Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus suspected Computer Sluggish to many process and services


  • This topic is locked This topic is locked
5 replies to this topic

#1 Nathanb

Nathanb

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 23 July 2015 - 07:24 AM

Hello my name is Nathan. I feel my computer is sluggish and uses to many processes and services. Iv been running all sorts of virus scanners but I really believe i have a virus. I have already deleted unnecessary program used cc cleaner ect. PLease let me know what i can do!

Thanks Nathan 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Nathan (administrator) on LAP7KTYA26 on 23-07-2015 07:04:18
Running from C:\Users\Nathan\Downloads
Loaded Profiles: Nathan (Available Profiles: Nathan & Administrator)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Panasonic Corporation) C:\Program Files\Panasonic\pcinfo\PcInfoPi.exe
(Panasonic Corporation) C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
(Microsoft Corporation) C:\Windows\System32\CCM\CcmExec.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WSwitch] => C:\Program Files\Panasonic\WSwitch\WSwitch.exe [1216384 2010-04-07] (Panasonic Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-13] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-07-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-13] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4284774122-276068463-2961348584-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4284774122-276068463-2961348584-1009\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-13] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 66.112.235.250 66.112.235.200
Tcpip\..\Interfaces\{A575785B-D6E8-4360-8F27-0334852370D8}: [NameServer] 172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{E16A8729-6D28-43BB-85FB-3A24D74A03FC}: [DhcpNameServer] 66.112.235.250 66.112.235.200
 
FireFox:
========
FF ProfilePath: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\75rnsow3.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.facebook.com/|hxxp://www.google.com/|hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4284774122-276068463-2961348584-1009: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nathan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Extension: Adblock Plus - C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\75rnsow3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-13]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-25]
CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-25]
CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25]
CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-18]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-13] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-13] (Avast Software)
R2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [126976 2009-05-29] (CrypKey (Canada) Ltd.) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-07-22] (SurfRight B.V.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 PcInfoPi; C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe [46912 2009-09-30] (Panasonic Corporation)
R2 PcInfoSV; C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe [235392 2009-10-13] (Panasonic Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\hpzipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed]
S3 Sage 50 SmartPosting 2015; C:\Program Files\Sage\Peachtree\SmartPostingService2015.exe [335664 2014-02-10] (Sage Software, Inc.)
S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 apf005; C:\Windows\system32\apf005.sys [14160 2014-05-26] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-13] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-07-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-13] (AVAST Software)
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [52224 2009-07-13] (Microsoft Corp.)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2014-06-09] (Intel Corporation)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTNDIS62; C:\Windows\System32\DRIVERS\Gtuhs62.sys [157696 2009-08-28] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
S3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [67840 2009-08-12] (Option N.V.)
S3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [8064 2009-08-12] (Option N.V.)
R3 HOTKEY; C:\Windows\System32\DRIVERS\hotkey.sys [24640 2009-03-10] (Panasonic Corporation)
R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2007-12-18] (Infineon Technologies AG)
S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [33792 2011-11-12] (Belcarra Technologies) [File not signed]
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2011-08-01] (Intel Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [20742 2009-06-12] () [File not signed]
R3 NewMisc; C:\Windows\System32\DRIVERS\newmisc.sys [53376 2009-10-28] (Panasonic Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-07-13] (AVAST Software)
S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26760 2008-04-17] ()
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-13] (Avast Software)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-22] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-22] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-22] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295936 2009-12-31] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Nathan\AppData\Local\Temp\catchme.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\Nathan\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-23 07:04 - 2015-07-23 07:04 - 00014036 _____ C:\Users\Nathan\Downloads\FRST.txt
2015-07-23 06:50 - 2015-07-23 06:50 - 01638912 _____ (Farbar) C:\Users\Nathan\Downloads\FRST (1).exe
2015-07-23 06:47 - 2015-07-23 07:04 - 00000000 ____D C:\FRST
2015-07-23 06:47 - 2015-07-23 06:47 - 01638912 _____ (Farbar) C:\Users\Nathan\Downloads\FRST.exe
2015-07-23 06:38 - 2015-07-23 06:38 - 00030448 _____ C:\ComboFix.txt
2015-07-23 06:32 - 2015-07-23 06:32 - 00000546 _____ C:\Windows\PFRO.log
2015-07-23 06:13 - 2015-07-23 06:36 - 00000000 ____D C:\Windows\erdnt
2015-07-23 06:13 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-23 06:13 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-23 06:13 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-23 06:13 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-23 06:13 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-23 06:13 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-23 06:13 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-23 06:13 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-23 06:10 - 2015-07-23 06:10 - 05632853 ____R (Swearware) C:\Users\Nathan\Downloads\ComboFix.exe
2015-07-23 05:59 - 2015-07-23 06:32 - 00000168 _____ C:\Windows\setupact.log
2015-07-23 05:59 - 2015-07-23 05:59 - 00000000 ____D C:\NPE
2015-07-23 05:59 - 2015-07-23 05:59 - 00000000 _____ C:\Windows\setuperr.log
2015-07-23 05:58 - 2015-07-23 06:32 - 00000483 _____ C:\Windows\errord.log
2015-07-23 05:57 - 2015-07-23 06:32 - 00000404 _____ C:\Windows\error.log
2015-07-23 05:47 - 2015-07-23 06:09 - 00000000 ____D C:\Users\Nathan\AppData\Local\NPE
2015-07-23 05:47 - 2015-07-23 05:48 - 00000000 ____D C:\ProgramData\Norton
2015-07-23 05:47 - 2015-07-23 05:47 - 03088296 _____ (Symantec Corporation) C:\Users\Nathan\Downloads\NPE.exe
2015-07-23 00:16 - 2015-07-23 00:16 - 02248704 _____ C:\Users\Nathan\Downloads\AdwCleaner.exe
2015-07-22 23:49 - 2015-07-22 23:51 - 02248704 _____ C:\Users\Nathan\Downloads\adwcleaner_4.208.exe
2015-07-22 23:40 - 2015-07-22 23:40 - 00000624 _____ C:\Windows\system32\.crusader
2015-07-22 23:30 - 2015-07-22 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-07-22 22:33 - 2015-07-22 23:30 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-07-22 22:33 - 2015-07-22 22:33 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-22 22:31 - 2015-07-22 22:31 - 10113976 _____ (SurfRight B.V.) C:\Users\Nathan\Downloads\HitmanPro.exe
2015-07-22 22:23 - 2015-07-22 22:23 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Nathan\Downloads\mbam-setup-2.1.8.1057 (3).exe
2015-07-22 22:22 - 2015-07-22 22:23 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Nathan\Downloads\mbam-setup-2.1.8.1057 (2).exe
2015-07-22 22:22 - 2015-07-22 22:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Nathan\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-07-22 22:19 - 2015-07-23 00:01 - 00002276 _____ C:\Users\Nathan\Desktop\Rkill.txt
2015-07-22 22:18 - 2015-07-22 22:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Nathan\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-22 22:15 - 2015-07-22 22:15 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Nathan\Downloads\rkill.exe
2015-07-22 22:13 - 2015-07-22 22:13 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Nathan\Downloads\iExplore.exe
2015-07-22 22:02 - 2015-07-22 22:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Nathan\Downloads\tdsskiller.exe
2015-07-20 18:06 - 2015-07-14 21:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 18:06 - 2015-07-14 21:55 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 18:06 - 2015-07-14 21:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 18:06 - 2015-07-14 21:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 18:06 - 2015-07-14 20:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-19 14:21 - 2015-07-19 14:21 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\AVAST Software
2015-07-18 15:31 - 2015-06-11 12:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-18 15:31 - 2015-06-11 12:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-18 15:31 - 2015-06-11 12:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-18 15:31 - 2015-06-11 10:20 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-18 15:31 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-07-18 15:18 - 2015-07-13 22:56 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-18 12:10 - 2015-07-18 12:10 - 00002548 _____ C:\Users\Nathan\Desktop\The-Puritan-Dilemma-story-of-John-Winthrop.pdf - Shortcut.lnk
2015-07-18 12:10 - 2015-07-18 12:10 - 00002375 _____ C:\Users\Nathan\Desktop\Undergraduate Application_2014 .pdf - Shortcut.lnk
2015-07-18 12:06 - 2015-07-18 15:06 - 00000000 ____D C:\Users\Nathan\Documents\Nathans Docs
2015-07-17 21:13 - 2015-07-18 15:06 - 00000000 ____D C:\Users\Nathan\Downloads\ProcessMonitor (1)
2015-07-17 21:13 - 2015-07-17 21:13 - 00967601 _____ C:\Users\Nathan\Downloads\ProcessMonitor (1).zip
2015-07-17 21:12 - 2015-07-18 15:06 - 00000000 ____D C:\Users\Nathan\Downloads\PortMon
2015-07-17 21:11 - 2015-07-17 21:11 - 00231010 _____ C:\Users\Nathan\Downloads\PortMon.zip
2015-07-17 19:56 - 2015-07-17 19:56 - 00000000 _____ C:\Users\Nathan\cd
2015-07-17 19:29 - 2015-07-18 15:06 - 00000000 ____D C:\Users\Nathan\Downloads\ProcessExplorer (2)
2015-07-17 19:29 - 2015-07-17 19:29 - 01186640 _____ C:\Users\Nathan\Downloads\ProcessExplorer (2).zip
2015-07-17 17:59 - 2015-07-17 17:59 - 00967601 _____ C:\Users\Nathan\Downloads\ProcessMonitor.zip
2015-07-17 17:59 - 2015-07-17 17:59 - 00000000 ____D C:\Users\Nathan\Downloads\ProcessMonitor
2015-07-17 17:58 - 2015-07-17 17:58 - 01186640 _____ C:\Users\Nathan\Downloads\ProcessExplorer (1).zip
2015-07-17 17:36 - 2015-07-18 15:06 - 00000000 ____D C:\Users\Nathan\Downloads\ProcessExplorer
2015-07-17 17:36 - 2015-07-17 17:36 - 01186640 _____ C:\Users\Nathan\Downloads\ProcessExplorer.zip
2015-07-17 17:17 - 2015-07-22 23:39 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-17 16:48 - 2015-07-18 15:08 - 00000000 ____D C:\getservice
2015-07-17 16:47 - 2015-07-17 16:47 - 00130337 _____ C:\Users\Nathan\Downloads\getservices (1).zip
2015-07-17 16:46 - 2015-07-17 16:46 - 00130337 _____ C:\Users\Nathan\Downloads\getservices.zip
2015-07-17 16:26 - 2015-07-18 15:07 - 00000000 ____D C:\Program Files\Free Window Registry Repair
2015-07-17 16:26 - 2015-07-17 16:26 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2015-07-17 13:22 - 2015-07-18 15:07 - 00000000 ____D C:\ProgramData\Avg_Update_0615pi
2015-07-17 13:17 - 2015-07-17 13:17 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\AVG2015
2015-07-17 13:16 - 2015-07-17 13:16 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-17 13:15 - 2015-07-17 13:15 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\TuneUp Software
2015-07-17 13:13 - 2015-07-18 15:07 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-17 13:13 - 2015-07-17 13:13 - 00000000 ____D C:\$AVG
2015-07-17 13:12 - 2015-07-17 13:12 - 00000000 ____D C:\Program Files\AVG
2015-07-17 13:07 - 2015-07-18 15:07 - 00000000 ____D C:\ProgramData\MFAData
2015-07-17 13:07 - 2015-07-17 13:21 - 00000000 ____D C:\Users\Nathan\AppData\Local\Avg2015
2015-07-17 13:07 - 2015-07-17 13:07 - 00000000 ____D C:\Users\Nathan\AppData\Local\MFAData
2015-07-17 12:09 - 2015-07-17 12:09 - 00000000 ____D C:\Windows\ms
2015-07-17 11:41 - 2015-07-17 11:41 - 00000000 ____D C:\RegBackup
2015-07-17 00:53 - 2015-07-17 00:54 - 00000000 ____D C:\ProgramData\Sophos
2015-07-17 00:52 - 2015-07-17 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-07-17 00:52 - 2015-07-17 17:29 - 00000000 ____D C:\Program Files\Sophos
2015-07-16 23:49 - 2015-07-16 23:49 - 00000000 ____D C:\Program Files\Tweaking.com
2015-07-16 23:38 - 2015-07-18 14:20 - 00000000 ____D C:\Users\Nathan\AppData\Local\CrashDumps
2015-07-16 23:36 - 2015-07-16 23:36 - 00370943 _____ C:\Users\Nathan\Downloads\gmer.zip
2015-07-16 23:34 - 2015-07-17 00:08 - 00000000 ____D C:\Program Files\SecurityXploded
2015-07-16 23:33 - 2015-07-16 23:33 - 04727205 _____ C:\Users\Nathan\Downloads\SpyDLLRemover.zip
2015-07-16 23:33 - 2015-07-16 23:33 - 00000000 ____D C:\Users\Nathan\Downloads\SpyDLLRemover
2015-07-16 23:21 - 2015-07-17 00:11 - 00000000 ____D C:\Program Files\NoVirusThanks
2015-07-16 23:13 - 2015-07-16 23:13 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\QuickScan
2015-07-16 01:46 - 2015-07-23 05:02 - 00000000 ____D C:\AdwCleaner
2015-07-16 01:24 - 2015-07-18 15:07 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-16 01:11 - 2015-07-16 01:11 - 00000000 ____D C:\Users\Nathan\AppData\Local\VirtualStore
2015-07-16 00:44 - 2015-07-23 06:38 - 00000000 ____D C:\Qoobox
2015-07-16 00:07 - 2015-07-18 15:08 - 00000000 ____D C:\Program Files\Security Task Manager
2015-07-16 00:07 - 2015-07-16 00:07 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-07-16 00:07 - 2015-07-16 00:07 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-07-16 00:07 - 2015-07-16 00:07 - 00001099 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-07-16 00:04 - 2015-07-16 00:04 - 02816040 _____ C:\Users\Nathan\Downloads\SecurityTaskManager_Setup.exe
2015-07-15 23:19 - 2015-07-18 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProcessQuickLink 2
2015-07-15 23:19 - 2015-07-15 23:19 - 00001120 _____ C:\Users\Nathan\Desktop\ProcessQuickLink 2.lnk
2015-07-15 23:18 - 2015-07-15 23:19 - 00422432 _____ (Uniblue ) C:\Users\Nathan\Downloads\processquicklink2.exe
2015-07-15 18:25 - 2015-07-18 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-15 18:25 - 2015-07-15 18:25 - 00001759 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-15 18:23 - 2015-07-18 15:08 - 00000000 ____D C:\Program Files\iTunes
2015-07-15 18:21 - 2015-07-18 15:08 - 00000000 ____D C:\Program Files\Bonjour
2015-07-15 18:18 - 2015-07-15 18:19 - 110798128 _____ (Apple Inc.) C:\Users\Nathan\Downloads\iTunesSetup (2).exe
2015-07-14 20:23 - 2015-07-14 20:23 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVAST Software
2015-07-14 20:23 - 2015-07-14 20:23 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVAST Software
2015-07-14 19:34 - 2013-10-01 19:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-07-14 19:34 - 2013-10-01 19:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-07-14 19:34 - 2013-10-01 19:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-07-14 19:34 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-07-14 19:34 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-07-14 19:34 - 2013-10-01 18:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-07-14 19:34 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-07-14 19:15 - 2015-05-09 13:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-14 19:15 - 2015-03-13 22:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-07-14 19:15 - 2015-03-13 22:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-07-14 18:52 - 2015-06-25 03:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 18:52 - 2015-06-15 16:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 18:52 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 18:52 - 2015-06-15 16:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 18:52 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 18:52 - 2015-06-15 16:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 18:52 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 18:52 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 18:51 - 2015-07-09 12:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 18:51 - 2015-07-09 12:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 18:51 - 2015-07-09 12:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 18:51 - 2015-07-01 15:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 18:51 - 2015-07-01 15:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 18:51 - 2015-07-01 15:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 18:51 - 2015-07-01 15:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 18:51 - 2015-07-01 15:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 18:51 - 2015-07-01 15:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 18:51 - 2015-07-01 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 18:51 - 2015-07-01 15:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 18:51 - 2015-07-01 15:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 18:51 - 2015-07-01 14:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 18:51 - 2015-07-01 14:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 18:51 - 2015-07-01 14:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 18:51 - 2015-06-09 14:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-14 18:51 - 2015-06-09 14:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-14 18:51 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 18:50 - 2015-07-09 12:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 18:50 - 2015-07-09 12:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 18:50 - 2015-07-09 12:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 18:50 - 2015-07-09 12:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 18:50 - 2015-07-09 12:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 18:50 - 2015-07-09 12:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 18:50 - 2015-07-09 12:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 18:50 - 2015-07-09 12:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 18:50 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 18:50 - 2015-07-02 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 18:50 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 18:50 - 2015-07-02 15:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 18:50 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 18:50 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 18:50 - 2015-06-26 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 18:50 - 2015-06-26 20:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 18:50 - 2015-06-25 12:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 18:50 - 2015-06-19 13:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 18:50 - 2015-06-19 13:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 18:50 - 2015-06-19 13:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 18:50 - 2015-06-19 13:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 18:50 - 2015-06-19 13:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 18:50 - 2015-06-19 13:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 18:50 - 2015-06-19 13:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 18:50 - 2015-06-19 13:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 18:50 - 2015-06-19 13:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 18:50 - 2015-06-19 13:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 18:50 - 2015-06-19 13:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 18:50 - 2015-06-19 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 18:50 - 2015-06-19 12:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 18:50 - 2015-06-19 12:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 18:50 - 2015-06-19 12:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 18:50 - 2015-06-19 12:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 18:50 - 2015-06-19 12:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 18:50 - 2015-06-19 12:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 18:50 - 2015-06-19 12:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 18:50 - 2015-06-19 12:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 18:50 - 2015-06-19 12:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 18:49 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 18:49 - 2015-06-19 13:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 18:49 - 2015-06-19 13:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 18:49 - 2015-06-17 12:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 18:49 - 2015-04-27 14:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-14 18:49 - 2015-04-27 14:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-14 18:49 - 2015-04-27 14:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-14 18:49 - 2015-04-27 14:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-14 18:20 - 2015-07-09 12:44 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 18:20 - 2015-07-09 12:43 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 18:20 - 2015-07-09 12:42 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 18:20 - 2015-07-09 12:42 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 18:20 - 2015-07-09 12:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 18:20 - 2015-07-09 12:42 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 18:20 - 2015-07-09 12:42 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 18:20 - 2015-07-09 12:34 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 17:41 - 2015-07-14 17:43 - 06962912 _____ (Microsoft Corporation) C:\Users\Nathan\Downloads\Silverlight (1).exe
2015-07-13 23:16 - 2015-07-18 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-13 23:16 - 2015-07-13 23:16 - 00001821 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-13 23:15 - 2015-07-18 15:08 - 00000000 ____D C:\Program Files\QuickTime
2015-07-13 23:00 - 2015-07-18 15:11 - 00000000 ____D C:\Windows\system32\vbox
2015-07-13 22:57 - 2015-07-18 15:18 - 00002009 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-13 22:57 - 2015-07-18 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-13 22:56 - 2015-07-13 22:56 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-13 22:56 - 2015-07-13 22:56 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-13 22:56 - 2015-07-13 22:56 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-13 22:56 - 2015-07-13 22:56 - 00113592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-13 22:56 - 2015-07-13 22:56 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-13 22:56 - 2015-07-13 22:56 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-13 22:56 - 2015-07-13 22:56 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-13 22:56 - 2015-07-13 22:56 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-13 22:56 - 2015-07-13 22:56 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-13 22:56 - 2015-07-13 22:56 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-13 22:53 - 2015-07-18 15:08 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-13 22:51 - 2015-07-18 15:08 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-13 22:51 - 2015-07-13 22:51 - 05499992 _____ (Avast Software s.r.o.) C:\Users\Nathan\Downloads\avast_free_antivirus_setup_online.exe
2015-07-13 22:51 - 2015-07-13 22:51 - 05499992 _____ (Avast Software s.r.o.) C:\Users\Nathan\Downloads\avast_free_antivirus_setup_online (1).exe
2015-07-01 21:23 - 2015-07-01 21:23 - 00702464 _____ C:\Users\Nathan\Downloads\Ch.+13.+slides (1).ppt
2015-07-01 21:22 - 2015-07-01 21:22 - 00702464 _____ C:\Users\Nathan\Downloads\Ch.+13.+slides.ppt
2015-06-24 01:29 - 2015-06-24 01:29 - 01217192 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-23 06:56 - 2014-06-21 17:02 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-23 06:51 - 2015-05-17 15:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-23 06:42 - 2009-07-13 23:34 - 00022400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-23 06:42 - 2009-07-13 23:34 - 00022400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-23 06:38 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default
2015-07-23 06:37 - 2013-07-09 22:12 - 01190569 _____ C:\Windows\WindowsUpdate.log
2015-07-23 06:33 - 2014-09-27 16:21 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-23 06:33 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2015-07-23 06:32 - 2014-06-21 17:02 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-23 06:32 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-23 05:41 - 2015-05-25 15:10 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 23:55 - 2015-05-25 15:09 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-22 22:23 - 2015-05-25 15:09 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-22 22:23 - 2015-05-25 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-22 20:00 - 2014-05-25 17:44 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-21 21:38 - 2012-05-09 11:34 - 00431704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 19:57 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-07-20 18:09 - 2011-09-12 09:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-20 18:09 - 2011-09-12 09:27 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-19 14:19 - 2012-03-23 14:11 - 00000000 ____D C:\Users\Nathan
2015-07-18 15:14 - 2011-09-12 09:39 - 00000000 ____D C:\Windows\WindowsMobile
2015-07-18 15:14 - 2011-04-25 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-07-18 15:14 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2015-07-18 15:12 - 2011-09-12 09:16 - 00000000 ____D C:\Users\Administrator
2015-07-18 15:11 - 2011-09-12 09:44 - 00000000 ____D C:\Windows\system32\URTTEMP
2015-07-18 15:11 - 2010-11-20 19:31 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-18 15:11 - 2009-07-13 23:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-18 15:11 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\Offline Web Pages
2015-07-18 15:11 - 2009-07-13 23:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-07-18 15:11 - 2009-07-13 23:52 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 __RSD C:\Windows\Media
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\TAPI
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\Msdtc
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\ias
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Help
2015-07-18 15:11 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Windows NT
2015-07-18 15:10 - 2011-09-13 13:39 - 00000000 ____D C:\Windows\system32\CCM
2015-07-18 15:10 - 2010-11-20 19:31 - 00000000 ____D C:\Windows\ShellNew
2015-07-18 15:10 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\security
2015-07-18 15:10 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-18 15:09 - 2015-04-12 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage 50 Accounting 2015
2015-07-18 15:09 - 2015-04-12 17:05 - 00000000 ____D C:\Windows\Crystal
2015-07-18 15:09 - 2014-08-14 20:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ProductData
2015-07-18 15:09 - 2014-07-16 19:29 - 00000000 ____D C:\ProgramData\Riot Games
2015-07-18 15:09 - 2014-06-09 18:07 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\ProductData
2015-07-18 15:09 - 2014-06-09 18:05 - 00000000 ____D C:\ProgramData\ProductData
2015-07-18 15:09 - 2014-06-09 18:03 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\IObit
2015-07-18 15:09 - 2014-06-01 11:31 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Battle.net
2015-07-18 15:09 - 2014-05-25 23:26 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Arc
2015-07-18 15:09 - 2014-05-25 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-18 15:09 - 2013-12-25 12:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2015-07-18 15:09 - 2013-12-17 13:57 - 00000000 ____D C:\Users\Nathan\AppData\Local\Turbine
2015-07-18 15:09 - 2013-12-17 00:23 - 00000000 ____D C:\Users\Nathan\Documents\The Lord of the Rings Online
2015-07-18 15:09 - 2013-09-12 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-07-18 15:09 - 2013-06-08 13:43 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Riot Games
2015-07-18 15:09 - 2013-04-09 16:01 - 00000000 ____D C:\Users\Nathan\.swt
2015-07-18 15:09 - 2012-10-20 15:37 - 00000000 ___SD C:\Users\Nathan\Documents\My Data Sources
2015-07-18 15:09 - 2012-10-11 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-18 15:09 - 2012-07-03 21:25 - 00000000 ____D C:\Windows\.jagex_cache_32
2015-07-18 15:09 - 2012-06-01 16:09 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Thunderbird
2015-07-18 15:09 - 2012-05-09 23:27 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Skype
2015-07-18 15:09 - 2012-05-09 23:27 - 00000000 ____D C:\ProgramData\Skype
2015-07-18 15:09 - 2012-05-09 07:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-18 15:09 - 2012-05-08 17:08 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2015-07-18 15:09 - 2012-03-23 14:12 - 00000000 ___RD C:\Users\Nathan\Virtual Machines
2015-07-18 15:09 - 2012-03-23 14:12 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\AT&T
2015-07-18 15:09 - 2012-03-23 14:11 - 00000000 ___RD C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-18 15:09 - 2012-03-23 14:11 - 00000000 ___RD C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-18 15:09 - 2011-10-23 18:52 - 00000000 ____D C:\Windows\Downloaded Installations
2015-07-18 15:09 - 2011-09-12 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-07-18 15:09 - 2011-09-12 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
2015-07-18 15:09 - 2011-09-12 09:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2015-07-18 15:09 - 2011-09-12 09:16 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-18 15:09 - 2011-09-12 09:16 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-18 15:09 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\AppCompat
2015-07-18 15:08 - 2015-05-02 18:05 - 00000000 ____D C:\Program Files\iPod
2015-07-18 15:08 - 2015-04-12 16:46 - 00000000 ____D C:\Program Files\Common Files\Peach
2015-07-18 15:08 - 2014-06-13 19:02 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-07-18 15:08 - 2014-06-13 19:01 - 00000000 ____D C:\Program Files\Apple Software Update
2015-07-18 15:08 - 2014-06-09 18:04 - 00000000 ____D C:\ProgramData\IObit
2015-07-18 15:08 - 2014-06-01 11:29 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
2015-07-18 15:08 - 2014-05-25 23:13 - 00000000 ____D C:\AeriaGames
2015-07-18 15:08 - 2014-05-18 19:22 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-07-18 15:08 - 2012-10-11 23:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-18 15:08 - 2012-08-19 19:02 - 00000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2015-07-18 15:08 - 2012-08-18 19:22 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2015-07-18 15:08 - 2012-06-12 21:14 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-18 15:08 - 2012-06-12 21:12 - 00000000 ____D C:\ProgramData\Apple
2015-07-18 15:08 - 2012-05-09 07:03 - 00000000 ____D C:\Program Files\CCleaner
2015-07-18 15:08 - 2011-09-12 18:11 - 00000000 ____D C:\Program Files\Option
2015-07-18 15:08 - 2011-09-12 11:37 - 00000000 ____D C:\MININT
2015-07-18 15:08 - 2011-09-12 11:12 - 00000000 ____D C:\Program Files\Analog Devices
2015-07-18 15:08 - 2011-09-12 09:42 - 00000000 ____D C:\Program Files\DIFX
2015-07-18 15:08 - 2011-09-12 09:27 - 00000000 ____D C:\Program Files\PDFCreator
2015-07-18 15:08 - 2011-09-12 09:26 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-18 15:08 - 2011-09-12 09:26 - 00000000 ____D C:\Program Files\Panasonic
2015-07-18 15:08 - 2011-09-12 09:26 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2015-07-18 15:08 - 2011-04-25 17:47 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-07-18 15:08 - 2011-04-25 17:47 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2015-07-18 15:08 - 2011-04-25 17:45 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2015-07-18 15:08 - 2011-04-25 17:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-18 15:08 - 2009-07-13 23:52 - 00000000 ____D C:\Program Files\MSBuild
2015-07-18 15:08 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-18 15:08 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-18 15:06 - 2014-06-13 19:59 - 00000000 ____D C:\Windows\pss
2015-07-18 15:04 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-07-18 14:56 - 2014-05-07 12:07 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-18 14:56 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\Performance
2015-07-18 14:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\com
2015-07-18 14:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Speech
2015-07-18 14:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\schemas
2015-07-18 14:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Resources
2015-07-18 14:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\PLA
2015-07-18 14:51 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\IME
2015-07-18 14:51 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Globalization
2015-07-18 14:51 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Branding
2015-07-18 14:48 - 2012-07-16 10:45 - 00000000 ____D C:\Users\Nathan\jagexcache1
2015-07-18 14:48 - 2012-05-09 23:39 - 00000000 ____D C:\Users\Nathan\jagexcache
2015-07-18 14:47 - 2015-05-19 19:16 - 00000000 ____D C:\Users\Nathan\Documents\My Games
2015-07-18 14:47 - 2014-08-14 23:58 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2015-07-18 14:47 - 2014-08-14 23:58 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2015-07-18 14:47 - 2014-05-25 17:42 - 00000000 ____D C:\Users\Nathan\AppData\Local\Google
2015-07-18 14:47 - 2014-03-23 15:02 - 00000000 ____D C:\Users\Nathan\AppData\Local\Skype
2015-07-18 14:47 - 2012-05-09 22:30 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Mozilla
2015-07-18 14:47 - 2012-04-07 17:07 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Macromedia
2015-07-18 14:47 - 2012-04-07 16:55 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Adobe
2015-07-18 14:46 - 2011-09-12 09:21 - 00000000 ____D C:\Software
2015-07-18 14:44 - 2015-04-12 16:45 - 00000000 ____D C:\Sage
2015-07-18 14:43 - 2013-06-08 13:45 - 00000000 ____D C:\Riot Games
2015-07-18 14:42 - 2015-05-25 15:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-18 14:42 - 2015-05-19 15:40 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2015-07-18 14:42 - 2012-08-18 19:28 - 00000000 ____D C:\ProgramData\LogiShrd
2015-07-18 14:42 - 2012-04-29 20:56 - 00000000 ____D C:\ProgramData\Leapfrog
2015-07-18 14:42 - 2011-09-12 10:23 - 00000000 ____D C:\ProgramData\CrypKey
2015-07-18 14:42 - 2011-09-12 09:26 - 00000000 ____D C:\ProgramData\Adobe
2015-07-18 14:42 - 2011-09-12 09:19 - 00000000 ____D C:\Program Files\Windows Virtual PC
2015-07-18 14:42 - 2010-11-20 19:31 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-18 14:42 - 2009-07-13 23:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-07-18 14:41 - 2015-04-12 17:01 - 00000000 ____D C:\Program Files\Pervasive Software
2015-07-18 14:41 - 2015-04-12 17:00 - 00000000 ____D C:\Program Files\Sage
2015-07-18 14:41 - 2014-05-25 23:25 - 00000000 ____D C:\Program Files\Perfect World Entertainment
2015-07-18 14:41 - 2012-05-09 07:23 - 00000000 ____D C:\Program Files\VS Revo Group
2015-07-18 14:41 - 2011-09-12 11:57 - 00000000 ____D C:\Program Files\Synaptics
2015-07-18 14:41 - 2011-09-12 09:51 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-18 14:41 - 2011-04-25 17:56 - 00000000 ____D C:\Program Files\MSECache
2015-07-18 14:41 - 2011-04-25 17:48 - 00000000 ____D C:\Program Files\Microsoft Works
2015-07-18 14:41 - 2009-07-13 23:52 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-07-18 14:39 - 2014-06-09 18:04 - 00000000 ____D C:\Program Files\IObit
2015-07-18 14:39 - 2012-09-07 20:39 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-07-18 14:38 - 2012-06-21 15:38 - 00000000 ____D C:\Program Files\Google
2015-07-18 14:38 - 2011-09-12 09:56 - 00000000 ____D C:\Program Files\Flow-Cal, Inc
2015-07-18 14:38 - 2009-07-13 23:52 - 00000000 ____D C:\Program Files\DVD Maker
2015-07-18 14:38 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-07-18 14:37 - 2012-06-12 21:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-18 14:35 - 2011-09-12 09:27 - 00000000 ____D C:\Program Files\Adobe
2015-07-18 14:33 - 2011-04-25 17:43 - 00000000 ___RD C:\MSOCache
2015-07-17 12:02 - 2011-09-12 11:10 - 00000000 ____D C:\Windows\CSC
2015-07-17 11:40 - 2012-05-22 20:42 - 00000000 ____D C:\Users\anywho
2015-07-16 13:32 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-07-16 13:08 - 2014-06-07 18:20 - 00000000 ____D C:\Windows\system32\directx
2015-07-16 11:48 - 2015-05-25 22:21 - 00007649 _____ C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2015-07-15 18:17 - 2015-05-02 18:05 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-07-15 01:51 - 2012-05-09 23:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 01:51 - 2011-09-12 09:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 20:25 - 2015-06-08 19:48 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-14 20:20 - 2013-08-15 03:28 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 20:03 - 2011-09-12 09:56 - 00001644 _____ C:\Windows\ODBCINST.INI
2015-07-13 23:24 - 2011-09-12 09:29 - 00001945 _____ C:\Windows\epplauncher.mif
2015-07-13 23:14 - 2015-05-27 00:34 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Trove
2015-07-13 23:07 - 2015-05-26 18:20 - 00000000 ____D C:\Users\Nathan\AppData\Local\Glyph
2015-07-13 23:07 - 2015-05-26 18:20 - 00000000 ____D C:\ProgramData\Glyph
2015-07-03 08:49 - 2011-04-25 23:08 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 22:32 - 2015-05-26 18:59 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\RIFT
2015-06-30 20:17 - 2010-11-20 16:01 - 00006838 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-23 13:27 - 2011-04-25 18:01 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2012-04-11 22:52 - 2012-04-11 22:52 - 0003584 _____ () C:\Users\Nathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-25 22:21 - 2015-07-16 11:48 - 0007649 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-23 01:22
 
==================== End of log ============================
 
 
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 25 July 2015 - 07:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4284774122-276068463-2961348584-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin HKU\S-1-5-21-4284774122-276068463-2961348584-1009: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nathan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-18]
S3 catchme; \??\C:\Users\Nathan\AppData\Local\Temp\catchme.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\Nathan\AppData\Local\Temp\mbr.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please run/scan the AdwCleaner tool and post a the log for my review.

How is the computer running now?

#3 Nathanb

Nathanb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 27 July 2015 - 04:21 PM

Here is my new FRST log and adwCleaner log. Computer seems to be running faster but CPU usage and Physical memory still seem to hover around 80% for each with only google chrome open. Still have 63 processes running which i think seems high. What did my logs tell you?
 
 
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 26-07-2015
Ran by Nathan at 2015-07-27 16:03:15 Run:1
Running from C:\Users\Nathan\Downloads\FRST-OlderVersion
Loaded Profiles: Nathan (Available Profiles: Nathan & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4284774122-276068463-2961348584-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin HKU\S-1-5-21-4284774122-276068463-2961348584-1009: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nathan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-18]
S3 catchme; \??\C:\Users\Nathan\AppData\Local\Temp\catchme.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\Nathan\AppData\Local\Temp\mbr.sys [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-4284774122-276068463-2961348584-1009\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.
"HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin" => key removed successfully.
"HKU\S-1-5-21-4284774122-276068463-2961348584-1009\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => key removed successfully.
C:\Users\Nathan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
catchme => service removed successfully.
PCTINDIS5 => service removed successfully.
VGPU => service removed successfully.
mbr => service not found.
EmptyTemp: => 508.3 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-27 16:06:35)<=
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 16:06:35 ====
 
 
 
 
# AdwCleaner v4.208 - Logfile created 16/07/2015 at 23:02:21
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x86)
# Username : Nathan - LAP7KTYA26
# Running from : C:\Users\Nathan\Downloads\AdwCleaner (5).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17909
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [1629 bytes] - [16/07/2015 01:46:23]
AdwCleaner[R1].txt - [2121 bytes] - [16/07/2015 01:51:43]
 
 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 28 July 2015 - 06:35 AM

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 02 August 2015 - 07:22 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 08 August 2015 - 07:42 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users