Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow PC + Multiple Popups in Chrome


  • This topic is locked This topic is locked
12 replies to this topic

#1 sandanista

sandanista

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 01 November 2015 - 12:52 PM

My PC has started to run very slowly and Chrome browser is innundated with pop-ups. On every page there is a pop-up widget for "related products" and every time I click a link a pop-up appears for something related to shopping. It also appears my Gmail account has been compromised as there are emails for pharmaceutical products in my sent folder which I definitely did not send. My anti-virus/malware software has detected nothing. Please help! Many thanks in advance.

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by ME (administrator) on WIN-8RTV1EUU18L (01-11-2015 17:21:52)
Running from C:\Users\ME\Downloads
Loaded Profiles: ME (Available Profiles: ME)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3779496 2015-10-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-10-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2014-07-14]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\ME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BurnInTest.lnk [2013-10-16]
ShortcutTarget: BurnInTest.lnk -> C:\Program Files\BurnInTest\bit.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3B8D625E-1E37-40F3-AE33-9EBD18F46C96}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{61BE1086-B267-485A-917F-CBFB5AAC616D}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2459536500-2586855991-2858596570-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-28] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-28] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\ME\AppData\Roaming\Mozilla\Firefox\Profiles\ge5dxxm8.default-1439843171663
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2459536500-2586855991-2858596570-1000: @citrixonline.com/appdetectorplugin -> C:\Users\ME\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-04] (Citrix Online)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Webpage Screenshot) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-01-05]
CHR Extension: (Google Search) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
CHR Extension: (ShareMetric) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhnijlahkclijpefbcimahdcgcjbmnnp [2015-10-19]
CHR Extension: (Capture Webpage Screenshot Entirely. FireShot) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-19] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-20] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-29] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-05] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-05] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-07] (Ralink) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-01 17:21 - 2015-11-01 17:22 - 00016789 _____ C:\Users\ME\Downloads\FRST.txt
2015-11-01 17:21 - 2015-11-01 17:21 - 02198016 _____ (Farbar) C:\Users\ME\Downloads\FRST64.exe
2015-11-01 17:21 - 2015-11-01 17:21 - 00000000 ____D C:\FRST
2015-10-31 15:05 - 2015-09-09 22:26 - 789046893 _____ C:\Users\ME\Downloads\04881f5d60.flv
2015-10-31 14:30 - 2015-06-16 19:27 - 1069026421 _____ C:\Users\ME\Downloads\hex.mp4
2015-10-31 13:35 - 2015-10-31 13:45 - 984070817 _____ C:\Users\ME\Downloads\1cc3716b5a.mp4.002
2015-10-31 13:35 - 2015-10-31 13:45 - 1048576000 _____ C:\Users\ME\Downloads\1cc3716b5a.mp4.001
2015-10-31 13:28 - 2015-10-31 13:28 - 00000000 ____D C:\Users\ME\Downloads\img
2015-10-29 09:56 - 2015-10-29 10:08 - 274417594 _____ C:\Users\ME\Downloads\93.C1bp.wmv
2015-10-29 09:55 - 2015-10-29 10:13 - 495023140 _____ C:\Users\ME\Downloads\0E.pJ3GNLt25l.wmv
2015-10-29 09:55 - 2015-10-29 10:03 - 162293647 _____ C:\Users\ME\Downloads\0F.pCL3bEltyltqsltt.mp4
2015-10-28 17:51 - 2015-10-22 17:12 - 00000070 _____ C:\Users\ME\Downloads\Halloween
2015-10-28 08:28 - 2015-10-28 08:30 - 00000000 ____D C:\Users\ME\Downloads\Block385
2015-10-27 21:48 - 2015-10-27 21:48 - 01424903 _____ C:\Users\ME\Downloads\Block385.rar
2015-10-26 10:39 - 2015-10-24 21:37 - 00000071 _____ C:\Users\ME\Downloads\18
2015-10-19 19:56 - 2015-10-19 19:56 - 00000000 __SHD C:\found.000
2015-10-19 13:03 - 2015-10-31 13:27 - 00000000 ____D C:\Users\ME\Downloads\file
2015-10-19 13:00 - 2015-08-01 11:40 - 164794023 _____ C:\Users\ME\Downloads\0FE6B6AED2D5B50.mp4
2015-10-19 12:50 - 2015-06-01 08:43 - 00000000 ____D C:\Users\ME\Downloads\3m7y92S0DR3ST3rnutztmch3nf4ch4us
2015-10-19 12:32 - 2015-10-19 12:32 - 00315312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-10-18 21:22 - 2015-10-18 21:26 - 835293647 _____ C:\Users\ME\Downloads\backup-10.18.2015_22-18-54_retroyou.tar.gz
2015-10-14 19:20 - 2015-09-18 19:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 19:20 - 2015-09-18 18:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 19:20 - 2015-09-16 04:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 19:20 - 2015-09-16 04:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 19:20 - 2015-09-16 04:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 19:20 - 2015-09-16 04:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 19:20 - 2015-09-16 04:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 19:20 - 2015-09-16 04:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 19:20 - 2015-09-16 04:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 19:20 - 2015-09-16 04:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 19:20 - 2015-09-16 03:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 19:20 - 2015-09-16 03:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 19:20 - 2015-09-16 03:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 19:20 - 2015-09-16 03:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 19:20 - 2015-09-16 03:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 19:20 - 2015-09-16 03:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 19:20 - 2015-09-16 03:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 19:20 - 2015-09-16 03:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 19:20 - 2015-09-16 03:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 19:20 - 2015-09-16 03:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 19:20 - 2015-09-16 03:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 19:20 - 2015-09-16 03:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 19:20 - 2015-09-16 03:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 19:20 - 2015-09-16 03:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 19:20 - 2015-09-16 03:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 19:20 - 2015-09-16 03:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 19:20 - 2015-09-16 03:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 19:20 - 2015-09-16 03:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 19:20 - 2015-09-16 03:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 19:20 - 2015-09-16 03:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 19:20 - 2015-09-16 03:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 19:20 - 2015-09-16 03:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 19:20 - 2015-09-16 03:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 19:20 - 2015-09-16 02:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 19:20 - 2015-09-16 02:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 19:20 - 2015-09-16 02:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 19:20 - 2015-09-16 02:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 19:20 - 2015-09-16 02:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 19:20 - 2015-09-16 02:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 19:20 - 2015-09-16 02:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 19:20 - 2015-08-06 18:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 19:20 - 2015-08-06 18:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 19:20 - 2015-08-06 17:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 19:20 - 2015-08-06 17:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 19:19 - 2015-09-29 03:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 19:19 - 2015-09-29 03:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 19:19 - 2015-09-29 03:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 19:19 - 2015-09-29 03:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 19:19 - 2015-09-29 03:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 19:19 - 2015-09-29 03:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 19:19 - 2015-09-29 03:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 19:19 - 2015-09-29 03:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 19:19 - 2015-09-29 03:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 19:19 - 2015-09-29 03:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 19:19 - 2015-09-29 03:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 19:19 - 2015-09-29 03:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 19:19 - 2015-09-29 03:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 19:19 - 2015-09-29 03:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 19:19 - 2015-09-29 03:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 19:19 - 2015-09-29 03:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 19:19 - 2015-09-29 03:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 19:19 - 2015-09-29 03:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 19:19 - 2015-09-29 03:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 19:19 - 2015-09-29 03:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 19:19 - 2015-09-29 03:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 19:19 - 2015-09-29 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 19:19 - 2015-09-29 03:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 19:19 - 2015-09-29 03:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 19:19 - 2015-09-29 03:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 19:19 - 2015-09-29 03:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 19:19 - 2015-09-29 03:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 19:19 - 2015-09-29 03:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 19:19 - 2015-09-29 02:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 19:19 - 2015-09-29 02:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 19:19 - 2015-09-29 02:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 19:19 - 2015-09-29 02:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 19:19 - 2015-09-29 02:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 19:19 - 2015-09-29 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 19:19 - 2015-09-29 02:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 19:19 - 2015-09-29 02:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 19:19 - 2015-09-29 02:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 19:19 - 2015-09-29 02:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 19:19 - 2015-09-29 02:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 19:19 - 2015-09-29 02:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 19:19 - 2015-09-29 02:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 19:19 - 2015-09-29 02:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 19:19 - 2015-09-29 02:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 01:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 19:19 - 2015-09-29 01:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 19:19 - 2015-09-29 01:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 19:19 - 2015-09-29 01:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 19:19 - 2015-09-29 01:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 19:19 - 2015-09-29 01:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 01:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 01:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 19:19 - 2015-09-29 01:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 19:19 - 2015-09-25 18:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 19:19 - 2015-09-25 18:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 19:19 - 2015-09-25 18:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 19:19 - 2015-09-25 18:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 19:19 - 2015-09-25 18:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 19:19 - 2015-09-25 18:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 19:19 - 2015-09-25 18:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 19:19 - 2015-09-25 18:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 19:19 - 2015-09-25 18:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 19:19 - 2015-09-25 18:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 19:19 - 2015-09-25 18:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 19:19 - 2015-09-25 17:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 19:19 - 2015-09-25 17:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 19:19 - 2015-09-25 17:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 19:19 - 2015-09-25 17:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 19:19 - 2015-09-25 17:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 19:19 - 2015-09-16 04:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 19:19 - 2015-09-16 04:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 19:19 - 2015-09-16 04:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 19:19 - 2015-09-16 04:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 19:19 - 2015-09-16 04:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 19:19 - 2015-09-16 04:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 19:19 - 2015-09-16 04:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 19:19 - 2015-09-16 04:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 19:19 - 2015-09-16 04:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 19:19 - 2015-09-16 04:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 19:19 - 2015-09-16 03:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 19:19 - 2015-09-16 03:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 19:19 - 2015-09-16 03:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 19:19 - 2015-09-16 03:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 19:19 - 2015-09-16 03:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 19:19 - 2015-09-16 03:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 19:19 - 2015-09-16 03:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 19:19 - 2015-09-16 03:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 19:19 - 2015-09-16 03:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 19:19 - 2015-09-16 03:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 19:19 - 2015-09-16 03:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 19:19 - 2015-09-16 02:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 19:19 - 2015-09-16 02:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 19:19 - 2015-09-16 02:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 19:19 - 2015-09-15 18:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 19:19 - 2015-09-15 18:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 19:19 - 2015-09-15 18:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 19:19 - 2015-09-15 18:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 19:19 - 2015-09-15 18:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 19:19 - 2015-09-15 18:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 19:19 - 2015-09-15 18:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 19:19 - 2015-09-15 18:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 19:19 - 2015-09-15 18:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 19:19 - 2015-09-15 17:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 19:19 - 2015-09-15 17:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 19:19 - 2015-09-15 17:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 19:19 - 2015-09-15 17:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 19:16 - 2015-10-01 18:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 19:16 - 2015-10-01 18:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 19:16 - 2015-10-01 18:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 19:16 - 2015-10-01 18:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 19:16 - 2015-10-01 18:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 19:16 - 2015-10-01 18:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 19:16 - 2015-10-01 18:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 19:16 - 2015-10-01 17:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 19:16 - 2015-10-01 17:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 19:16 - 2015-09-18 19:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-14 19:16 - 2015-09-18 19:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-14 19:16 - 2015-09-18 19:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-14 19:16 - 2015-09-18 19:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-14 19:16 - 2015-09-18 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-14 19:16 - 2015-09-18 19:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 19:16 - 2015-09-18 19:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 19:16 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 08:42 - 2015-10-08 17:29 - 509543089 _____ C:\Users\ME\Downloads\ab.wmv
2015-10-12 10:27 - 2015-10-12 10:54 - 00000302 _____ C:\Users\ME\Desktop\required-ortho-tools.txt
2015-10-03 22:01 - 2015-10-03 22:03 - 00001980 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-10-03 22:01 - 2015-10-03 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-10-03 22:01 - 2015-10-03 22:01 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-10-03 16:13 - 2015-10-03 16:14 - 18786515 _____ C:\Users\ME\Downloads\ITI Treatment Guide 4.epub
2015-10-03 16:11 - 2015-10-03 16:11 - 14385037 _____ C:\Users\ME\Downloads\ITI Treatment Guide 3.epub
2015-10-03 16:08 - 2015-10-03 16:08 - 19709804 _____ C:\Users\ME\Downloads\ITI Treatment Guide 1.epub
2015-10-03 16:07 - 2015-10-03 16:11 - 12023694 _____ C:\Users\ME\Downloads\ITI Treatment Guide 2.epub
 
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-01 17:21 - 2014-12-29 08:07 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-01 17:21 - 2014-07-14 20:01 - 02048671 _____ C:\Windows\WindowsUpdate.log
2015-11-01 17:19 - 2014-08-11 11:29 - 00000000 ____D C:\Users\ME\AppData\Local\Adobe
2015-11-01 17:17 - 2009-07-14 04:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-01 17:17 - 2009-07-14 04:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-01 17:15 - 2009-07-14 05:13 - 00803274 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-01 17:14 - 2014-07-16 04:10 - 00000000 ____D C:\ProgramData\MFAData
2015-11-01 17:08 - 2014-07-14 12:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-01 17:08 - 2013-10-16 17:24 - 00057229 _____ C:\Windows\setupact.log
2015-11-01 17:08 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-31 21:27 - 2015-07-14 22:24 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-10-31 21:27 - 2014-09-04 13:01 - 00000532 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2459536500-2586855991-2858596570-1000.job
2015-10-31 21:26 - 2014-07-14 12:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-31 21:24 - 2015-06-05 15:08 - 00000628 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2459536500-2586855991-2858596570-1000.job
2015-10-31 20:17 - 2015-04-08 21:57 - 00000000 ____D C:\Users\ME\Desktop\True Detective
2015-10-31 16:00 - 2014-08-06 22:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-29 10:30 - 2015-03-15 23:44 - 00001456 _____ C:\Users\ME\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-10-29 08:02 - 2010-11-21 03:47 - 00291296 _____ C:\Windows\PFRO.log
2015-10-28 17:17 - 2014-08-19 08:31 - 00000000 ____D C:\Users\ME\AppData\Roaming\vlc
2015-10-28 14:36 - 2014-09-21 20:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 09:29 - 2015-06-05 15:08 - 00003666 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2459536500-2586855991-2858596570-1000
2015-10-27 09:29 - 2014-09-04 13:01 - 00003570 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2459536500-2586855991-2858596570-1000
2015-10-26 13:29 - 2014-07-14 12:48 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-23 17:12 - 2015-08-02 08:13 - 00000967 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-10-23 17:12 - 2014-07-16 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-22 10:14 - 2015-03-09 10:20 - 00001789 _____ C:\Users\Public\Desktop\Blue Sky Plan 3.lnk
2015-10-22 07:51 - 2014-08-06 22:01 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-22 07:51 - 2014-08-06 22:01 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-22 07:51 - 2014-08-06 22:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-20 22:23 - 2013-10-15 12:34 - 00795396 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-19 21:26 - 2014-07-16 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Sky Plan 3
2015-10-19 21:26 - 2014-07-16 03:46 - 00000000 ____D C:\Program Files\BlueSkyPlan3
2015-10-18 23:43 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-10-18 23:02 - 2015-07-14 22:24 - 00003894 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-10-18 21:13 - 2015-08-05 08:38 - 00000000 ____D C:\Users\ME\AppData\Local\Avg
2015-10-16 06:42 - 2015-03-04 09:09 - 00000000 ____D C:\Users\ME\Desktop\better call saul
2015-10-15 08:32 - 2015-04-16 07:06 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 08:32 - 2015-04-16 07:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-14 22:05 - 2013-10-15 13:44 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 22:02 - 2013-10-15 13:44 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 19:21 - 2014-07-17 05:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-10 15:25 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-08 20:45 - 2015-04-06 21:49 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 14:01 - 2015-04-06 21:49 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-05 07:14 - 2015-02-06 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-04 12:43 - 2015-08-26 19:01 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 09:12 - 2015-08-30 07:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-02 07:11 - 2015-02-21 13:18 - 00000000 ____D C:\Users\ME\Desktop\Life Life
 
==================== Files in the root of some directories =======
 
2015-10-29 10:31 - 2015-10-29 10:31 - 0000132 _____ () C:\Users\ME\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-15 23:44 - 2015-10-29 10:30 - 0001456 _____ () C:\Users\ME\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-08-21 23:21 - 2014-08-21 23:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\ME\AppData\Local\Temp\devcon64.exe
C:\Users\ME\AppData\Local\Temp\paint.net.4.0.5.install.exe
C:\Users\ME\AppData\Local\Temp\readSTILog.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-22 20:46
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by ME (2015-11-01 17:22:43)
Running from C:\Users\ME\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-14 19:59:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2459536500-2586855991-2858596570-500 - Administrator - Disabled)
Guest (S-1-5-21-2459536500-2586855991-2858596570-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2459536500-2586855991-2858596570-1002 - Limited - Enabled)
ME (S-1-5-21-2459536500-2586855991-2858596570-1000 - Administrator - Enabled) => C:\Users\ME
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6173 - AVG Technologies)
AVG 2015 (Version: 15.0.4455 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6173 - AVG Technologies) Hidden
Blue Sky Plan 3.29.18 (HKLM\...\{654872EF-14DC-4937-A849-4BC06163A896}_is1) (Version:  - Blue Sky Bio, LLC)
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - Canon Inc.)
CDT2STL 1.0 (HKLM-x32\...\{931F4005-1CF8-435A-AE78-652E75F75B03}_is1) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson User's Guide Epson Perfection V550 Photo (HKLM-x32\...\Epson Perfection V550 Photo Useg) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 7.4.1.3770 (HKU\S-1-5-21-2459536500-2586855991-2858596570-1000\...\GoToMeeting) (Version: 7.4.1.3770 - CitrixOnline)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
K-Lite Mega Codec Pack 10.6.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2459536500-2586855991-2858596570-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Opera Stable 32.0.1948.69 (HKLM-x32\...\Opera 32.0.1948.69) (Version: 32.0.1948.69 - Opera Software)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.24.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45471 - TeamViewer)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.5 - MSI)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2459536500-2586855991-2858596570-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2459536500-2586855991-2858596570-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2015-10-03 22:01 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FB17C92-6719-4871-8D44-C4A0DF898DBA} - System32\Tasks\AdobeAAMUpdater-1.0-WIN-8RTV1EUU18L-ME => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {1C0A332B-4337-45BF-ADB3-C64C6D32BAE3} - System32\Tasks\1114avUpdateInfo => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe [2014-10-08] ()
Task: {1CA55ECF-4C1A-4948-821F-2E7CE667F715} - System32\Tasks\G2MUploadTask-S-1-5-21-2459536500-2586855991-2858596570-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\3770\g2mupload.exe [2015-10-27] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {25566534-4FF6-4E49-B40B-85473833FEF8} - System32\Tasks\0614aUpdateInfo => C:\ProgramData\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe [2014-06-19] ()
Task: {3BE786A7-B9A1-41C5-828A-08FCBAFFD296} - System32\Tasks\0915avUpdateInfo => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe [2015-07-26] ()
Task: {490B94A1-FCE4-4F4C-A4EC-04C0662C72FD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-28] (Microsoft Corporation)
Task: {72E27848-2C9C-4D25-9C19-8A9D66E40A58} - System32\Tasks\1214avUpdateInfo => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe [2014-10-26] ()
Task: {7C8534FE-85C1-4145-8E72-4D35EBCD10C2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {81E1BAA7-908A-4FC7-9BAE-F42D448F3741} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {92372AC5-A65F-4697-AC3D-6BE57FBD5284} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {94DE6AD0-7947-43BA-86D9-39EF7A2B659D} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe [2015-02-17] ()
Task: {9941F1E5-B016-4524-B6DA-528DBC8E44D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-22] (Adobe Systems Incorporated)
Task: {B0A9ECDD-2487-47C1-BAE7-3ABE518DB9C2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {B65356FA-1512-4129-B108-DF0DB21B16B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {BC09513F-0539-416F-9859-0D48CBBD08BB} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-12] ()
Task: {BE0A4558-C616-435C-A190-5D8E50634AD5} - System32\Tasks\0715avUpdateInfo => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe [2015-07-07] ()
Task: {C93FB847-C759-4D8A-8801-16DF91CE8BEF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2459536500-2586855991-2858596570-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\3770\g2mupdate.exe [2015-10-27] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E86EF156-E80D-41CE-A88E-C1A6A70F436A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe [2015-10-22] (Adobe Systems Incorporated)
Task: {EDE9CC31-9C5D-41F7-9AD5-B9D4FC50FA8A} - System32\Tasks\Opera scheduled Autoupdate 1407296349 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-25] (Opera Software)
Task: {F3EB6FDD-ADE0-4844-BD72-1837B0E775E9} - System32\Tasks\0415avUpdateInfo => C:\ProgramData\Avg_Update_0415av\0415av_AVG-Secure-Search-Update.exe [2015-04-21] ()
Task: {FED951F2-1D88-48DC-B792-5D922F9AD4F8} - System32\Tasks\0615avUpdateInfo => C:\ProgramData\Avg_Update_0615av\0615av_AVG-Secure-Search-Update.exe [2015-05-07] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0415avUpdateInfo.job => C:\ProgramData\Avg_Update_0415av\0415av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0614aUpdateInfo.job => C:\ProgramData\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0615avUpdateInfo.job => C:\ProgramData\Avg_Update_0615av\0615av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0915avUpdateInfo.job => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1214avUpdateInfo.job => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2459536500-2586855991-2858596570-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\3770\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2459536500-2586855991-2858596570-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\3770\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-28 14:35 - 2015-09-01 16:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-21 20:24 - 2015-10-07 19:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-14 13:00 - 2012-11-27 18:12 - 01210256 _____ () C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
2015-10-26 13:29 - 2015-10-20 14:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-26 13:29 - 2015-10-20 14:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2014-07-14 12:49 - 2013-05-16 23:06 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-10-26 13:29 - 2015-10-20 14:08 - 16493384 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2459536500-2586855991-2858596570-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ME\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1B05D1F2-3423-492C-B685-8D59C66D5711}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{1D5D272E-CBEF-462B-988D-F3DABA3EC794}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{96F1D73D-5DE9-4002-82F8-3C498818F141}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{7F75B7A3-2F08-4D48-85AE-270CB0C4D8CB}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{358A63C8-4114-4660-884E-5AE191C83F90}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{5A66EFB2-5EF0-4AC0-9132-6B69ECDC8F6E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{9E4D7DC6-ADD9-4842-961D-D24EC56263B5}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{22DDCBD5-7B4F-4D55-A1D0-3C9A85955EDE}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{02FB0E2A-3606-46F3-AB23-17F39AE089E1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0B2B8086-C5F9-4BA1-AE9F-1363BB8D04EC}] => (Allow) C:\Users\ME\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E5A567E3-C477-4431-862F-4E9B1308D051}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{236DDB62-AE6D-4CDA-8005-9FB25B24B232}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{749599A7-2338-4717-A1D3-CE46BBB59747}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{42941589-0091-4175-B28F-2C5361953B26}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{61EF2C66-6421-428A-AD55-EA8F59E219D2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FC195048-0A15-41C4-9B09-CE1FE5DDB825}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{91D5E284-7BC8-4609-816D-D776D4492375}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3701EEDF-E1AC-46EC-8357-93ED28BF4017}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{493B9C9B-F358-410D-A8FC-94A885BE929F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{38274AEB-2359-4301-8F13-DB478FDD8700}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B7D4E51D-4D14-4C02-B3BA-A2F1903A8D6D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{04FC7AAF-CF09-401F-99E9-01AE75D452ED}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{E3F6D829-9321-4424-AE62-9A89A1303A7B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{B45579DC-AC0B-4377-96CC-3D87A22648F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{8D05F54E-7196-4CD5-B5DA-23DEA118AA67}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{AD9F2A19-99A4-488F-8619-BD9D6B423401}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C93C2050-C960-4250-BEA3-005DAD571AF5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{D94DCF35-DC69-4CDD-A357-689F036C0C6A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{C3C299F3-C4F2-4E70-BD38-6BC0AF4D21E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/01/2015 05:10:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/31/2015 09:38:01 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6008.  Message ID: [0x2509].
 
Error: (10/31/2015 09:24:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/31/2015 08:12:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/31/2015 05:04:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/31/2015 04:28:17 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 11532.  Message ID: [0x2509].
 
Error: (10/31/2015 03:05:49 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 9800.  Message ID: [0x2509].
 
Error: (10/31/2015 01:15:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/29/2015 08:04:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/29/2015 12:57:56 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5064.  Message ID: [0x2509].
 
 
System errors:
=============
Error: (10/31/2015 09:32:54 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (10/28/2015 05:28:11 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (10/28/2015 03:27:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (10/27/2015 07:38:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MSI_Trigger_Service service failed to start due to the following error: 
%%1053
 
Error: (10/27/2015 07:38:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MSI_Trigger_Service service to connect.
 
Error: (10/26/2015 02:33:00 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (10/26/2015 08:28:27 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (10/26/2015 08:28:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (10/26/2015 08:28:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (10/26/2015 08:28:25 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 16262.06 MB
Available physical RAM: 11007.31 MB
Total Virtual: 32522.33 MB
Available Virtual: 26991.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:931.41 GB) (Free:43.5 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
Drive h: () (Fixed) (Total:232.82 GB) (Free:4.85 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16396F3E)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: E26A2E91)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 
 
 


BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:53 AM

Posted 05 November 2015 - 06:34 AM

Hi, sandanista! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

Now then, let's get to work!

 

Regarding your Gmail account, if you haven't already, please get onto a known clean computer and change your password. I strongly advise that you do not log into your Gmail account on this computer until I can verify you're clean. :)

 

AdwCleaner

I need you to run AdwCleaner to see what it will remove. Hopefully, this will find what is bugging Chrome, and possibly other baddies.

  • Download AdwCleaner from here, and save it to your desktop.
  • Close all open programs.
  • Open the file on your desktop, and click the Scan button. Once it's done scanning, click Report, and a text file will open up. Please copy and paste it into your reply.

Farbar Recovery Scan Tool

Next, I need you to run a fix with FRST. This will get rid of some orphans and other junk.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    Startup: C:\Users\ME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BurnInTest.lnk [2013-10-16]
    Hosts: 0.0.0.1 mssplus.mcafee.com
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    C:\found.000
    C:\ProgramData\DP45977C.lfl
    C:\Users\ME\AppData\Local\Temp\devcon64.exe
    C:\Users\ME\AppData\Local\Temp\paint.net.4.0.5.install.exe
    C:\Users\ME\AppData\Local\Temp\readSTILog.dll
    Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
    PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Uninstall Programs

I need you to uninstall some programs using either Programs and Features or Revo Uninstaller.

 

It looks like you're running more than one antivirus program (AVG and McAfee). Having more than one AV installed at the same time does more harm than good, often causing false alarms with malware notifications and system performance issues, such as slowing your system down drastically or even freezing from both programs trying to access the same file at the same time. To make things better and easier for the both of us, I need you to remove one of the programs. Just as a fair warning, though, your McAfee installation seems to be somewhat botched (it doesn't appear as an AV in the Security Center), so even if you want to keep it, I strongly advise reinstalling it.

 

Also, do you use Adobe Reader? It's totally legitimate, but it's also commonly targeted by malware to exploit, so it's best to get rid of it if you don't need it. Firefox has a built-in PDF reader, and I know you can download PDF.js for Chrome, as well as several other alternatives. You don't have to get rid of it if you don't want to, though. :)

If you want to use Programs and Features:

  • Go to Start > Control Panel > Programs and Features.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader XI (11.0.13)

    AVG 2015 or McAfee Security Scan Plus
    by clicking Change/Remove, and following the prompts in the uninstaller.

If you have any problems uninstalling a program using Programs and Features, proceed to the below method.

If you want to use Revo Uninstaller (which does a better job at cleaning up):

  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader XI (11.0.13)
    AVG 2015 or McAfee Security Scan Plus
  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

As a footnote, do you recognize everything in your Downloads folder? It can be a little difficult to discern what's a snuck-in infection or just a messy war zone of legitimate downloads. :P

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 sandanista

sandanista
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 05 November 2015 - 05:57 PM

Hello,

Thank you for the help. I have followed all the steps detailed above. I uninstalled McAfee through Programs and Features as it did not appear in the list of programs in Revo Uninstaller. I used Revo Uninstaller to uninstall Adobe Reader.

 

Here are the logs:

 

AdwCleaner:

 

 

# AdwCleaner v5.018 - Logfile created 05/11/2015 at 22:23:41
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : ME - WIN-8RTV1EUU18L
# Running from : C:\Users\ME\Downloads\adwcleaner_5.018.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\ProgramData\abc
Folder Found : C:\ProgramData\Avg_Update_0215av
Folder Found : C:\ProgramData\Avg_Update_0415av
Folder Found : C:\ProgramData\Avg_Update_0615av
Folder Found : C:\ProgramData\Avg_Update_0715av
Folder Found : C:\ProgramData\Avg_Update_0814av
Folder Found : C:\ProgramData\Avg_Update_0915av
Folder Found : C:\ProgramData\Avg_Update_1114av
Folder Found : C:\ProgramData\Avg_Update_1214av
Folder Found : C:\Users\ME\AppData\Roaming\abc

***** [ Files ] *****

File Found : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Found : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
File Found : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
File Found : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
File Found : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKU\S-1-5-18\Software\Avg Secure Update

***** [ Web browsers ] *****

[C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bopakagnckmlgajfccecajhnimjiiedh

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3038 bytes] ##########

 

 

 

FRST:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by ME (2015-11-05 22:29:03) Run:1
Running from C:\Users\ME\Desktop
Loaded Profiles: ME (Available Profiles: ME)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Startup: C:\Users\ME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BurnInTest.lnk [2013-10-16]
Hosts: 0.0.0.1 mssplus.mcafee.com
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
C:\found.000
C:\ProgramData\DP45977C.lfl
C:\Users\ME\AppData\Local\Temp\devcon64.exe
C:\Users\ME\AppData\Local\Temp\paint.net.4.0.5.install.exe
C:\Users\ME\AppData\Local\Temp\readSTILog.dll
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
C:\Users\ME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BurnInTest.lnk => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
MSICDSetup => service removed successfully
NTIOLib_1_0_C => service removed successfully
C:\found.000 => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\ME\AppData\Local\Temp\devcon64.exe => moved successfully
C:\Users\ME\AppData\Local\Temp\paint.net.4.0.5.install.exe => moved successfully
C:\Users\ME\AppData\Local\Temp\readSTILog.dll => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D80A7B7-DC01-485D-AE93-710D559B5C56}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-008C-0000-0000-0000000FF1CE}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-008F-0000-1000-0000000FF1CE}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-008C-0409-0000-0000000FF1CE}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}\\SystemComponent => value removed successfully

==== End of Fixlog 22:29:03 ====

 

 

Many thanks



#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:53 AM

Posted 06 November 2015 - 01:17 AM

Hi,

 

Excellent! :) Now then, time for AdwCleaner to work its magic!

 

Please open AdwCleaner again and run another scan. This time, though, when it's finished, hit the Cleaning button. Accept any prompts you receive from the program, including prompts to reboot. Once it's finished, a text file will be made. Please copy and paste it into your reply.

 

Also, did you miss my question regarding your Downloads folder? :)

 

How did that fix work? Are things running better now?

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 sandanista

sandanista
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 06 November 2015 - 03:49 AM

Hello,

Thank you again for all your help.

I have had a look in the download folder, there was one unknown file, file type was simply 'file', it was 1kb in size but it was created after I started this thread. I have deleted it, but I am not sure if that was the culprit or not as it was created after I started the thread.

Anyway, I have run AdwCleaner. Things are running much better now, no more crazy popups in chrome and everything is much faster.

 

This is the log for AdwCleaner:

 

# AdwCleaner v5.018 - Logfile created 06/11/2015 at 08:37:40
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : ME - WIN-8RTV1EUU18L
# Running from : C:\Users\ME\Downloads\adwcleaner_5.018.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\abc
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215av
[-] Folder Deleted : C:\ProgramData\Avg_Update_0415av
[-] Folder Deleted : C:\ProgramData\Avg_Update_0615av
[-] Folder Deleted : C:\ProgramData\Avg_Update_0715av
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814av
[-] Folder Deleted : C:\ProgramData\Avg_Update_0915av
[-] Folder Deleted : C:\ProgramData\Avg_Update_1114av
[-] Folder Deleted : C:\ProgramData\Avg_Update_1214av
[-] Folder Deleted : C:\Users\ME\AppData\Roaming\abc

***** [ Files ] *****

[-] File Deleted : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
[-] File Deleted : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[!] Key Not Deleted : HKU\S-1-5-18\Software\Avg Secure Update

***** [ Web browsers ] *****

[-] [C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3302 bytes] ##########

 

 

Many thanks



#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:53 AM

Posted 06 November 2015 - 05:24 AM

Hi,

 

Fantastic! I'm glad I could help! :thumbup2:

 

The file you deleted probably wasn't the culprit, but it's always a good idea to delete anything suspicious. :)

 

Malwarebytes

Now, I need you to run a scan with Malwarebytes Anti-Malware to check for any leftovers.

  • Double-click the MBAM shortcut on your desktop (or single-click the one in your start menu) to open MBAM.
  • Click Update Now >>, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, click Scan at the top of the main interface. Then select the Custom Scan option, and hit the Configure Scan button. On this screen, make sure every box is checked, then start the scan. If there is an update available, allow MBAM to update.
  • Once the scan is finished, click Apply Actions to any found malware. If MBAM asks you to reboot, do so immediately.
  • When done, retrieve the log by clicking History on the main interface, then Application logs. View the log of the scan you just ran, then click the Copy to Clipboard button, and paste it into your reply.

Lastly, please run a new scan with FRST so that I may check for anything leftover myself. Only one log should be made this time; please copy and paste it into your reply. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 sandanista

sandanista
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 06 November 2015 - 12:13 PM

Hello,
Thanks for all the help! I have had to travel away for the next 10 days so I will be away from the infected PC. I know you normally would close a thread but can you please leave this thread open so we can continue in when I return? I will be able to complete the steps and post the logs then. Thanks again

#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:53 AM

Posted 06 November 2015 - 12:32 PM

Hi,

 

No problem! Thank you for letting me know in advance. See you then! :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:53 AM

Posted 19 November 2015 - 05:18 PM

Hi,

 

It's been three days since you said you'd be back, so I am bumping the topic just in case you forgot. If you need more time to get back to me, please let me know, because I'll assume you're inactive otherwise.

If I still haven't heard from you in two days, this topic will be locked, so please get back to me by then.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#10 sandanista

sandanista
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 21 November 2015 - 04:20 AM

Hello,

Sorry for the delay. I ran MBAM and it removed 6 files. FRST initially created 2 log files but when I ran it again it only created 1.

Thanks again.

 

Here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by ME (administrator) on WIN-8RTV1EUU18L (21-11-2015 09:14:39)
Running from C:\Users\ME\Desktop
Loaded Profiles: ME (Available Profiles: ME)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2014-07-14]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3B8D625E-1E37-40F3-AE33-9EBD18F46C96}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{61BE1086-B267-485A-917F-CBFB5AAC616D}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2459536500-2586855991-2858596570-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-28] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-28] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ME\AppData\Roaming\Mozilla\Firefox\Profiles\ge5dxxm8.default-1439843171663
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2459536500-2586855991-2858596570-1000: @citrixonline.com/appdetectorplugin -> C:\Users\ME\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-04] (Citrix Online)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Webpage Screenshot) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-01-05]
CHR Extension: (Google Search) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (ShareMetric) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhnijlahkclijpefbcimahdcgcjbmnnp [2015-10-19]
CHR Extension: (Capture Webpage Screenshot Entirely. FireShot) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-20] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-29] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-05] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-05] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-07] (Ralink) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 09:08 - 2015-11-21 09:09 - 00024913 _____ C:\Users\ME\Desktop\Addition.txt
2015-11-17 09:30 - 2015-11-21 09:14 - 00014589 _____ C:\Users\ME\Desktop\FRST.txt
2015-11-17 08:21 - 2015-10-29 17:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-17 08:21 - 2015-10-29 17:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-17 08:21 - 2015-10-29 17:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-17 08:21 - 2015-10-29 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-17 08:21 - 2015-10-29 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-17 08:21 - 2015-10-29 17:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-17 08:21 - 2015-10-29 17:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-17 08:13 - 2015-11-03 22:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-17 08:13 - 2015-11-03 21:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-17 08:13 - 2015-10-30 23:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-17 08:13 - 2015-10-30 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-17 08:13 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-17 08:13 - 2015-10-30 23:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-17 08:13 - 2015-10-30 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-17 08:13 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-17 08:13 - 2015-10-30 23:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-17 08:13 - 2015-10-30 23:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-17 08:13 - 2015-10-30 23:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-17 08:13 - 2015-10-30 23:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-17 08:13 - 2015-10-30 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-17 08:13 - 2015-10-30 22:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-17 08:13 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-17 08:13 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-17 08:13 - 2015-10-30 22:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-17 08:13 - 2015-10-30 22:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-17 08:13 - 2015-10-30 22:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-17 08:13 - 2015-10-30 22:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-17 08:13 - 2015-10-30 22:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-17 08:13 - 2015-10-30 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-17 08:13 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-17 08:13 - 2015-10-30 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-17 08:13 - 2015-10-30 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-17 08:13 - 2015-10-30 22:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-17 08:13 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-17 08:13 - 2015-10-30 22:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-17 08:13 - 2015-10-30 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-17 08:13 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-17 08:13 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-17 08:13 - 2015-10-30 22:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-17 08:13 - 2015-10-30 22:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-17 08:13 - 2015-10-30 22:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-17 08:13 - 2015-10-30 22:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-17 08:13 - 2015-10-30 22:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-17 08:13 - 2015-10-30 22:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-17 08:13 - 2015-10-30 22:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-17 08:13 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-17 08:13 - 2015-10-30 22:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-17 08:13 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-17 08:13 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-17 08:13 - 2015-10-30 22:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-17 08:13 - 2015-10-30 22:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-17 08:13 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-17 08:13 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-17 08:13 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-17 08:13 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-17 08:13 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-17 08:13 - 2015-10-20 18:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-17 08:13 - 2015-10-20 18:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-17 08:13 - 2015-10-20 18:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-17 08:13 - 2015-10-20 18:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-17 08:13 - 2015-10-20 18:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-17 08:13 - 2015-10-20 18:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-17 08:13 - 2015-10-20 18:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-17 08:13 - 2015-10-20 18:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-17 08:13 - 2015-10-20 18:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-17 08:13 - 2015-10-20 18:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-17 08:13 - 2015-10-20 18:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-17 08:13 - 2015-10-20 17:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-17 08:13 - 2015-10-20 17:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-17 08:13 - 2015-10-20 17:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-17 08:13 - 2015-10-20 17:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-17 08:13 - 2015-10-20 17:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-17 08:12 - 2015-11-03 17:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-17 08:12 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-17 08:12 - 2015-10-30 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-17 08:12 - 2015-10-30 23:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-17 08:12 - 2015-10-30 23:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-17 08:12 - 2015-10-30 23:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-17 08:12 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-17 08:12 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-17 08:12 - 2015-10-30 23:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-17 08:12 - 2015-10-30 23:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-17 08:12 - 2015-10-30 22:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-17 08:12 - 2015-10-30 22:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-17 08:12 - 2015-10-30 22:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-17 08:12 - 2015-10-30 22:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-17 08:12 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-17 08:12 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-17 08:12 - 2015-10-20 01:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-17 08:12 - 2015-10-20 01:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-17 08:12 - 2015-10-20 01:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-17 08:12 - 2015-10-20 01:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-17 08:12 - 2015-10-20 01:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-17 08:12 - 2015-10-20 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-17 08:12 - 2015-10-20 01:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-17 08:12 - 2015-10-20 01:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-17 08:12 - 2015-10-20 01:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-17 08:12 - 2015-10-20 01:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-17 08:12 - 2015-10-20 01:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-17 08:12 - 2015-10-20 01:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-17 08:12 - 2015-10-20 01:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-17 08:12 - 2015-10-20 01:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-17 08:12 - 2015-10-20 01:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-17 08:12 - 2015-10-20 00:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-17 08:12 - 2015-10-20 00:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-17 08:12 - 2015-10-20 00:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-17 08:12 - 2015-10-20 00:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-17 08:12 - 2015-10-20 00:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-17 08:12 - 2015-10-20 00:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-17 08:12 - 2015-10-20 00:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-17 08:12 - 2015-10-20 00:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-17 08:12 - 2015-10-20 00:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-17 08:12 - 2015-10-20 00:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-17 08:12 - 2015-10-20 00:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-17 08:12 - 2015-10-20 00:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-17 08:12 - 2015-10-20 00:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-17 08:12 - 2015-10-20 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-17 08:12 - 2015-10-20 00:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-17 08:12 - 2015-10-20 00:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-17 08:12 - 2015-10-20 00:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-17 08:12 - 2015-10-20 00:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-17 08:12 - 2015-10-20 00:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-17 08:12 - 2015-10-20 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-17 08:12 - 2015-10-20 00:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-17 08:12 - 2015-10-20 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-17 08:12 - 2015-10-20 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-17 08:12 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-17 08:12 - 2015-10-19 23:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-17 08:12 - 2015-10-19 23:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-17 08:12 - 2015-10-19 23:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-17 08:12 - 2015-10-19 23:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-17 08:12 - 2015-10-19 23:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-17 08:12 - 2015-10-19 23:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-17 08:12 - 2015-10-19 23:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-17 08:12 - 2015-10-19 23:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-17 08:12 - 2015-10-19 23:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-17 08:12 - 2015-10-13 16:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-17 08:12 - 2015-10-13 16:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-17 08:12 - 2015-10-13 04:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-17 08:12 - 2015-10-01 18:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-17 08:12 - 2015-10-01 18:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-17 08:12 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-17 08:12 - 2015-09-23 13:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-17 08:12 - 2015-09-23 13:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-17 08:12 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-05 22:30 - 2015-11-05 22:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ME\Desktop\revosetup.exe
2015-11-05 22:30 - 2015-11-05 22:30 - 00001270 _____ C:\Users\ME\Desktop\Revo Uninstaller.lnk
2015-11-05 22:30 - 2015-11-05 22:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-11-05 22:28 - 2015-11-21 09:06 - 02345984 _____ (Farbar) C:\Users\ME\Desktop\FRST64.exe
2015-11-05 22:25 - 2015-11-05 22:25 - 00003117 _____ C:\Users\ME\Desktop\AdwCleaner[S2].txt
2015-11-05 22:19 - 2015-11-06 08:37 - 00000000 ____D C:\AdwCleaner
2015-11-05 21:11 - 2015-11-05 21:12 - 01713664 _____ C:\Users\ME\Downloads\adwcleaner_5.018.exe
2015-11-05 21:11 - 2015-11-05 21:11 - 01713664 _____ C:\Users\ME\Downloads\adwcleaner_5.018 (1).exe
2015-11-05 09:01 - 2015-11-05 09:01 - 00000000 ____D C:\Users\ME\AppData\Local\CEF
2015-11-02 19:42 - 2015-11-02 19:43 - 00000000 ____D C:\Users\ME\Desktop\website images
2015-11-01 20:32 - 2015-11-02 10:02 - 00000835 _____ C:\Users\ME\Desktop\pos supplies.txt
2015-11-01 18:40 - 2015-11-01 18:40 - 00034304 _____ C:\Users\ME\Downloads\04. order form - Educational kit Sect 1, 2 & 3 - ok green.xls
2015-11-01 17:21 - 2015-11-21 09:14 - 00000000 ____D C:\FRST
2015-10-29 10:31 - 2015-10-29 10:31 - 00000132 _____ C:\Users\ME\AppData\Roaming\Adobe PNG Format CS5 Prefs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-21 09:04 - 2009-07-14 04:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-21 09:04 - 2009-07-14 04:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-21 09:00 - 2014-08-06 22:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-21 09:00 - 2014-07-14 20:01 - 02011412 _____ C:\Windows\WindowsUpdate.log
2015-11-21 08:59 - 2014-08-11 11:29 - 00000000 ____D C:\Users\ME\AppData\Local\Adobe
2015-11-21 08:56 - 2009-07-14 05:13 - 00803274 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-21 08:50 - 2014-07-14 12:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-21 08:49 - 2013-10-16 17:24 - 00058125 _____ C:\Windows\setupact.log
2015-11-21 08:49 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-20 22:54 - 2014-07-16 04:10 - 00000000 ____D C:\ProgramData\MFAData
2015-11-20 10:02 - 2014-08-19 08:31 - 00000000 ____D C:\Users\ME\AppData\Roaming\vlc
2015-11-20 09:27 - 2014-09-04 13:01 - 00000532 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2459536500-2586855991-2858596570-1000.job
2015-11-20 09:26 - 2014-07-14 12:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-20 09:24 - 2015-06-05 15:08 - 00000628 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2459536500-2586855991-2858596570-1000.job
2015-11-19 07:10 - 2014-08-06 03:39 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1407296349
2015-11-19 07:10 - 2014-08-06 03:39 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-18 08:58 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-11-18 07:52 - 2009-07-14 04:45 - 00515360 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-18 07:50 - 2010-11-21 03:47 - 00296372 _____ C:\Windows\PFRO.log
2015-11-17 23:37 - 2013-10-15 13:44 - 00000000 ____D C:\Windows\system32\MRT
2015-11-17 23:32 - 2013-10-15 13:44 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-17 23:28 - 2013-10-15 12:34 - 00795396 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-17 23:26 - 2011-04-12 08:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-17 17:08 - 2015-08-26 19:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-17 17:06 - 2015-07-14 22:24 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-11-17 17:05 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\TAPI
2015-11-17 10:01 - 2015-07-14 22:24 - 00003894 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-11-17 10:01 - 2014-08-06 22:01 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-17 10:01 - 2014-08-06 22:01 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-17 10:01 - 2014-08-06 22:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-17 08:59 - 2015-08-26 19:01 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-17 08:59 - 2015-08-26 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-17 08:59 - 2015-08-26 19:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-17 08:34 - 2014-07-14 12:48 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-17 07:54 - 2015-08-02 08:13 - 00000967 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-11-17 07:54 - 2014-07-16 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-05 22:34 - 2014-07-17 05:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-04 07:56 - 2014-07-17 05:43 - 00000000 ____D C:\ProgramData\Adobe
2015-10-31 20:17 - 2015-04-08 21:57 - 00000000 ____D C:\Users\ME\Desktop\True Detective
2015-10-29 10:30 - 2015-03-15 23:44 - 00001456 _____ C:\Users\ME\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-10-28 14:36 - 2014-09-21 20:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 09:29 - 2015-06-05 15:08 - 00003666 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2459536500-2586855991-2858596570-1000
2015-10-27 09:29 - 2014-09-04 13:01 - 00003570 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2459536500-2586855991-2858596570-1000
2015-10-22 10:14 - 2015-03-09 10:20 - 00001789 _____ C:\Users\Public\Desktop\Blue Sky Plan 3.lnk

==================== Files in the root of some directories =======

2015-10-29 10:31 - 2015-10-29 10:31 - 0000132 _____ () C:\Users\ME\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-15 23:44 - 2015-10-29 10:30 - 0001456 _____ () C:\Users\ME\AppData\Local\Adobe Save for Web 12.0 Prefs

Some files in TEMP:
====================
C:\Users\ME\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-17 11:28

==================== End of FRST.txt ============================



#11 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:53 AM

Posted 21 November 2015 - 05:12 AM

Hi,

 

Not a problem. :) Would you mind posting the MBAM log (as detailed in my last post with actual instructions)? I'd like to see what it got rid of.

 

Other than that... congrats! Your computer looks free of malware! :woot:

However, we'll need to clean up the tools we used to make it that way.

  • Download DelFix from here, and save it to your desktop.
  • Double click the file to run it. On the main screen, make sure the following options are checked:
    Remove disinfection tools
    Purge system restore

    Click the Run button after ensuring the above options are selected.
  • Once the program is done running, a log will pop up. Please copy and paste it into your final reply.

Here are some steps to improve how your computer works, and to help you from getting infected again.

Keep all of your software updated. This is especially true for your antivirus. Keeping your software up-to-date is one of the most important steps to keeping malware out of your system. Old versions of many different programs have security vulnerabilities that malware targets to infect your system, whereas many of these would be fixed in updates. In addition to that, outdated definitions for your antivirus (and other security programs) may fail to detect newer malware that has since been added to the database. For new software version updates, I recommend FileHippo App Manager. However, FH doesn't find all updates, so be sure to manually check for updates as well.

Browse safely. Much of the time, malware gets in because the user isn't cautious. Examples of safe browsing include:

  • Don't open emails from people you don't know, especially if it has an attachment. Files (especially those with a .bat, .com, .exe and .scr extension) should never be trusted unless you know for a fact that you can trust the source. You should also be careful with these files even from friends, since their emails might actually be from bots using their addresses.
  • Don't install things that you don't trust. For example, some websites will ask you to install programs in order to use a certain functionality, especially supposed updates to programs such as Flash and Java. If your software is up-to-date, it's probably a fake.
  • In addition to the above, be careful even when installing programs that you recognize. Sometimes, programs will install other software when a user doesn't pay attention, so always make sure to decline offers for programs you don't want or recognize.

Happy surfing! :)

Gunto

 


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#12 sandanista

sandanista
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 21 November 2015 - 06:13 AM

Hello,

Here is the MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/11/2015
Scan Time: 15:25
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.17.04
Rootkit Database: v2015.11.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ME

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337685
Time Elapsed: 10 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.PricePeep, C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Delete-on-Reboot, [1800d4ab1576ca6c5666d7b4c93a0af6],
PUP.Optional.PricePeep, C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Delete-on-Reboot, [cf496c13cbc09e9839835e2d24dfa15f],
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage, Delete-on-Reboot, [2cec047bd4b7fd39fe307338be456898],
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal, Delete-on-Reboot, [8296017ec4c796a045e9674446bd4eb2],
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage, Delete-on-Reboot, [c157aed1b0db41f51d111497e41fc53b],
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal, Delete-on-Reboot, [898faed1692271c555d957545ba8817f],

Physical Sectors: 0
(No malicious items detected)

(end)



#13 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:53 AM

Posted 21 November 2015 - 08:01 PM

Alright then! :)

 

Since your problems seem to be solved, I'm locking this topic. However, if you still need help, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users