:43 - 2015-01-19 07:51 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-15 14:00 - 2015-05-12 00:58 - 00002190 _____ C:\Users\Christina\Desktop\Rkill.txt
2015-06-11 13:44 - 2015-04-20 01:18 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieBrowserModeList
2015-06-11 13:44 - 2015-03-29 17:28 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieUserList
2015-06-11 13:44 - 2015-03-29 17:28 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieSiteList
2015-06-10 21:50 - 2013-08-22 09:44 - 00492000 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 21:47 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 21:46 - 2015-04-03 00:12 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 21:44 - 2015-04-03 00:12 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 11:48 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Registration
2015-06-07 17:18 - 2014-11-12 01:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-07 17:18 - 2014-11-12 01:38 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2015-06-07 17:17 - 2014-11-12 01:38 - 00000000 ____D C:\ProgramData\WildTangent
2015-06-04 22:32 - 2015-04-01 14:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-04 22:31 - 2015-04-01 14:22 - 00000000 ____D C:\ProgramData\Apple
2015-06-04 22:24 - 2015-05-17 22:41 - 00041040 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2015-06-04 20:26 - 2015-04-11 20:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-04 20:17 - 2015-05-04 22:04 - 00000000 ____D C:\ProgramData\Intel
2015-06-04 20:17 - 2015-01-19 07:48 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-04 20:16 - 2015-01-19 07:58 - 00104818 _____ C:\Windows\DPINST.LOG
2015-06-04 20:16 - 2015-01-19 07:49 - 00000000 ____D C:\Program Files\Intel
2015-06-02 13:00 - 2015-04-15 16:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-02 13:00 - 2015-04-05 22:10 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-02 09:27 - 2014-11-12 01:57 - 00000000 ____D C:\ProgramData\CyberLink
2015-06-02 09:27 - 2014-11-12 01:56 - 00000000 ____D C:\ProgramData\Temp
2015-06-02 09:27 - 2014-11-12 01:56 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-06-02 09:27 - 2014-11-12 01:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-01 21:07 - 2015-04-03 00:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-01 21:07 - 2015-04-03 00:35 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-01 21:07 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-06-01 21:07 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\inetsrv
2015-06-01 20:33 - 2015-01-19 07:56 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-01 20:30 - 2015-05-17 22:41 - 00000000 ____D C:\Users\Christina\AppData\Local\lptmp163351052
2015-06-01 20:27 - 2015-01-19 07:56 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-06-01 20:01 - 2015-01-19 07:56 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-06-01 16:08 - 2015-05-10 22:03 - 00042321 _____ C:\Windows\iis.log
2015-06-01 16:08 - 2015-05-10 22:02 - 00000000 ____D C:\inetpub

==================== Files in the root of some directories =======

2015-05-17 22:41 - 2015-05-17 22:41 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-04-28 21:12 - 2015-04-28 21:39 - 0007609 _____ () C:\Users\Christina\AppData\Local\Resmon.ResmonCfg
2015-01-19 07:57 - 2015-01-19 07:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-12 01:56 - 2014-11-12 01:56 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
C:\Users\Christina\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-21 14:39

==================== End of log ============================

 

The addition and shortcut logs are attatched with this post, but please let me know if they need to be copied into the actual post! I'm having trouble remembering all the guidelines for these topics.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 03 July 2015 - 04:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/581226 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Biina

Biina
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 04 July 2015 - 12:32 AM

Alrighty, here's the update:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Christina (administrator) on CHRISTINA-PC on 03-07-2015 23:12:38
Running from C:\Users\Christina\Desktop
Loaded Profiles: Christina (Available Profiles: Christina)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [517536 2014-04-07] (TOSHIBA)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-05-17] (Webroot)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-21] (Avast Software s.r.o.)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-05-23] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-05-17]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-05-17]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-21] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1413609233-1213670485-2727946159-1001 -> {33F66FB0-AC64-4F7B-80B7-B9A98E8E90B7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-21] (Avast Software s.r.o.)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-02] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-21] (Avast Software s.r.o.)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-02] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-22] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{6A565FF7-A9A4-4DE1-86FA-12853B8108F9}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{B66E3A6E-0AB8-44F9-8093-2569B08C25BD}: [DhcpNameServer] 192.168.152.1

FireFox:
========
FF ProfilePath: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\hcscqtii.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: www.google.com
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-06-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\hcscqtii.default\searchplugins\yahoo-avast.xml [2015-06-21]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-21]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-05-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-21] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-21] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4259808 2014-10-06] (Nuance Communications, Inc.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-06-07] (WildTangent)
S2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-16] (SurfRight B.V.)
S2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [342928 2014-12-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-07-28] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-05-17] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmPeStor; C:\Windows\system32\drivers\AmPeStor.sys [150296 2014-04-29] (Alcor Micro, Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-21] ()
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-06-17] (Emsisoft GmbH)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [222152 2014-08-22] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-07-08] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-07-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [27136 2014-03-24] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-21] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-05-17] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-04] (Webroot)
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-03 23:12 - 2015-07-03 23:13 - 00025607 _____ C:\Users\Christina\Desktop\FRST.txt
2015-07-03 23:02 - 2015-07-03 23:02 - 02112512 _____ (Farbar) C:\Users\Christina\Downloads\FRST64(1).exe
2015-07-03 23:02 - 2015-07-03 23:02 - 02112512 _____ (Farbar) C:\Users\Christina\Desktop\FRST64.exe
2015-07-03 16:03 - 2015-07-03 16:03 - 00000606 _____ C:\Users\Christina\Desktop\JRT.txt
2015-07-02 21:17 - 2015-07-02 21:18 - 21692664 _____ C:\Users\Christina\Downloads\RogueKillerX64(4).exe
2015-06-28 12:20 - 2015-06-28 12:20 - 00000000 ____D C:\Users\Christina\Downloads\FRST-OlderVersion
2015-06-28 11:14 - 2015-06-28 11:15 - 21471480 _____ C:\Users\Christina\Downloads\RogueKillerX64(3).exe
2015-06-22 23:04 - 2015-05-11 13:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-06-22 23:04 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-22 23:04 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-06-22 23:04 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-06-22 23:04 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-06-22 23:04 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-22 23:04 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-22 23:04 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-06-22 23:04 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-06-22 23:04 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-22 23:04 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-06-22 23:04 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-06-22 22:55 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-22 22:55 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-06-22 22:55 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-06-22 22:55 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-06-22 22:55 - 2015-04-30 20:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-06-22 22:55 - 2015-04-30 20:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-06-22 22:55 - 2015-04-30 20:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-06-22 22:55 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-06-22 22:55 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-06-22 22:55 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-22 22:55 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-22 22:54 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-06-22 22:54 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-22 22:54 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-06-22 22:54 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-06-22 22:54 - 2015-05-01 18:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-21 22:43 - 2015-06-21 22:43 - 00000000 ____D C:\Users\Christina\AppData\Roaming\AVAST Software
2015-06-21 22:42 - 2015-06-21 22:43 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-06-21 22:42 - 2015-06-21 22:43 - 00000000 ____D C:\Windows\system32\vbox
2015-06-21 22:42 - 2015-06-21 22:42 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-21 22:42 - 2015-06-21 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-21 22:41 - 2015-06-27 16:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-21 22:41 - 2015-06-27 16:33 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-21 22:41 - 2015-06-21 22:41 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys.1435441164750
2015-06-21 22:41 - 2015-06-21 22:41 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-21 22:41 - 2015-06-21 22:41 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-21 22:41 - 2015-06-21 22:41 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-21 22:38 - 2015-06-21 22:38 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-21 22:36 - 2015-06-21 22:36 - 05499984 _____ (Avast Software s.r.o.) C:\Users\Christina\Downloads\avast_free_antivirus_setup_online.exe
2015-06-21 21:40 - 2015-06-21 21:40 - 00451288 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150621.214044.1400.log
2015-06-21 21:40 - 2015-06-21 21:40 - 00000022 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150621.214044.1400.zip
2015-06-21 21:19 - 2015-06-21 21:20 - 02244096 _____ C:\Users\Christina\Downloads\adwcleaner_4.207.exe
2015-06-18 23:05 - 2015-06-18 23:05 - 02870984 _____ (ESET) C:\Users\Christina\Downloads\esetsmartinstaller_enu.exe
2015-06-18 23:05 - 2015-06-18 23:05 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-17 23:23 - 2015-06-17 23:23 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-17 23:23 - 2015-06-17 23:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-17 23:23 - 2015-06-17 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-17 23:22 - 2015-06-17 23:23 - 42898560 _____ (Skype Technologies S.A.) C:\Users\Christina\Downloads\SkypeSetupFull.exe
2015-06-17 18:18 - 2015-06-17 18:11 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-06-17 00:33 - 2015-06-28 13:40 - 00044143 _____ C:\Users\Christina\Downloads\Shortcut.txt
2015-06-17 00:26 - 2015-06-28 12:20 - 02112512 _____ (Farbar) C:\Users\Christina\Downloads\FRST64.exe
2015-06-16 23:38 - 2015-06-16 23:38 - 00290568 _____ C:\Windows\Minidump\061615-39625-01.dmp
2015-06-16 23:38 - 2015-06-16 23:38 - 00000000 ____D C:\Windows\Minidump
2015-06-16 23:37 - 2015-06-16 23:37 - 563572484 _____ C:\Windows\MEMORY.DMP
2015-06-16 23:33 - 2015-06-16 23:33 - 00003712 _____ C:\Users\Christina\Documents\HitmanPro_20150616_2333.log
2015-06-16 23:33 - 2015-06-16 23:33 - 00000334 _____ C:\Windows\system32\.crusader
2015-06-16 23:28 - 2015-06-16 23:28 - 21446904 _____ C:\Users\Christina\Downloads\RogueKillerX64(2).exe
2015-06-16 21:25 - 2015-07-03 22:41 - 00000000 ____D C:\EEK
2015-06-16 21:25 - 2015-06-16 21:25 - 00000766 _____ C:\Users\Christina\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-16 21:18 - 2015-06-28 00:24 - 00000000 ____D C:\Program Files\HitmanPro
2015-06-16 21:18 - 2015-06-16 23:33 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-16 21:18 - 2015-06-16 21:18 - 00001920 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-06-16 21:18 - 2015-06-16 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-06-16 21:17 - 2015-06-16 21:17 - 00451288 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150616.211744.828.log
2015-06-16 21:17 - 2015-06-16 21:17 - 00000022 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150616.211744.828.zip
2015-06-16 21:11 - 2015-06-16 21:16 - 158618944 _____ C:\Users\Christina\Downloads\EmsisoftEmergencyKit.exe
2015-06-16 21:09 - 2015-06-16 21:09 - 00221384 _____ (ESET) C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe
2015-06-16 21:08 - 2015-06-16 21:09 - 11032736 _____ (SurfRight B.V.) C:\Users\Christina\Downloads\HitmanPro_x64.exe
2015-06-14 23:03 - 2015-06-14 23:05 - 21426424 _____ C:\Users\Christina\Downloads\RogueKillerX64(1).exe
2015-06-14 20:27 - 2015-06-14 20:27 - 02945697 _____ (Thisisu) C:\Users\Christina\Downloads\JRT(1).exe
2015-06-10 21:42 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 21:42 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 21:42 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 21:42 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 21:42 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 21:42 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 21:42 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 21:42 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 21:42 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 21:42 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 21:42 - 2015-05-22 21:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 21:42 - 2015-05-22 21:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 21:42 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 21:42 - 2015-05-22 21:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 21:42 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 21:42 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 21:42 - 2015-05-22 21:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 21:42 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 21:42 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 21:42 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 21:42 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 21:42 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 21:42 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 21:42 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 21:42 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 21:42 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 21:42 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 21:42 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 21:42 - 2015-05-22 13:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 21:42 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 21:42 - 2015-05-22 13:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 21:42 - 2015-05-22 13:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 21:42 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 21:42 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 21:42 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 21:42 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 21:42 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 21:42 - 2015-05-22 12:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 21:42 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 21:42 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 21:41 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 21:41 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 20:45 - 2015-05-21 11:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 12:30 - 2015-06-09 12:30 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-07 17:18 - 2015-06-07 17:18 - 00002601 ____N C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2015-06-07 17:18 - 2015-06-07 17:18 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Mozilla
2015-06-07 17:18 - 2015-06-07 17:18 - 00000000 ____D C:\Users\Christina\AppData\Local\Mozilla
2015-06-07 17:17 - 2015-06-21 23:00 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-07 17:17 - 2015-06-21 23:00 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-07 17:17 - 2015-06-07 17:17 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-07 17:17 - 2015-06-07 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-07 17:17 - 2015-06-07 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-07 17:16 - 2015-06-07 17:16 - 00243408 _____ C:\Users\Christina\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-04 22:33 - 2015-06-04 22:33 - 00001776 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-04 22:33 - 2015-06-04 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-04 22:32 - 2015-06-04 22:33 - 00000000 ____D C:\Program Files\iTunes
2015-06-04 22:32 - 2015-06-04 22:32 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-06-04 22:32 - 2015-06-04 22:32 - 00000000 ____D C:\Program Files\iPod
2015-06-04 22:32 - 2015-06-04 22:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-04 22:32 - 2015-06-04 22:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-04 22:26 - 2015-06-04 22:31 - 152362800 _____ (Apple Inc.) C:\Users\Christina\Downloads\iTunes6464Setup (1).exe
2015-06-04 22:18 - 2015-06-04 22:18 - 00000000 ____D C:\Users\Christina\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-03 23:12 - 2015-06-01 18:05 - 00000000 ____D C:\FRST
2015-07-03 23:02 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-03 22:49 - 2015-01-19 07:48 - 01200366 _____ C:\Windows\WindowsUpdate.log
2015-07-03 22:41 - 2013-08-22 09:46 - 00040801 _____ C:\Windows\setupact.log
2015-07-03 20:25 - 2015-05-09 23:32 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFB0FB57-B8C4-4E62-AA68-411E1A4ACD69}
2015-07-03 18:01 - 2015-04-27 00:56 - 00000000 ____D C:\Users\Christina\Documents\To-Do Lists
2015-07-02 21:35 - 2015-05-20 03:27 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1413609233-1213670485-2727946159-1001
2015-07-02 21:31 - 2015-05-09 21:08 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-02 21:14 - 2015-05-07 19:56 - 00000000 ____D C:\AdwCleaner
2015-07-02 20:23 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-30 12:27 - 2015-05-10 20:47 - 00000000 ____D C:\Users\Christina\AppData\Local\CrashDumps
2015-06-28 13:41 - 2015-06-01 18:05 - 00065974 _____ C:\Users\Christina\Downloads\FRST.txt
2015-06-28 13:40 - 2015-06-01 18:05 - 00033803 _____ C:\Users\Christina\Downloads\Addition.txt
2015-06-28 01:44 - 2015-06-01 16:32 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Skype
2015-06-28 00:50 - 2014-03-18 04:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-27 16:34 - 2015-01-19 07:57 - 00379574 _____ C:\Windows\SysWOW64\Gms.log
2015-06-27 16:32 - 2015-05-17 22:59 - 00000770 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-06-27 16:32 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-25 23:17 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-06-25 11:22 - 2015-05-17 21:47 - 00000000 ____D C:\ProgramData\WRData
2015-06-23 21:04 - 2015-05-22 01:30 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 20:50 - 2014-03-18 04:44 - 01383192 _____ C:\Windows\PFRO.log
2015-06-23 20:10 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-23 19:50 - 2015-03-29 19:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-22 23:08 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-22 23:08 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore
2015-06-22 23:08 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-21 12:51 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-19 22:02 - 2015-03-31 19:12 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 22:02 - 2015-03-31 19:12 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 11:18 - 2015-03-29 16:38 - 00000000 ____D C:\Users\Christina
2015-06-17 23:23 - 2015-01-19 08:36 - 00000000 ____D C:\ProgramData\Skype
2015-06-16 23:43 - 2015-05-04 21:59 - 00000000 ____D C:\ProgramData\Intel® Update Manager
2015-06-16 23:43 - 2015-01-19 07:51 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-15 14:00 - 2015-05-12 00:58 - 00002190 _____ C:\Users\Christina\Desktop\Rkill.txt
2015-06-11 13:44 - 2015-04-20 01:18 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieBrowserModeList
2015-06-11 13:44 - 2015-03-29 17:28 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieUserList
2015-06-11 13:44 - 2015-03-29 17:28 - 00000000 __SHD C:\Users\Christina\AppData\Local\EmieSiteList
2015-06-10 21:50 - 2013-08-22 09:44 - 00492000 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 21:47 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 21:46 - 2015-04-03 00:12 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 21:44 - 2015-04-03 00:12 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 11:48 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Registration
2015-06-07 17:18 - 2014-11-12 01:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-07 17:18 - 2014-11-12 01:38 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2015-06-07 17:17 - 2015-06-01 15:46 - 00000000 ____D C:\Users\Christina\AppData\Roaming\WildTangent
2015-06-07 17:17 - 2014-11-12 01:38 - 00000000 ____D C:\ProgramData\WildTangent
2015-06-04 22:32 - 2015-04-01 14:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-04 22:31 - 2015-04-01 14:22 - 00000000 ____D C:\ProgramData\Apple
2015-06-04 22:24 - 2015-05-17 22:41 - 00041040 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2015-06-04 20:26 - 2015-04-11 20:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-04 20:17 - 2015-05-04 22:04 - 00000000 ____D C:\ProgramData\Intel
2015-06-04 20:17 - 2015-01-19 07:48 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-04 20:16 - 2015-01-19 07:58 - 00104818 _____ C:\Windows\DPINST.LOG
2015-06-04 20:16 - 2015-01-19 07:49 - 00000000 ____D C:\Program Files\Intel

==================== Files in the root of some directories =======

2015-05-17 22:41 - 2015-05-17 22:41 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-04-28 21:12 - 2015-04-28 21:39 - 0007609 _____ () C:\Users\Christina\AppData\Local\Resmon.ResmonCfg
2015-01-19 07:57 - 2015-01-19 07:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-12 01:56 - 2014-11-12 01:56 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
C:\Users\Christina\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-28 22:40

==================== End of log ============================

 

There are some things I forgot to add in my first post:

 

-- While the major problems started on and since April 29th, I started having issues once I began updating my drivers (off the Toshiba and Intel websites). My computer seemed to have some resolution issues when I first booted it up this spring, but the risk of updating Intel drivers is beginning to seem like more trouble than it's worth! The last computer I had (which ran Windows 7) got infected around the first time I tried it years ago with something using the Bluetooth service that I'm not sure was ever fully removed. Poor thing; it was a very reliable computer until I totaled both the system (as mentioned above) and later the motherboard by using a generic power cord. :( But I backed up everything from that computer on a hard drive to transfer to this computer... is it possible for viruses to spread to new computers using that route?

 

--The laptop's performance has dived since I posted the first log here. After a few days of this getting worse and worse, I finally gave in today and ran some more virus scans. The only one that produced results was Emsisoft, which found two registry keys (related to the settings DisableTaskMgr and DisableRegistryTools-- but I still don't know the advanced ins and outs of registry keys, so I'm probably describing that wrong) that look suspiciously similar to ones it's detected and deleted before. I'll attach the report from that scan as well so you guys can see the results directly. I realized too late as I was running FRST that I should've run a scan using Avast! Well, it's too late now-- but I can try it if you think it's a good idea.

 

Also: is it okay to create new files while going through this process? I wanted to make new Word documents and get some old pictures off my emails to maybe upload to Facebook for Throwback Thursday or whatever. Would that make any of these scan results outdated and therefore interfere with diagnosing the problem?

 

Thanks! (Incidentally, I'm having trouble finding the attach button in the reply window, so I'm going to try and edit them in afterward. Success!)

Attached Files


Edited by Biina, 04 July 2015 - 12:35 AM.


#4 Biina

Biina
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 04 July 2015 - 02:20 PM

Oh shoot! I forgot to add one more thing: I do not have a Windows 8.1 CD available because it came pre-installed with my computer.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:48 PM

Posted 05 July 2015 - 07:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Keyword.URL: https://search.yahoo.com/yhs/search
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-21]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]
Task: {F8BB0AFD-676F-44F6-8D79-134CC8468276} - \Optimize Start Menu Cache Files-S-1-5-21-1413609233-1213670485-2727946159-500 No Task File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#6 Biina

Biina
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 05 July 2015 - 07:41 PM

The results:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Christina at 2015-07-05 11:03:00 Run:1
Running from C:\Users\Christina\Desktop
Loaded Profiles: Christina (Available Profiles: Christina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Keyword.URL: https://search.yahoo.com/yhs/search
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-21]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]
Task: {F8BB0AFD-676F-44F6-8D79-134CC8468276} - \Optimize Start Menu Cache Files-S-1-5-21-1413609233-1213670485-2727946159-500 No Task File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox DefaultSearchUrl removed successfully
Firefox SearchEngineOrder.1 removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox Keyword.URL removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
SR => Service removed successfully
srservice => Service removed successfully
usb3Hub => Service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8BB0AFD-676F-44F6-8D79-134CC8468276}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8BB0AFD-676F-44F6-8D79-134CC8468276}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1413609233-1213670485-2727946159-500" => key removed successfully
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\Software\Classes\exefile" => key removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-05 11:05:53)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 11:05:53 ====

 

And the Zoek results are attached as you requested.

 

I should mention that A] I forgot to run FRST as an Administrator and B] even though I usually run it that way with little problem, it was much more difficult than usual this time around-- Windows SmartScreen blocked it immediately, and Avast did the same once I disabled the former. After Avast blocked it, I had an option to automatically whitelist it and closed the window without thinking! My computer was running very unevenly while I attempted to manually whitelist it, but whitelist it I did and it was able to complete the scan. AFTER THAT, I had to give Webroot the all clear on FRST when the computer rebooted and the log then opened as normal.

 

With Zoek it was a different experience but still kinda strange. I disabled all the antivirus programs and ran it fine, but while Windows was restarting it told me updates were being installed. I hadn't updated for probably a month (whenever I would check for updates I would only get one for Silverlight-- a program I uninstalled because I was worried about its potential security vulnerabilities) so I figured that Windows had automatically downloaded the updates like it was supposed to and installed ones that happened to be super critical.

 

But on pulling up the desktop my antivirus programs had restarted and Webroot flagged Zoek. I automatically told Webroot to allow it, but the log didn't automatically come up. Puzzled, I went to the C drive, retrieved the log, and figured Webroot had just stopped the particular process. Unfortunately, I just saw zoek-delete.exe in Webroot's quarantine (but immediately restored it). Does this mean that some of the problems weren't fully removed?

 

The Windows Update history also tells me that the last ones were installed on June 23rd, so that probably rules out anything happening today.

 

Other than that, the computer's working much better. Thing is, I haven't closed the Toshiba Service Station yet. I noticed that sometimes the performance issues start after I exit the program, so I'll let you know what happens after I do it this time. Thanks!

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:48 PM

Posted 06 July 2015 - 07:33 AM

Let me know if you still have issues?

#8 Biina

Biina
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 07 July 2015 - 09:45 PM

After 48 or so hours of testing, here's what's happened:

 

My computer was actually working quite well up unitl last night, when I noticed that opening the Task Manager mysteriously turned off Sticky Keys. That would've been the only thing to report had I not started an Avast scan to see if it picked up anything else.

 

I was watching Youtube during the scan when the video suddenly stopped. As Youtube videos don't work when my audio goes out, I immediately got suspicious and opened iTunes. The program opened, but as usual when this happens, the songs would not play (instead staying put at the 0:00 mark). Flipping over to the scan window, I saw that Avast was stuck scanning a service shown as [insert some long string of letters that I didn't think to copy until it was too late]>??? and took a minute or two (if I include the time I tried to play sound in my estimate) to move to the next object. With the audio out I couldn't really do much, so I went to sleep and let the scan finish overnight.

 

In the morning I found that Avast had found 0 infected items but also read several interesting things in the generated log (attached to this post). I made a custom scan that looked at everything I could possibly think of (besides the commonly used 7zip and WinRAR archives, as I've extracted everything in those at this point anyway), so the log will say things like "ARJ archive is corrupted." (Incidentally, I should delete those ISOs-- not only because they take up space, but also because I now have access to a Sony console to play them on. No reason to keep those around when I can play the physical copies!)

 

I ran a scan from Adwcleaner that nailed an infected registry key before I restarted the computer. The audio returned after the reboot. Then I ran a Quick Scan on Hitman Pro later (since it had to force breach 18 or so processes to even open last month) that turned up clean. But tonight, as I was doing chores, the sound went out again! Terminating audiodg.exe and both the Local System/Service (Network Restricted) processes has done nothing, and iTunes won't even start. There are no Windows Updates showing up besides Silverlight no matter how many times I check for them, and everytime I hide that particular update there's always another one waiting in the queue. :P

 

I may have to enable Flexera Software or whatever it is at Startup, considering it's the only one I've disabled that isn't something familiar like Skype or Steam. What effect does it have on my computer, and does it have anything to do with getting Windows stuff? (I doubt that's the case, but it never hurts to ask.)

 

The Avast and Adwcleaner logs are attached at the bottom. And for what it's worth, my keyboard has been having no problems-- all the keys work as they're supposed to. Sticky Keys can also be reactivated after the Task Manager stops it for whatever reason, so that's probably not a big issue unless it's a sign of a bigger problem.

Attached Files



#9 Biina

Biina
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 08 July 2015 - 12:39 AM

Update:

 

Windows Update is actually showing available updates now! (Unless there simply weren't any relased for a long time.) The first check yielded two optional Windows 8.1 updates plus Silverlight, but the Silverlight update actually stayed hidden this time! It was awesome! And it was especially exciting when I was actually able to land an important update... I know I'm sounding ridiculous right now, but this whole thing has been frustrating me for months on end!

 

The audio keeps cutting in and out, but I've finally been able to pinpoint that it usually happens when I'm fastforwarding and rewinding Youtube videos or jumping back and forth between those same videos too fast. Perhaps it's related to giving Firefox too many media-playing commands at once?

 

I've also found that terminating the process tree of audiodg.exe consistently returns the audio AND the sticky keys (which otherwise disappear after I open the Task Manager, as mentioned before).

 

I didn't enable the Flexera Software thing to run on startup, by the way. Windows Update started working again all on its own! Wahoo!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:48 PM

Posted 08 July 2015 - 08:18 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

======

On the issue with audiodg.exe read this article. Hope it helps.
http://answers.microsoft.com/en-us/windows/forum/windows8_1-hardware/windows-audio-device-graph-isolation-audiodgexe/35337ea9-4fd2-4902-b05c-7aedbf78fe9f?auth=1

I do not think that your current problems are malware related.
You may have to check with the Audio and video forum experts.

http://www.bleepingcomputer.com/forums/f/65/audio-and-video/

#11 Biina

Biina
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 08 July 2015 - 12:45 PM

 Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Webroot SecureAnywhere   
Windows Defender         
avast! Antivirus         
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 45  
 Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast ng ngservice.exe
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

And thank you very, very much for that link-- I learned that any audiodg files outside of the System32 folder are not legit! So I eliminated both the extra audiodg.exe files and also the audiodg.exe.mui files that were outside of the System32 and SysWOW64 files. I had to turn off my wifi, terminate the audiodg process, and change the ownership to my account several times.

 

While that was a pain, I am very happy to say that my audio works great after getting those files into the Recycle Bin and emptying them! My keyboard is also still functional. (I ran Security Check again after all this and it produced the same results, so I'm not going to repost them again. :P)

 

Thank you very very much for everything!!! This is a huge relief. If I have any of those problems again, I'll keep an eye out for those files and refer to the link you posted. And, of course, I'll take a look at that one topic you guys have here about malware protection.

 

Thanks again!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:48 PM

Posted 08 July 2015 - 01:29 PM

Good work.

#13 Biina

Biina
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 09 July 2015 - 11:04 PM

Oh, no!!! Wait a minute!

 

It turns out my computer is not in the clear. Things started going bad when I visited the Fire Emblem wikia last night. This particular computer would perform very badly whenever I went there in the past, but since everything was fixed, there should be no problems... right? Almost every subject has something there!

 

But everything lagged horribly ONCE AGAIN as I started browsing the articles. Someone on one of their help threads suggested getting AdBlock, so I decided to go for it. I wound up visiting two different sites for it (both these popular ad blockers have really similar names!) but had problems downloading both extensions due to "connection errors." It turned out Adblock Plus is available on the Firefox store (or whatever Mozilla calls it) anyways; I had no problems obtaining it from there. There were no problems with the Wikia pages afterwards-- the (flash) resource-heavy ads were all blocked!

 

I did my routine check of the System32 folder in the morning to see if the batch file Webroot (and other paid antivirus programs as well, apparently) keeps nailing was there. It was, much to my dismay! I immediately deleted it using Webroot as usual, and it was then that the keyboard problems restarted (although now it's the audio that's consistently functioning!). A whirlwind of things happened after that: I went and deleted the audiodg.exe.mui in the SysWOW64 folder (with no bad effects), then I figured out in breaks from what was already a hectic day that the ieframe.dll file might be at the root of the keyboard problems, then I sat down at 6:30 this evening and began the long process of removing those files (and what appear to be their .mui counterparts) from every folder that wasn't System32 (apparently the only folder that ieframe.dll is supposed to be in).

 

Now, hours later and really exhausted, I'm desperate for some other way to eliminate this than changing the ownership of each individual file from TrustedInstaller to me, giving myself full permissions on them, and then sending them to the recycle bin. There's still a bunch left-- and this is after I decided to stop deleting all the files that were in the WinSys subfolders (where I also found the duplicate audiodg.exe files, actually) with them. And there's one .mui that will not be deleted-- not by any of the ways listed above and not by any of Webroot's functions.

 

Here's the suspicious and very persistent files (file paths manually written out):

 

C:/Windows/System32/{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

 

C:/Windows/SysWOW64/en-US/ieframe.dll.mui

 

The FRST log is coming as soon as I have time to run it. I didn't want to let this topic lapse before then, sorry! Thanks for all your help! (And if this is bad enough that you need to bring in reinforcements, I absolutely understand!)



#14 Biina

Biina
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 10 July 2015 - 02:41 AM

Phew!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Christina (administrator) on CHRISTINA-PC on 10-07-2015 01:44:37
Running from C:\Users\Christina\Desktop
Loaded Profiles: Christina (Available Profiles: Christina)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-07-28] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [517536 2014-04-07] (TOSHIBA)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [821704 2015-07-05] (Webroot)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-21] (Avast Software s.r.o.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-05-23] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-07-08]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-05-17]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-05-17]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-07-08]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-21] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?PC=AV01
HKU\S-1-5-21-1413609233-1213670485-2727946159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=AV01
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1413609233-1213670485-2727946159-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1413609233-1213670485-2727946159-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1413609233-1213670485-2727946159-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-21] (Avast Software s.r.o.)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-02] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-21] (Avast Software s.r.o.)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-02] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-22] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{6A565FF7-A9A4-4DE1-86FA-12853B8108F9}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{B66E3A6E-0AB8-44F9-8093-2569B08C25BD}: [DhcpNameServer] 192.168.152.1

FireFox:
========
FF ProfilePath: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\hcscqtii.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-06-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\hcscqtii.default\searchplugins\yahoo-avast.xml [2015-07-08]
FF Extension: Adblock Plus - C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\hcscqtii.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-09]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-05-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-21] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-21] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4259808 2014-10-06] (Nuance Communications, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-06-07] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-16] (SurfRight B.V.)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [342928 2014-12-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-07-28] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [821704 2015-07-05] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmPeStor; C:\Windows\system32\drivers\AmPeStor.sys [150296 2014-04-29] (Alcor Micro, Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-21] ()
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-06-17] (Emsisoft GmbH)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [222152 2014-08-22] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-07-08] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-07-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [27136 2014-03-24] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-21] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-07-05] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-04] (Webroot)
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 00:05 - 2015-07-10 00:05 - 00000384 _____ C:\Windows\system32\.crusader
2015-07-09 23:26 - 2015-07-09 23:27 - 21971528 _____ C:\Users\Christina\Downloads\RogueKillerX64(6).exe
2015-07-09 21:35 - 2015-07-09 21:35 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-07-08 23:19 - 2015-07-08 23:19 - 00091460 _____ C:\Users\Christina\Documents\HitmanPro_20150708_2319.log
2015-07-08 22:52 - 2015-07-08 22:52 - 00000684 _____ C:\Users\Christina\Desktop\JRT.txt
2015-07-08 15:02 - 2015-07-10 01:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-08 15:02 - 2015-07-08 15:02 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 15:02 - 2015-07-08 15:02 - 00000000 ____D C:\Users\Christina\AppData\Local\Macromedia
2015-07-08 13:28 - 2015-07-08 13:28 - 00002304 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-07-08 13:28 - 2015-07-08 13:28 - 00000000 ____D C:\Users\Christina\AppData\Local\WinZip
2015-07-08 13:28 - 2015-07-08 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-07-08 10:52 - 2015-07-08 10:52 - 00025536 _____ C:\Users\Christina\Downloads\the other one.log
2015-07-08 10:49 - 2015-07-08 10:49 - 04424628 _____ C:\Users\Christina\Downloads\the one.log
2015-07-08 09:12 - 2015-07-08 09:12 - 00852676 _____ C:\Users\Christina\Desktop\SecurityCheck.exe
2015-07-07 22:51 - 2015-06-29 17:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-07 22:51 - 2015-06-29 10:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-07 22:51 - 2015-06-29 10:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-07 22:51 - 2015-06-29 10:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-07 22:51 - 2015-06-29 10:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-07 22:51 - 2015-06-29 10:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-07 22:51 - 2015-06-27 06:52 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-07 22:51 - 2015-06-26 23:15 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-07 22:51 - 2015-06-26 22:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-07 22:51 - 2015-06-26 22:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-07 22:51 - 2015-06-26 21:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-07 22:51 - 2015-06-26 20:45 - 03702272 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-07 22:51 - 2015-06-26 20:35 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-07 22:51 - 2015-06-26 20:35 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-07 22:51 - 2015-06-26 20:32 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-07 22:51 - 2015-06-26 20:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-07 22:51 - 2015-06-26 20:30 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-07 22:51 - 2015-06-26 20:29 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-07 22:51 - 2015-06-26 20:12 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-07 22:51 - 2015-06-26 20:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-07 22:51 - 2015-06-26 20:10 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-07 22:51 - 2015-06-26 20:10 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-07 22:51 - 2015-06-26 18:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-07 22:51 - 2015-06-26 18:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-07 22:41 - 2015-07-07 22:41 - 00001299 _____ C:\Users\Christina\Downloads\rrpo.txt
2015-07-07 21:47 - 2015-07-07 21:47 - 21942344 _____ C:\Users\Christina\Downloads\RogueKillerX64(5).exe
2015-07-07 09:57 - 2015-07-07 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-07 09:56 - 2015-07-07 09:57 - 00000000 ____D C:\Program Files\iTunes
2015-07-07 09:56 - 2015-07-07 09:56 - 00000000 ____D C:\Program Files\iPod
2015-07-07 09:56 - 2015-07-07 09:56 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-07 09:53 - 2015-07-07 09:53 - 00000000 ____D C:\Program Files\Bonjour
2015-07-07 09:53 - 2015-07-07 09:53 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-07-05 19:30 - 2015-07-05 19:30 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-05 11:36 - 2015-07-05 11:41 - 00000079 _____ C:\folders.log
2015-07-05 11:36 - 2015-07-05 11:41 - 00000000 ____D C:\zoek
2015-07-05 11:25 - 2015-07-05 11:41 - 00008650 _____ C:\zoek-results.log
2015-07-05 11:23 - 2015-07-05 11:37 - 00000000 ____D C:\zoek_backup
2015-07-05 11:22 - 2015-07-05 11:22 - 01308672 _____ C:\Users\Christina\Desktop\zoek.exe
2015-07-05 10:50 - 2015-07-05 10:50 - 02112512 _____ (Farbar) C:\Users\Christina\Desktop\FRST64.exe
2015-07-04 12:23 - 2015-07-05 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 23:14 - 2015-07-03 23:14 - 00044144 _____ C:\Users\Christina\Desktop\Shortcut.txt
2015-07-03 23:13 - 2015-07-03 23:14 - 00034141 _____ C:\Users\Christina\Desktop\Addition.txt
2015-07-03 23:12 - 2015-07-10 01:44 - 00029432 _____ C:\Users\Christina\Desktop\FRST.txt
2015-07-02 21:17 - 2015-07-02 21:18 - 21692664 _____ C:\Users\Christina\Downloads\RogueKillerX64(4).exe
2015-06-28 11:14 - 2015-06-28 11:15 - 21471480 _____ C:\Users\Christina\Downloads\RogueKillerX64(3).exe
2015-06-22 23:04 - 2015-05-11 13:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-06-22 23:04 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-22 23:04 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-06-22 23:04 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-06-22 23:04 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-06-22 23:04 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-22 23:04 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-22 23:04 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-06-22 23:04 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-06-22 23:04 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-22 23:04 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-06-22 23:04 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-06-22 22:55 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-22 22:55 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-06-22 22:55 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-06-22 22:55 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-06-22 22:55 - 2015-04-30 20:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-06-22 22:55 - 2015-04-30 20:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-06-22 22:55 - 2015-04-30 20:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-06-22 22:55 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-06-22 22:55 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-06-22 22:55 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-22 22:55 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-22 22:54 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-06-22 22:54 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-22 22:54 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-06-22 22:54 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-06-22 22:54 - 2015-05-01 18:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-21 22:43 - 2015-06-21 22:43 - 00000000 ____D C:\Users\Christina\AppData\Roaming\AVAST Software
2015-06-21 22:42 - 2015-06-21 22:43 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-06-21 22:42 - 2015-06-21 22:43 - 00000000 ____D C:\Windows\system32\vbox
2015-06-21 22:42 - 2015-06-21 22:42 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-21 22:42 - 2015-06-21 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-21 22:41 - 2015-07-10 00:08 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-21 22:41 - 2015-06-27 16:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-21 22:41 - 2015-06-21 22:41 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-21 22:41 - 2015-06-21 22:41 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-21 22:41 - 2015-06-21 22:41 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-21 22:38 - 2015-06-21 22:38 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-21 22:36 - 2015-06-21 22:36 - 05499984 _____ (Avast Software s.r.o.) C:\Users\Christina\Downloads\avast_free_antivirus_setup_online.exe
2015-06-21 21:40 - 2015-06-21 21:40 - 00451288 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150621.214044.1400.log
2015-06-21 21:40 - 2015-06-21 21:40 - 00000022 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150621.214044.1400.zip
2015-06-21 21:19 - 2015-06-21 21:20 - 02244096 _____ C:\Users\Christina\Downloads\adwcleaner_4.207.exe
2015-06-18 23:05 - 2015-06-18 23:05 - 02870984 _____ (ESET) C:\Users\Christina\Downloads\esetsmartinstaller_enu.exe
2015-06-18 23:05 - 2015-06-18 23:05 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-17 23:23 - 2015-07-08 13:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-17 23:23 - 2015-06-17 23:23 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-17 23:23 - 2015-06-17 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-17 23:22 - 2015-06-17 23:23 - 42898560 _____ (Skype Technologies S.A.) C:\Users\Christina\Downloads\SkypeSetupFull.exe
2015-06-17 18:18 - 2015-06-17 18:11 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-06-17 00:33 - 2015-06-28 13:40 - 00044143 _____ C:\Users\Christina\Downloads\Shortcut.txt
2015-06-16 23:38 - 2015-06-16 23:38 - 00290568 _____ C:\Windows\Minidump\061615-39625-01.dmp
2015-06-16 23:38 - 2015-06-16 23:38 - 00000000 ____D C:\Windows\Minidump
2015-06-16 23:37 - 2015-06-16 23:37 - 563572484 _____ C:\Windows\MEMORY.DMP
2015-06-16 23:33 - 2015-06-16 23:33 - 00003712 _____ C:\Users\Christina\Documents\HitmanPro_20150616_2333.log
2015-06-16 23:28 - 2015-06-16 23:28 - 21446904 _____ C:\Users\Christina\Downloads\RogueKillerX64(2).exe
2015-06-16 21:25 - 2015-07-03 22:41 - 00000000 ____D C:\EEK
2015-06-16 21:25 - 2015-06-16 21:25 - 00000766 _____ C:\Users\Christina\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-16 21:18 - 2015-06-28 00:24 - 00000000 ____D C:\Program Files\HitmanPro
2015-06-16 21:18 - 2015-06-16 23:33 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-16 21:18 - 2015-06-16 21:18 - 00001920 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-06-16 21:18 - 2015-06-16 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-06-16 21:17 - 2015-06-16 21:17 - 00451288 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150616.211744.828.log
2015-06-16 21:17 - 2015-06-16 21:17 - 00000022 _____ C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe_20150616.211744.828.zip
2015-06-16 21:11 - 2015-06-16 21:16 - 158618944 _____ C:\Users\Christina\Downloads\EmsisoftEmergencyKit.exe
2015-06-16 21:09 - 2015-06-16 21:09 - 00221384 _____ (ESET) C:\Users\Christina\Downloads\ESETPoweliksCleaner.exe
2015-06-16 21:08 - 2015-06-16 21:09 - 11032736 _____ (SurfRight B.V.) C:\Users\Christina\Downloads\HitmanPro_x64.exe
2015-06-14 23:03 - 2015-06-14 23:05 - 21426424 _____ C:\Users\Christina\Downloads\RogueKillerX64(1).exe
2015-06-14 20:27 - 2015-06-14 20:27 - 02945697 _____ (Thisisu) C:\Users\Christina\Downloads\JRT(1).exe
2015-06-10 21:42 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 21:42 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 21:42 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 21:42 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 21:42 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 21:42 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 21:42 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 21:42 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 21:42 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 21:42 - 2015-05-22 21:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 21:42 - 2015-05-22 21:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 21:42 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 21:42 - 2015-05-22 21:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 21:42 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 21:42 - 2015-05-22 21:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 21:42 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 21:42 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 21:42 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 21:42 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 21:42 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 21:42 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 21:42 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 21:42 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 21:42 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 21:42 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 21:42 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 21:42 - 2015-05-22 13:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 21:42 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 21:42 - 2015-05-22 13:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 21:42 - 2015-05-22 13:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 21:42 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 21:42 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 21:42 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 21:42 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 21:42 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 21:42 - 2015-05-22 12:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 21:42 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 21:42 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 21:41 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 21:41 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 20:45 - 2015-05-21 11:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 01:44 - 2015-06-01 18:05 - 00000000 ____D C:\FRST
2015-07-10 01:25 - 2015-01-19 07:48 - 01433055 _____ C:\Windows\WindowsUpdate.log
2015-07-10 01:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-10 00:12 - 2015-05-20 03:27 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1413609233-1213670485-2727946159-1001
2015-07-10 00:09 - 2015-01-19 07:57 - 00011593 _____ C:\Windows\SysWOW64\Gms.log
2015-07-10 00:06 - 2015-05-17 22:59 - 00000770 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-07-10 00:06 - 2013-08-22 09:46 - 00042541 _____ C:\Windows\setupact.log
2015-07-10 00:06 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 21:44 - 2015-05-09 23:32 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFB0FB57-B8C4-4E62-AA68-411E1A4ACD69}
2015-07-09 21:43 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-09 21:34 - 2014-03-18 04:44 - 01386700 _____ C:\Windows\PFRO.log
2015-07-09 21:33 - 2015-05-17 21:47 - 00000000 ____D C:\ProgramData\WRData
2015-07-09 21:33 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-09 21:20 - 2015-05-12 00:58 - 00004206 _____ C:\Users\Christina\Desktop\Rkill.txt
2015-07-09 10:11 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-08 23:47 - 2015-06-07 17:17 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-08 23:47 - 2015-06-07 17:17 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-08 22:46 - 2015-05-07 19:56 - 00000000 ____D C:\AdwCleaner
2015-07-08 15:01 - 2015-03-29 21:21 - 00000000 ____D C:\Users\Christina\AppData\Local\Adobe
2015-07-08 14:09 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-08 13:30 - 2015-06-01 16:32 - 00000000 ____D C:\Users\Christina\AppData\Roaming\Skype
2015-07-08 13:29 - 2015-01-19 08:36 - 00000000 ____D C:\ProgramData\Skype
2015-07-08 13:28 - 2014-11-12 01:52 - 00002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-07-08 13:28 - 2014-11-12 01:51 - 00000000 ____D C:\Program Files\WinZip
2015-07-07 22:54 - 2015-04-15 16:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-07 22:54 - 2015-04-05 22:10 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-07 20:51 - 2015-05-10 20:47 - 00000000 ____D C:\Users\Christina\AppData\Local\CrashDumps
2015-07-07 09:57 - 2015-06-04 22:33 - 00001776 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-07 09:56 - 2015-04-01 14:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-06 16:24 - 2015-03-31 19:12 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 16:24 - 2015-03-31 19:12 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 11:10 - 2015-05-17 22:40 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-07-05 11:10 - 2015-05-17 22:40 - 00116224 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-07-05 11:10 - 2015-05-17 22:40 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-07-05 11:04 - 2015-06-07 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 18:01 - 2015-04-27 00:56 - 00000000 ____D C:\Users\Christina\Documents\To-Do Lists
2015-06-28 13:41 - 2015-06-01 18:05 - 00065974 _____ C:\Users\Christina\Downloads\FRST.txt
2015-06-28 13:40 - 2015-06-01 18:05 - 00033803 _____ C:\Users\Christina\Downloads\Addition.txt
2015-06-28 00:50 - 2014-03-18 04:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-25 23:17 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-06-23 21:04 - 2015-05-22 01:30 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 19:50 - 2015-03-29 19:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-22 23:08 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-22 23:08 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore
2015-06-19 11:18 - 2015-03-29 16:38 - 00000000 ____D C:\Users\Christina
2015-06-16 23:43 - 2015-05-04 21:59 - 00000000 ____D C:\ProgramData\Intel® Update Manager
2015-06-16 23:43 - 2015-01-19 07:51 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-10 21:50 - 2013-08-22 09:44 - 00492000 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 21:47 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 21:46 - 2015-04-03 00:12 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 21:44 - 2015-04-03 00:12 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-05-17 22:41 - 2015-05-17 22:41 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-04-28 21:12 - 2015-04-28 21:39 - 0007609 _____ () C:\Users\Christina\AppData\Local\Resmon.ResmonCfg
2015-01-19 07:57 - 2015-01-19 07:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-12 01:56 - 2014-11-12 01:56 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
C:\Users\Christina\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-08 12:54

==================== End of log ============================

 

I ran a scan using RogueKiller that took care of some registry keys affecting Internet Explorer (that browser always seems to mess with my computer's performance when I open it... I suppose I now know why) and a HitmanPro Early Warning Scoring scan that identified and deleted a suspicious remnant file (TrueSight.sys) before running FRST. The reasoning behind HitmanPro flagging it is explained in the resulting log:

 

C:\Windows\System32\drivers\TrueSight.sys -> PendingDelete
      Size . . . . . . . : 37,624 bytes
      Age  . . . . . . . : 61.1 days (2015-05-09 21:08:24)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : BFBFCB7CAE421739163E7630865009D3197F587265E9E5797142D93E1B72B191
      RSA Key Size . . . : 2048
      Service  . . . . . : TrueSight
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\ControlSet001\Services\TrueSight\

 

There were other files that got a simple Early Warning Score (10.0, 6.0, etc.), but I think they came in with the latest Windows Update. They'll be ignored (at least) for now.

 

The RogueKiller logs will be attached to this post should you need to review it. I say will because flash is messing up right now and I'm having trouble uploading them. I'll try in the morning.

 

Thank you so much for everything you've done. I really appreciate all your help!



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:48 PM

Posted 10 July 2015 - 09:07 AM

TrueSight.sys is rlated RogueKiller (by Tigzy)


Removing the tool should stop this error.

===

Your log is clean of malware.

I suggest you start a new topic in the Windows 8.1 forum.
http://www.bleepingcomputer.com/forums/f/209/windows-8-and-windows-81/

I do not have this operating system and I think you would be better served with an expert there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users