Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Attack


  • This topic is locked This topic is locked
10 replies to this topic

#1 Pestyone

Pestyone

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 13 August 2015 - 11:23 AM

Ok getting an "  I have malware and need to call their toll free number and get scanned "  !

 

Who the heck are they kidding not that stupid the site is " www.cdn.brutaltemper.com "  is anyone else out their getting attacked

from this link ?

 

Tryed ultra-adware but it found nothing; i have a screen shot will try to post ; this just happened 2x  :  (

 

 

As usual the screen shot will post in Libreoffice but not here  ,   ,

 

 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 13 August 2015 - 12:20 PM





Hello Pestyone

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 13 August 2015 - 01:10 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-08-2015
Ran by Pestyone (administrator) on LOSTSOUL (13-08-2015 13:50:15)
Running from C:\Users\Pestyone\Downloads
Loaded Profiles: Pestyone & Administrator (Available Profiles: Pestyone & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
() C:\Program Files (x86)\UCBrowser\Application\UCService.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12312432 2015-07-23] (Zemana Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-28] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [62464 2015-06-18] ()
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\RunOnce: [Adobe Speed Launcher] => 1439478708
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-28] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-03-11] (SmartSoft Ltd.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> DefaultScope {25F4A535-FB3B-4FDD-B54F-51BAA6EEDCCB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> {25F4A535-FB3B-4FDD-B54F-51BAA6EEDCCB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL = 
SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-500 -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-500 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136
Tcpip\..\Interfaces\{30ED7B6C-DD1A-4529-BC73-BF10F70C4313}: [DhcpNameServer] 167.206.245.135 167.206.245.136
Tcpip\..\Interfaces\{8F1F049A-A9E3-4A2C-9BB8-59F001EE17A4}: [DhcpNameServer] 10.240.205.161
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-03] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\WINDOWS\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-03] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-03] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3116091646-4023644724-1358722376-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Pestyone\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-30] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-26]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Pestyone\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-26] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-26] (Comodo)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-06-17] (Ellora Assets Corp.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-20] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [516944 2015-08-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12312432 2015-07-23] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-28] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2015-02-21] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-07-24] (Digiarty Software, Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-21] (REALiX™)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2015-06-29] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2015-06-29] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-28] (AVAST Software)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-23] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-08-05] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-07-13] (Synaptics Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-15] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-26] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-09] (BitDefender S.R.L.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-26] (Avast Software)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [11304 2015-04-14] (wisecleaner.com) [File not signed]
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [109432 2015-08-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [109432 2015-08-11] (Zemana Ltd.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
S3 CtClsFlt; \SystemRoot\system32\DRIVERS\CtClsFlt.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-13 13:50 - 2015-08-13 13:50 - 00021702 _____ C:\Users\Pestyone\Downloads\FRST.txt
2015-08-13 13:49 - 2015-08-13 13:49 - 02173952 _____ (Farbar) C:\Users\Pestyone\Downloads\FRST64.exe
2015-08-13 13:49 - 2015-08-13 13:49 - 00000000 ____D C:\Users\Public\Thunder Network
2015-08-13 13:49 - 2015-08-13 13:49 - 00000000 ____D C:\ProgramData\Thunder Network
2015-08-13 06:25 - 2015-08-13 13:46 - 00000480 _____ C:\WINDOWS\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11}.job
2015-08-13 06:25 - 2015-08-13 12:04 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2015-08-13 06:25 - 2015-08-13 11:19 - 00003452 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11}
2015-08-13 06:25 - 2015-08-13 11:18 - 00000000 ____D C:\Users\Pestyone\AppData\Local\UCBrowser
2015-08-13 06:25 - 2015-08-13 06:25 - 00002480 _____ C:\Users\Public\Desktop\UC Browser.lnk
2015-08-13 06:25 - 2015-08-13 06:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC Browser
2015-08-13 05:44 - 2015-08-13 05:44 - 00126186 _____ C:\Users\Pestyone\Desktop\Substitute Pledge - great.htm
2015-08-13 05:44 - 2015-08-13 05:44 - 00000000 ____D C:\Users\Pestyone\Desktop\Substitute Pledge - great_files
2015-08-11 09:39 - 2015-08-11 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-08-11 09:38 - 2015-08-11 09:39 - 00109432 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2015-08-11 09:38 - 2015-08-11 09:39 - 00001090 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2015-08-11 03:09 - 2015-08-11 03:09 - 00000134 _____ C:\Users\Pestyone\Desktop\rutorrent.url
2015-08-10 15:48 - 2015-08-10 15:48 - 00001068 _____ C:\Users\Public\Desktop\Acoo Browser.lnk
2015-08-10 15:48 - 2015-08-10 15:48 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Acoo Browser
2015-08-10 15:48 - 2015-08-10 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoo Browser
2015-08-10 15:48 - 2015-08-10 15:48 - 00000000 ____D C:\Program Files (x86)\Acoo Browser
2015-08-10 01:32 - 2015-08-10 01:33 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Sundance
2015-08-10 01:24 - 2015-08-10 01:30 - 00000000 ____D C:\Users\Pestyone\AppData\Local\8pecxstudios
2015-08-10 01:24 - 2015-08-10 01:24 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Mozilla
2015-08-10 01:15 - 2015-08-10 01:15 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Avant Downloader
2015-08-10 00:04 - 2015-08-10 00:04 - 00043269 _____ C:\Users\Pestyone\Documents\Seed box print.odt
2015-08-09 11:40 - 2015-08-09 11:50 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Maxthon3
2015-08-09 11:40 - 2015-08-09 11:50 - 00000000 ____D C:\Program Files (x86)\Maxthon
2015-08-09 11:34 - 2015-08-09 11:35 - 00000000 ____D C:\Users\Pestyone\AppData\Local\midori
2015-08-09 11:34 - 2015-08-09 11:34 - 00000000 ____D C:\Users\Pestyone\AppData\Local\webkit
2015-08-09 11:34 - 2015-08-09 11:34 - 00000000 ____D C:\Users\Pestyone\.dbus-keyrings
2015-08-09 10:50 - 2015-08-09 10:50 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Comodo
2015-08-09 10:50 - 2015-08-09 10:50 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-08-07 19:11 - 2015-08-07 19:11 - 00003146 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2015-08-07 19:02 - 2015-08-13 11:07 - 00015722 _____ C:\WINDOWS\PFRO.log
2015-08-07 18:57 - 2015-08-07 18:57 - 00000000 ____D C:\WINDOWS\LastGood
2015-08-07 18:56 - 2015-08-07 18:56 - 35222128 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-08-07 18:56 - 2015-08-07 18:56 - 06255888 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 05714880 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 04514008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-08-07 18:56 - 2015-08-07 18:56 - 02930904 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 02702552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-08-07 18:56 - 2015-08-07 18:56 - 02585816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 02461528 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 02393432 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 01933584 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 01749208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 01310936 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 00944984 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 00349968 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 00349528 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 00298768 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2015-08-07 18:56 - 2015-08-07 18:56 - 00184688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-08-07 07:14 - 2015-08-07 07:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-07 07:14 - 2015-08-07 07:14 - 00002041 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-08-07 07:13 - 2015-08-07 07:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-07 07:09 - 2015-08-07 07:09 - 75858112 _____ (Adobe Systems Incorporated) C:\Users\Pestyone\Downloads\Install_AdbeRdr11010_en_US [1].exe
2015-08-07 03:28 - 2015-08-07 03:28 - 03555480 _____ (Igor Pavlov) C:\Users\Pestyone\Downloads\sbr7z_x86.exe
2015-08-07 03:23 - 2015-08-07 03:23 - 00036671 _____ C:\Users\Pestyone\Downloads\sbsetup.exe
2015-08-06 19:10 - 2015-05-19 21:26 - 00033616 ____N (Intel Corporation ) C:\WINDOWS\system32\Drivers\iqvw64e.sys
2015-08-06 18:54 - 2015-08-07 03:37 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Skype
2015-08-06 18:54 - 2015-08-07 03:37 - 00000000 ____D C:\ProgramData\Skype
2015-08-06 18:54 - 2015-08-06 18:54 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Skype
2015-08-05 21:56 - 2015-08-13 11:10 - 00005591 _____ C:\WINDOWS\setupact.log
2015-08-05 21:56 - 2015-08-05 21:56 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-05 06:48 - 2015-08-07 05:22 - 00062295 _____ C:\Users\Pestyone\Documents\Hell-O-ween - recovered.odt
2015-08-05 06:43 - 2015-08-06 00:30 - 00015311 _____ C:\WINDOWS\IE11_main.log
2015-08-05 01:44 - 2015-08-05 01:44 - 00402136 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2015-08-05 01:44 - 2015-08-05 01:44 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-08-05 01:34 - 2015-08-05 01:34 - 00003094 _____ C:\WINDOWS\System32\Tasks\{7C1582DD-876F-4BB2-ABFF-C478DA16A747}
2015-08-05 01:23 - 2015-08-05 01:23 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Stanley Lim
2015-08-05 01:23 - 2015-08-05 01:23 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Stanley_Lim
2015-08-05 01:22 - 2015-08-05 01:22 - 00000000 ____D C:\ProgramData\Stanley Lim
2015-08-05 00:30 - 2015-08-06 00:30 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2015-08-05 00:17 - 2015-08-09 10:47 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Moonchild Productions
2015-08-05 00:17 - 2015-08-05 00:17 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Moonchild Productions
2015-08-04 19:17 - 2015-08-04 19:17 - 41069064 _____ (Maxthon International ltd.) C:\Users\Pestyone\Downloads\mx4.4.6.2000.exe
2015-08-04 17:18 - 2015-08-04 17:18 - 00004034 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-08-04 17:18 - 2015-08-04 17:18 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-08-04 17:18 - 2015-08-04 17:18 - 00003224 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files\Dell Support Center
2015-08-04 14:38 - 2015-08-04 14:38 - 12096128 _____ C:\Users\Pestyone\Downloads\Glary Utilities Setup [1].exe
2015-08-04 00:45 - 2015-08-04 00:45 - 00000000 ____D C:\Users\Public\CyberLink
2015-08-04 00:45 - 2015-08-04 00:45 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\CyberLink
2015-08-04 00:45 - 2015-08-04 00:45 - 00000000 ____D C:\Users\Pestyone\AppData\Local\CyberLink
2015-08-04 00:38 - 2015-08-04 00:41 - 00000000 ____D C:\ProgramData\install_clap
2015-08-03 13:26 - 2015-08-13 13:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-03 13:26 - 2015-08-03 13:26 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-03 07:32 - 2015-08-03 07:32 - 00000000 ____D C:\Program Files (x86)\epubreader_setup
2015-08-03 06:34 - 2014-05-02 12:33 - 00000118 ____H C:\DBAR_Ver.txt
2015-08-03 06:33 - 2015-08-04 14:54 - 00000000 ____D C:\ProgramData\softthinks
2015-08-02 02:50 - 2015-08-02 22:48 - 00000045 _____ C:\WINDOWS\SysWOW64\_WKERNEL.SYL
2015-08-02 02:49 - 2010-07-25 22:23 - 00544768 _____ (Stardock Corporation) C:\WINDOWS\SysWOW64\wbocx.ocx
2015-08-02 02:49 - 2010-07-25 22:23 - 00258352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unicows.dll
2015-08-02 02:49 - 2010-07-25 22:23 - 00056496 _____ (Stardock.Net, Inc) C:\WINDOWS\SysWOW64\wbhelp2.dll
2015-08-02 02:49 - 2010-07-25 22:23 - 00033968 _____ (Neil Banfield) C:\WINDOWS\SysWOW64\anim.dll
2015-08-02 02:49 - 2010-07-25 22:23 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\W95INF32.DLL
2015-08-02 02:49 - 2010-07-25 22:23 - 00002272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\W95INF16.DLL
2015-08-02 01:06 - 2015-08-02 01:06 - 00000712 _____ C:\Users\Pestyone\Documents\Keys  freemake 8 - 2 - 15.txt
2015-08-01 16:51 - 2015-08-01 16:51 - 00000000 ____D C:\ProgramData\Astroburn Lite
2015-08-01 15:08 - 2015-08-09 10:37 - 00001342 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2015-08-01 13:46 - 2015-08-01 13:56 - 00000000 ____D C:\Users\Pestyone\AppData\Local\ERW
2015-08-01 13:46 - 2015-08-01 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePub Reader
2015-08-01 13:46 - 2015-08-01 13:46 - 00000000 ____D C:\Program Files (x86)\ePub Reader for Windows
2015-08-01 13:17 - 2015-08-04 14:54 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Soda PDF 7
2015-08-01 13:07 - 2015-08-05 22:53 - 00000000 ____D C:\ProgramData\Soda PDF 7
2015-08-01 12:52 - 2015-08-04 14:54 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Bigasoft Total Video Converter 5
2015-08-01 12:44 - 2011-11-28 14:51 - 00033872 _____ (AnvSoft Inc.) C:\WINDOWS\system32\Drivers\anvsnddrv.sys
2015-07-29 12:50 - 2015-07-29 12:50 - 00026495 _____ C:\Users\Pestyone\Documents\Timed Release - great.htm
2015-07-29 12:50 - 2015-07-29 12:50 - 00000000 ____D C:\Users\Pestyone\Documents\Timed Release - great_files
2015-07-29 12:47 - 2015-07-29 12:47 - 00026510 _____ C:\Users\Pestyone\Documents\Timed Release - the best.htm
2015-07-29 12:47 - 2015-07-29 12:47 - 00000000 ____D C:\Users\Pestyone\Documents\Timed Release - the best_files
2015-07-28 22:11 - 2015-07-28 22:11 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-07-28 22:11 - 2015-07-28 22:11 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-28 04:27 - 2015-07-28 04:27 - 00474782 _____ C:\Users\Pestyone\Documents\A Slave for Tracy_php  5 stars the best.mht
2015-07-26 12:20 - 2015-07-26 12:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner
2015-07-26 12:02 - 2015-07-26 12:02 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Wise Registry Cleaner
2015-07-26 11:51 - 2015-07-26 11:51 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-07-26 11:51 - 2015-07-26 11:51 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-07-26 11:50 - 2015-07-26 11:50 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\AVAST Software
2015-07-26 11:48 - 2015-08-13 11:12 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-26 11:48 - 2015-07-28 22:11 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-26 11:48 - 2015-07-28 22:11 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-07-26 11:48 - 2015-07-28 22:11 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-26 11:48 - 2015-07-28 22:11 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-26 11:48 - 2015-07-28 22:11 - 00115152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2015-07-26 11:48 - 2015-07-28 22:11 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-26 11:48 - 2015-07-28 22:11 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-26 11:48 - 2015-07-28 22:11 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-26 11:48 - 2015-07-28 22:11 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-26 11:48 - 2015-07-26 11:48 - 00001940 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-26 11:48 - 2015-07-26 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-26 11:46 - 2015-07-26 11:46 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-26 11:46 - 2015-07-26 11:46 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-26 10:45 - 2015-08-05 22:52 - 00000000 ____D C:\ProgramData\LULU Software
2015-07-26 10:39 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2015-07-26 10:39 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2015-07-24 06:29 - 2015-07-24 06:29 - 00001345 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2015.lnk
2015-07-24 05:14 - 2015-08-04 14:54 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Bigasoft Video Downloader Pro
2015-07-24 05:07 - 2015-07-24 05:10 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Digiarty
2015-07-24 05:07 - 2015-07-24 05:07 - 00276256 _____ (Digiarty Software, Inc.) C:\WINDOWS\system32\Drivers\DigiartyVirtualCDBus.sys
2015-07-24 05:07 - 2015-07-24 05:07 - 00000000 ____D C:\Program Files\Digiarty
2015-07-24 03:32 - 2015-07-24 03:32 - 00067927 _____ C:\Users\Pestyone\Documents\Cynda's Scene  x  x  x.htm
2015-07-24 03:32 - 2015-07-24 03:32 - 00000000 ____D C:\Users\Pestyone\Documents\Cynda's Scene  x  x  x_files
2015-07-24 02:02 - 2015-07-24 02:02 - 00092603 _____ C:\Users\Pestyone\Documents\Casino_php - x x x x.mht
2015-07-24 00:47 - 2015-07-24 00:47 - 00126197 _____ C:\Users\Pestyone\Documents\Substitute Pledge  x x x.htm
2015-07-24 00:47 - 2015-07-24 00:47 - 00000000 ____D C:\Users\Pestyone\Documents\Substitute Pledge  x x x_files
2015-07-23 20:27 - 2015-07-23 20:27 - 00000585 _____ C:\TR.txt
2015-07-23 20:26 - 2015-07-23 20:28 - 00004608 _____ C:\Users\Pestyone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-23 20:19 - 2015-07-23 20:19 - 01593561 ____N ( ) C:\ProgramData\TR.exe
2015-07-23 20:19 - 2015-07-23 20:19 - 00000001 _____ C:\ProgramData\SRTCTUacSts.txt
2015-07-23 20:02 - 2015-07-24 01:34 - 00000000 ____D C:\ProgramData\Creative
2015-07-23 20:02 - 2015-07-23 20:24 - 00000000 ____D C:\Users\Pestyone\Documents\Dell WebCam Central
2015-07-23 20:01 - 2003-06-12 23:25 - 00007062 _____ C:\WINDOWS\SysWOW64\audiopid.vxd
2015-07-23 19:59 - 2015-07-24 01:34 - 00000000 ____D C:\Program Files (x86)\Creative
2015-07-23 19:59 - 2006-09-19 21:56 - 00057656 ____N C:\WINDOWS\system32\Drivers\FilterPC.bmp
2015-07-23 19:48 - 2015-07-23 19:48 - 00000062 _____ C:\SerialNumber.txt
2015-07-23 19:01 - 2013-08-22 02:57 - 00002131 ___RS C:\Users\Pestyone\Desktop\Camera.lnk
2015-07-23 12:21 - 2015-07-23 12:21 - 00001430 _____ C:\Users\Pestyone\Desktop\LibreOffice Writer.lnk
2015-07-21 15:44 - 2015-07-21 15:44 - 00003048 _____ C:\WINDOWS\System32\Tasks\{6B955214-4325-4252-ADCA-90CDA5DD1B2B}
2015-07-20 15:49 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 15:49 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 15:49 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 15:49 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 15:32 - 2015-08-07 18:57 - 00000000 ____D C:\WINDOWS\system32\DAX2
2015-07-20 15:29 - 2015-07-20 15:29 - 12996528 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2015-07-20 15:29 - 2015-07-20 15:29 - 03234520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-07-20 15:29 - 2015-07-20 15:29 - 03195416 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-07-20 15:29 - 2015-07-20 15:29 - 03157796 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2015-07-20 15:29 - 2015-07-20 15:29 - 03129672 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2015-07-20 15:29 - 2015-07-20 15:29 - 01576976 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2015-07-20 15:29 - 2015-07-20 15:29 - 01374640 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2015-07-20 15:29 - 2015-07-20 15:29 - 01192368 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2015-07-20 15:29 - 2015-07-20 15:29 - 01145264 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2015-07-20 15:29 - 2015-07-20 15:29 - 00980400 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2015-07-20 15:29 - 2015-07-20 15:29 - 00728392 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2015-07-20 13:36 - 2015-07-26 11:45 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-20 13:32 - 2015-07-27 23:29 - 00000000 ____D C:\ProgramData\MFAData
2015-07-20 13:32 - 2015-07-20 13:32 - 00000000 ____D C:\Users\Pestyone\AppData\Local\MFAData
2015-07-19 11:32 - 2015-07-19 11:32 - 00016668 _____ C:\Users\Pestyone\Documents\new docs 7-19-15.odt
2015-07-19 09:28 - 2015-07-19 09:29 - 00000000 ____D C:\Users\Pestyone\Desktop\HP  office  jet
2015-07-19 09:18 - 2015-07-19 09:18 - 00000000 ____D C:\Users\Pestyone\AppData\Local\HP
2015-07-19 05:53 - 2015-07-19 05:59 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Soda PDF 3D Reader
2015-07-17 17:21 - 2015-07-17 17:21 - 00000000 _____ C:\WINDOWS\SysWOW64\mfc45.dll
2015-07-17 15:58 - 2015-07-17 15:58 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\GiliSoft
2015-07-17 14:19 - 2015-08-13 07:56 - 00000000 ____D C:\Users\Pestyone\AppData\Local\ClassicShell
2015-07-17 14:19 - 2015-07-17 14:19 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\ClassicShell
2015-07-17 14:17 - 2015-07-17 14:17 - 00000000 ____D C:\ProgramData\ClassicShell
2015-07-17 14:16 - 2015-07-17 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-07-17 14:16 - 2015-07-17 14:16 - 00000000 ____D C:\Program Files\Classic Shell
2015-07-17 14:02 - 2015-07-19 01:39 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Anvsoft
2015-07-17 13:14 - 2015-07-17 13:14 - 00090955 _____ C:\Users\Pestyone\Documents\Story One Step at a Time arch.htm
2015-07-17 13:14 - 2015-07-17 13:14 - 00000000 ____D C:\Users\Pestyone\Documents\Story One Step at a Time arch_files
2015-07-17 13:13 - 2015-07-17 13:13 - 00090918 _____ C:\Users\Pestyone\Documents\One Step at a Time w.htm
2015-07-17 13:13 - 2015-07-17 13:13 - 00000000 ____D C:\Users\Pestyone\Documents\One Step at a Time w_files
2015-07-17 07:31 - 2015-07-17 07:31 - 00000000 ____D C:\Users\Public\Foxit Software
2015-07-17 07:30 - 2015-07-17 07:30 - 00001373 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2015-07-17 07:30 - 2015-07-17 07:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-07-17 07:06 - 2015-07-17 07:08 - 179306328 _____ C:\Users\Pestyone\Downloads\OJ6830_73 (2).exe
2015-07-16 11:00 - 2015-07-16 11:00 - 00039723 _____ C:\Users\Pestyone\Documents\Classified AD.html
2015-07-16 11:00 - 2015-07-16 11:00 - 00000000 ____D C:\Users\Pestyone\Documents\Classified AD_files
2015-07-16 10:56 - 2015-08-04 14:54 - 00000000 ____D C:\Users\Pestyone\Documents\Wondershare Video Editor
2015-07-16 10:56 - 2015-07-16 10:56 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2015-07-16 10:56 - 2015-02-27 11:33 - 02140712 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcmpgvout.004
2015-07-16 10:56 - 2015-02-27 11:33 - 00531496 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcmpeg2mux.ax
2015-07-16 10:56 - 2015-02-27 11:33 - 00375848 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcm2ve.ax
2015-07-16 10:56 - 2015-02-27 11:33 - 00257064 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcl2ae.ax
2015-07-16 10:56 - 2015-02-27 11:33 - 00244776 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcmpgaout.dll
2015-07-16 10:56 - 2015-02-27 11:33 - 00020520 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcmpgvout.dll
2015-07-14 23:56 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-14 23:56 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-14 23:56 - 2015-06-29 11:07 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-14 23:56 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-14 23:56 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-14 23:56 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-14 23:56 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-14 23:56 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-14 23:56 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-14 23:56 - 2015-05-11 14:17 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-14 23:56 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-14 23:56 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-14 23:56 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-14 23:56 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-14 23:56 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-14 23:56 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-14 23:56 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-14 23:56 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-14 23:56 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-14 23:56 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-14 23:56 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-14 23:56 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-14 23:56 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-14 23:56 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-14 23:56 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-14 23:55 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-14 23:55 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-14 23:55 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-14 23:55 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-14 23:55 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-14 23:55 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-14 23:55 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-14 23:55 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-14 23:55 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-14 23:55 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-14 23:55 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-14 23:55 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-14 23:55 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-14 23:55 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-14 23:55 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-14 23:55 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-14 23:55 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-14 23:55 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-14 23:55 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-14 23:55 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-14 23:55 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-14 23:55 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-14 23:55 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-14 23:55 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-14 23:55 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-14 23:55 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-14 23:55 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-14 23:55 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-14 23:55 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-14 23:55 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-14 23:55 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-14 23:55 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-14 23:55 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-14 23:55 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-14 23:55 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-14 23:55 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-14 23:55 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-14 23:55 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-14 23:55 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-14 23:55 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-14 23:55 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 23:55 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 23:55 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-14 23:55 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-14 23:54 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-14 23:54 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-14 23:54 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-14 23:54 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-14 23:54 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-14 23:54 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-14 23:54 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-14 23:54 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-14 23:53 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-14 23:53 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-14 23:53 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-14 23:53 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-14 23:53 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-14 23:53 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-14 23:53 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-14 23:53 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-14 23:53 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-14 23:53 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-14 23:53 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-14 23:53 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-14 23:53 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-14 23:53 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-14 23:53 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-14 23:53 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-14 23:53 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-14 23:53 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-14 23:53 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-14 23:53 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-14 23:53 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-14 23:53 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-14 23:53 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-14 23:53 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-14 23:53 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-14 23:53 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-14 23:53 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-14 23:53 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-14 23:53 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-14 23:53 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-14 23:53 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-14 23:53 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-14 23:53 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-14 23:53 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-14 23:53 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-14 23:53 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-14 23:53 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-14 23:53 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-14 23:53 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-14 23:53 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-14 23:53 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-14 23:53 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-14 23:53 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-14 23:53 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-14 23:53 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-14 23:53 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-14 23:53 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-13 13:50 - 2015-04-24 14:31 - 00000000 ____D C:\FRST
2015-08-13 13:06 - 2015-02-25 16:20 - 00000000 ____D C:\ProgramData\Ultra Adware Killer
2015-08-13 13:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-13 12:36 - 2015-04-20 10:43 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3116091646-4023644724-1358722376-1001
2015-08-13 12:08 - 2015-03-04 14:55 - 00811008 _____ (Carifred) C:\Users\Pestyone\Desktop\UltraAdwareKiller64.exe
2015-08-13 12:00 - 2015-04-17 22:25 - 01256959 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-13 11:24 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-13 11:17 - 2014-03-18 05:53 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-13 11:16 - 2015-02-22 11:59 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\FileZilla
2015-08-13 11:14 - 2014-09-16 08:44 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-08-13 11:12 - 2015-07-13 03:09 - 00002880 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Pestyone)
2015-08-13 11:10 - 2015-02-21 22:22 - 00000000 ____D C:\Users\Pestyone
2015-08-13 11:10 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-13 11:09 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-13 11:07 - 2015-04-12 16:50 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-08-13 06:23 - 2015-05-12 06:33 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\vlc
2015-08-11 09:39 - 2015-04-12 16:50 - 00109432 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2015-08-11 07:07 - 2015-02-21 23:38 - 00000000 ____D C:\Users\Pestyone\AppData\Local\CrashDumps
2015-08-11 06:45 - 2014-09-16 08:25 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-11 06:40 - 2015-02-21 22:39 - 00000000 ____D C:\ProgramData\ProductData
2015-08-11 06:38 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Speech
2015-08-11 05:32 - 2015-03-16 05:56 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-11 01:57 - 2015-05-02 05:49 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Saleen Software
2015-08-10 01:41 - 2015-03-05 04:12 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Yandex
2015-08-09 11:51 - 2014-09-16 08:26 - 00000000 ____D C:\ProgramData\PocketCloud
2015-08-09 10:37 - 2015-05-25 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-08-09 10:37 - 2015-03-03 00:00 - 00000000 ____D C:\ProgramData\Freemake
2015-08-09 10:15 - 2015-07-06 03:04 - 00000000 ____D C:\Users\Pestyone\Desktop\Con new
2015-08-09 08:21 - 2015-05-25 22:50 - 00001354 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2015-08-09 08:19 - 2015-03-03 00:00 - 00000000 ____D C:\Program Files (x86)\Freemake
2015-08-09 08:01 - 2015-04-05 12:13 - 00000000 ____D C:\Users\Pestyone\Documents\Freemake
2015-08-07 19:25 - 2015-05-12 06:33 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\dvdcss
2015-08-07 19:11 - 2015-04-20 07:55 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-08-07 19:11 - 2014-09-16 08:10 - 01019725 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2015-08-07 19:11 - 2014-09-16 08:10 - 00455938 _____ C:\WINDOWS\system32\Drivers\rtwavesmapro.dat
2015-08-07 19:11 - 2014-09-16 08:10 - 00031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2015-08-07 19:11 - 2014-09-16 08:10 - 00019678 _____ C:\WINDOWS\system32\Drivers\rtwavesmaprocap.dat
2015-08-07 19:11 - 2014-09-16 08:10 - 00010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2015-08-07 18:58 - 2015-07-13 03:09 - 00002168 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-08-07 07:18 - 2015-02-21 22:30 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Adobe
2015-08-07 07:14 - 2015-03-26 15:50 - 00000000 ____D C:\ProgramData\Adobe
2015-08-07 03:40 - 2015-03-16 07:38 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Vso
2015-08-06 16:15 - 2015-04-28 10:00 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\GlarySoft
2015-08-06 16:15 - 2015-04-16 08:06 - 00000000 ____D C:\ProgramData\GlarySoft
2015-08-06 00:30 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-05 23:59 - 2015-03-16 07:39 - 00001059 _____ C:\Users\Pestyone\AppData\Roaming\vso_ts_preview.xml
2015-08-05 03:43 - 2015-06-28 09:42 - 00000000 ____D C:\Program Files\Blender Foundation
2015-08-05 01:44 - 2014-09-16 08:33 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-08-04 17:18 - 2015-04-27 16:35 - 00000000 ____D C:\ProgramData\PCDr
2015-08-04 17:18 - 2014-09-16 08:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-08-04 17:15 - 2015-05-14 18:57 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\PCDr
2015-08-04 17:11 - 2015-03-01 00:07 - 00000000 ____D C:\ProgramData\Yahoo!
2015-08-04 14:55 - 2015-03-07 00:50 - 00000000 ____D C:\ProgramData\VSO
2015-08-04 14:54 - 2015-05-15 03:54 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Yahoo!
2015-08-04 14:54 - 2015-04-25 17:25 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-04 14:54 - 2015-04-24 01:15 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Epson
2015-08-04 14:54 - 2015-04-24 01:09 - 00000000 ____D C:\ProgramData\EPSON
2015-08-04 14:54 - 2015-04-20 10:37 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2015-08-04 14:54 - 2015-04-20 10:37 - 00000000 ____D C:\ProgramData\Wondershare
2015-08-04 14:54 - 2015-04-16 01:00 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\TuneUp Software
2015-08-04 14:54 - 2015-04-10 07:17 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\EasyDuplicateFinder
2015-08-04 14:54 - 2015-03-05 02:46 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Apps\2.0
2015-08-04 14:54 - 2015-02-24 19:38 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\calibre
2015-08-04 14:54 - 2015-02-21 23:32 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\canon
2015-08-04 14:54 - 2015-02-21 22:38 - 00000000 ____D C:\ProgramData\IObit
2015-08-04 14:54 - 2015-02-21 22:31 - 00000000 ____D C:\ProgramData\Atheros
2015-08-04 01:36 - 2014-09-16 08:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-04 01:20 - 2014-09-16 08:27 - 00000000 ____D C:\ProgramData\CyberLink
2015-08-04 00:41 - 2014-09-16 08:27 - 00000000 ____D C:\ProgramData\Temp
2015-08-03 13:27 - 2015-04-10 01:50 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-03 13:27 - 2015-04-10 01:50 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-03 06:03 - 2015-04-16 12:48 - 00000629 _____ C:\Users\Pestyone\AppData\Roaming\burnaware.ini
2015-08-01 18:53 - 2015-02-24 19:38 - 00000000 ____D C:\Users\Pestyone\Documents\Calibre Library
2015-07-26 11:44 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-26 10:57 - 2015-06-28 03:59 - 00000000 ____D C:\Users\Pestyone\AppData\Local\YouTubeMuiscDownloader
2015-07-26 10:47 - 2015-03-14 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-07-26 10:47 - 2015-03-14 16:55 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2015-07-26 10:45 - 2015-07-13 03:09 - 00000000 ____D C:\Program Files (x86)\IObit
2015-07-26 10:39 - 2015-06-29 04:49 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\IObit
2015-07-25 23:23 - 2015-03-26 15:48 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Adobe
2015-07-24 23:29 - 2015-04-05 02:56 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-24 06:29 - 2015-03-14 16:55 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Ashampoo
2015-07-24 06:28 - 2015-03-14 16:55 - 00000000 ____D C:\ProgramData\Ashampoo
2015-07-24 01:37 - 2015-02-22 00:07 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Citrix
2015-07-23 19:58 - 2014-09-16 08:27 - 00000000 ____D C:\DELL
2015-07-23 19:48 - 2014-09-16 08:37 - 00000000 ____D C:\Program Files\Dell
2015-07-22 21:51 - 2015-04-17 22:19 - 00450760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-21 23:25 - 2014-07-17 21:40 - 00000000 ____D C:\Users\Pestyone\Downloads\Capture2Text
2015-07-20 16:16 - 2013-08-22 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-20 13:39 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-20 12:42 - 2014-09-16 08:19 - 00000000 ____D C:\Users\Administrator
2015-07-19 17:44 - 2015-04-13 02:42 - 00000000 __SHD C:\$360Section
2015-07-19 17:44 - 2015-04-11 23:44 - 00000000 ____D C:\ProgramData\360Quarant
2015-07-19 04:19 - 2015-02-24 19:39 - 00000000 ____D C:\Users\Pestyone\AppData\Local\calibre-cache
2015-07-19 01:56 - 2015-02-22 14:11 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-07-17 08:33 - 2015-05-17 01:39 - 00000000 ____D C:\Users\Pestyone\AppData\Local\FileSearchy
2015-07-17 07:31 - 2015-03-05 04:18 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\Foxit Software
2015-07-17 04:57 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-17 00:41 - 2015-04-05 02:56 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-17 00:41 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-17 00:41 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-15 00:03 - 2015-02-23 02:15 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-15 00:03 - 2015-02-23 02:15 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-15 00:02 - 2015-02-22 04:51 - 00000000 ____D C:\WINDOWS\system32\MRT
 
==================== Files in the root of some directories =======
 
2015-04-16 12:48 - 2015-08-03 06:03 - 0000629 _____ () C:\Users\Pestyone\AppData\Roaming\burnaware.ini
2015-06-25 05:06 - 2015-06-25 05:06 - 0068890 _____ () C:\Users\Pestyone\AppData\Roaming\ClassicFTP.dmp
2015-03-16 07:38 - 2015-06-22 04:42 - 0099384 _____ () C:\Users\Pestyone\AppData\Roaming\inst.exe
2015-03-16 07:38 - 2015-06-22 04:42 - 0007859 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.cat
2015-03-16 07:38 - 2015-06-22 04:42 - 0001167 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.inf
2015-04-17 15:07 - 2015-06-22 04:42 - 0000055 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.log
2015-03-16 07:38 - 2015-06-22 04:42 - 0082816 _____ (VSO Software) C:\Users\Pestyone\AppData\Roaming\pcouffin.sys
2015-04-14 01:01 - 2015-04-14 02:15 - 0558080 _____ () C:\Users\Pestyone\AppData\Roaming\SharedSettings.ccs
2015-03-16 07:39 - 2015-08-05 23:59 - 0001059 _____ () C:\Users\Pestyone\AppData\Roaming\vso_ts_preview.xml
2015-04-13 18:39 - 2015-04-13 19:05 - 0000600 _____ () C:\Users\Pestyone\AppData\Roaming\winscp.rnd
2015-07-23 20:26 - 2015-07-23 20:28 - 0004608 _____ () C:\Users\Pestyone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-28 09:52 - 2015-05-02 02:44 - 0000046 _____ () C:\Users\Pestyone\AppData\Local\DonationCoder_findrunrobot_InstallInfo.dat
2015-03-08 14:50 - 2015-03-08 14:50 - 0000414 _____ () C:\Users\Pestyone\AppData\Local\Temp-log.txt
2015-03-08 14:50 - 2015-03-08 14:50 - 0000000 _____ () C:\Users\Pestyone\AppData\Local\Temp.dat
2014-09-16 08:10 - 2014-09-16 08:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-23 20:19 - 2015-07-23 20:19 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt
2015-03-05 04:34 - 2015-03-05 04:34 - 0000032 _____ () C:\ProgramData\Temp.log
2015-07-23 20:19 - 2015-07-23 20:19 - 1593561 ____N (                                                            ) C:\ProgramData\TR.exe
2014-09-16 08:32 - 2014-09-16 08:32 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-16 08:28 - 2014-09-16 08:29 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-16 08:29 - 2014-09-16 08:30 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-16 08:30 - 2014-09-16 08:32 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-16 08:27 - 2014-09-16 08:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\ProgramData\TR.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\mfc45.dll
C:\Windows\SysWOW64\runouce.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-10 04:21
 
==================== End of log ============================


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 13 August 2015 - 01:29 PM


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 13 August 2015 - 01:44 PM

# AdwCleaner v4.208 - Logfile created 13/08/2015 at 14:38:49
# Updated 09/07/2015 by Xplode
# Database : 2015-08-12.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Pestyone - LOSTSOUL
# Running from : C:\Users\Pestyone\Downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\prefs.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\69178582d97ad0fa73c2f02be9b5f0e1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20B9C05C-99C9-4BAB-B596-FB0C0E1C9F55}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\LookSafe
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v
 
 
-\\ Comodo Dragon v43.3.3.185
 
[C:\Users\Pestyone\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Pestyone\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R5].txt - [1634 bytes] - [06/06/2015 05:06:20]
AdwCleaner[R6].txt - [1800 bytes] - [13/08/2015 14:33:49]
AdwCleaner[R7].txt - [1863 bytes] - [13/08/2015 14:37:40]
AdwCleaner[S4].txt - [1689 bytes] - [06/06/2015 05:08:06]
AdwCleaner[S5].txt - [1674 bytes] - [13/08/2015 14:38:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1733  bytes] ##########


#6 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 13 August 2015 - 01:55 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 8.1 x64
Ran by Pestyone on Thu 08/13/2015 at 14:45:25.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\AcooBrowser.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\UCBrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\wbsvc
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver booster 2
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\ProgramData\thunder network
Successfully deleted: [Folder] C:\Users\Pestyone\Appdata\LocalLow\yandex
Successfully deleted: [Folder] C:\Users\Pestyone\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\Users\Pestyone\AppData\Roaming\yandex
Successfully deleted: [Folder] C:\Users\Public\thunder network
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\amd64
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\x86
 
 
 
~~~ Chrome
 
 
[C:\Users\Pestyone\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Pestyone\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Pestyone\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Pestyone\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/13/2015 at 14:52:06.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 16 August 2015 - 06:11 AM

Hello Pestyone


I would like you to rerun FRST for me please



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • When the tool opens click "Yes" for the disclaimer in order to continue using "FRST".
  • Under the section called "Whitelist" make sure all boxes are checked
  • Under the section called "Optional Scan" I would like you to have a check mark next to "Addition.txt"
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo

Edited by gringo_pr, 16 August 2015 - 06:11 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 20 August 2015 - 11:18 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 20 August 2015 - 10:18 PM

I remove all tools before i post lots the tools mess things up ; we missed the attack and i guess the link i posted for some weird reason ; i used Ultradware to remove the problem and it did and the logs you wanted missed it i assumed once you saw the link you'd know the attack and have a fix dang it : (

 

next time i ll post the ultra log and hope somebody has a fast fix once they read it;  so thats all for now  :  (



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 22 August 2015 - 05:13 PM

Thanks for letting me know
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 22 August 2015 - 05:13 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users