Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unsure of infection whole sytem runs slow and hangs


  • Please log in to reply
4 replies to this topic

#1 cardoctorlv31

cardoctorlv31

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 27 November 2015 - 03:39 AM

     Hello im not sure what's wrong , Thinking its something with infection , my whole system has become slow and often hangs .

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-11-2015
Ran by Parent (administrator) on HOPE (27-11-2015 00:17:35)
Running from C:\Users\Parent\Downloads
Loaded Profiles: Parent (Available Profiles: Parent)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_19_0_0_226_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1154962001-1373766814-1045438300-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-1154962001-1373766814-1045438300-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
BootExecute: autocheck autochk /p \??\C:autocheck autochk *
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.231.185.118
Tcpip\..\Interfaces\{2DC9E094-2ECD-4EEA-81A0-58D399CC3F32}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5BA881CB-0196-411D-A518-D1D2E51298C9}: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{7DBC7264-B2ED-4417-9CE0-F61D051F3ACE}: [DhcpNameServer] 10.231.185.118

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1154962001-1373766814-1045438300-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1154962001-1373766814-1045438300-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002 -> {A5016194-73F9-4D74-BFF8-5C1D3B77C9BA} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-03] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-15] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-15] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0065-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\3l11deg1.default-1424486833758
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-02-21] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1154962001-1373766814-1045438300-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Parent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1154962001-1373766814-1045438300-1002: @talk.google.com/O1DPlugin -> C:\Users\Parent\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1154962001-1373766814-1045438300-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1154962001-1373766814-1045438300-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-11] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2010-11-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-03-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Parent\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Parent\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\3l11deg1.default-1424486833758\searchplugins\live-search.xml [2015-09-12]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfgalpdacmnhaikecnllfdpogahilkm [2015-02-12]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Rpcnet; C:\Windows\System32\rpcnet.exe [78032 2015-04-17] (Absolute Software Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 afcmx86; C:\Windows\system32\drivers\afcmx86.sys [25144 2010-03-23] (Advanced Micro Devices)
S3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [70272 2011-03-18] (Advanced Micro Devices, INC.)
S3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [149632 2011-03-18] (Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [66688 2011-04-16] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [33408 2011-04-16] (Advanced Micro Devices)
R3 eapihdrv; C:\Users\Parent\AppData\Local\Temp\ehdrv.sys [135760 2015-11-26] (ESET)
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 MfeAVFK; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-01-13] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-12-15] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-01-13] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-12-15] (McAfee, Inc.)
R0 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55304 2009-12-15] (McAfee, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [16472 2009-09-28] ()
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [376832 2009-11-18] (NETGEAR Inc.                           )
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [982632 2011-06-15] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1334856 2013-05-02] (Realtek Semiconductor Corporation                           )
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2015-11-16] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-27 00:17 - 2015-11-27 00:18 - 00013000 _____ C:\Users\Parent\Downloads\FRST.txt
2015-11-27 00:16 - 2015-11-27 00:17 - 00000000 ____D C:\FRST
2015-11-27 00:15 - 2015-11-27 00:15 - 01719808 _____ (Farbar) C:\Users\Parent\Downloads\FRST.exe
2015-11-26 23:56 - 2015-11-26 23:56 - 00000000 ____D C:\Program Files\ESET
2015-11-26 23:48 - 2015-11-26 23:48 - 00001836 _____ C:\Users\Parent\Documents\startup.txt
2015-11-26 22:16 - 2015-11-26 22:16 - 00001072 _____ C:\Users\Parent\Desktop\Linksys Smart Wi-Fi.lnk
2015-11-26 22:16 - 2015-11-26 22:16 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Linksys Smart Wi-Fi.lnk
2015-11-26 22:16 - 2015-11-26 22:16 - 00000223 _____ C:\Users\Parent\Desktop\Linksys Smart Wi-Fi.txt
2015-11-26 22:07 - 2015-11-26 22:41 - 20775200 _____ (Belkin International, Inc.) C:\Users\Parent\Downloads\EA3500.2.0.14294.0-Setup.exe
2015-11-26 22:07 - 2015-11-26 22:16 - 00000000 ____D C:\ProgramData\Linksys
2015-11-26 22:06 - 2015-11-26 22:06 - 19560830 _____ C:\Users\Parent\Downloads\FW_EA3500_1.1.40.162464_prod.zip
2015-11-26 22:06 - 2015-11-26 22:06 - 00000000 ____D C:\Users\Parent\Desktop\FW_EA3500_1.1.40.162464_prod
2015-11-25 12:55 - 2015-11-25 12:56 - 00000000 ____D C:\Program Files\REALTEK PCIE Wireless LAN Driver
2015-11-25 12:55 - 2013-05-02 10:46 - 01334856 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
2015-11-25 12:55 - 2013-01-30 11:41 - 00430080 _____ (Realtek) C:\Windows\SwUSB.exe
2015-11-25 12:55 - 2012-12-14 15:54 - 00036864 _____ () C:\Windows\runSW.exe
2015-11-25 12:55 - 2012-02-14 19:37 - 00535040 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2015-11-25 12:54 - 2015-11-25 12:54 - 00000000 ____D C:\Users\Parent\Desktop\0001-RTLWlanE_WindowsDriver_2007.12.0419.2013
2015-11-25 12:53 - 2015-11-25 12:53 - 01193113 _____ C:\Users\Parent\Downloads\0001-v14114-OmniPeek_CE_DE.zip
2015-11-25 12:53 - 2015-11-25 12:53 - 00000000 ____D C:\Users\Parent\Desktop\0001-v14114-OmniPeek_CE_DE
2015-11-25 12:52 - 2015-11-25 12:53 - 38531603 _____ C:\Users\Parent\Downloads\0001-RTLWlanE_WindowsDriver_2007.12.0419.2013.zip
2015-11-22 20:24 - 2015-11-22 20:26 - 00057814 _____ C:\Windows\ntbtlog.txt
2015-11-22 19:43 - 2015-11-22 19:44 - 00000000 ____D C:\Users\Parent\Desktop\MOIPro-V1.0.0.8
2015-11-22 19:37 - 2015-11-22 19:38 - 00000000 ____D C:\Users\Parent\Desktop\MicroBoxAioNew_V3.0.1.4_FINAL
2015-11-22 19:34 - 2015-11-22 19:37 - 70132596 _____ C:\Users\Parent\Downloads\MicroBoxAioNew_V3.0.1.4_FINAL.rar
2015-11-22 19:31 - 2015-11-22 19:31 - 00000000 ____D C:\Users\Parent\Desktop\MicroBoxImei_V1.0.1.5_FINAL
2015-11-22 19:30 - 2015-11-22 19:30 - 04138754 _____ C:\Users\Parent\Downloads\MicroBoxImei_V1.0.1.5_FINAL.rar
2015-11-22 13:35 - 2015-11-22 13:35 - 00000000 ____D C:\Users\Parent\AppData\Roaming\iFunbox_UserCache
2015-11-22 13:34 - 2015-11-22 13:34 - 03933749 _____ C:\Users\Parent\Downloads\ifunbox_classic.zip
2015-11-22 13:34 - 2015-11-22 13:34 - 00000000 ____D C:\Users\Parent\Desktop\ifunbox_classic
2015-11-22 11:52 - 2015-11-22 11:52 - 00017287 _____ C:\Users\Parent\Documents\new.mobileconfig
2015-11-22 11:47 - 2015-11-22 11:47 - 01510960 _____ (Disc Soft Ltd.) C:\Users\Parent\Downloads\DTUltraInstaller1.0.exe
2015-11-22 09:54 - 2015-03-21 15:51 - 00004698 _____ C:\Users\Parent\Documents\Unlock Engineering Profile.mobileconfig
2015-11-22 09:51 - 2015-11-22 11:58 - 00001332 _____ C:\Users\Parent\Documents\iPhone.deviceinfo
2015-11-22 09:41 - 2015-11-22 09:41 - 00000000 ____D C:\Users\Parent\AppData\Local\Apple_Inc
2015-11-22 09:40 - 2015-11-22 09:40 - 00000000 ____D C:\Users\Parent\Desktop\iPhone_Unlock.mobileconfig
2015-11-22 09:39 - 2015-11-22 19:46 - 00028677 _____ C:\Users\Parent\Downloads\iPhone_Unlock.mobileconfig.zip
2015-11-22 09:32 - 2015-11-22 09:35 - 45546424 _____ (Apple Inc.) C:\Users\Parent\Downloads\iPhoneConfigUtilitySetup.exe
2015-11-21 22:42 - 2015-11-23 02:02 - 00000734 _____ C:\Users\Parent\Desktop\limera1n - Shortcut.lnk
2015-11-21 21:58 - 2015-11-21 21:58 - 00000000 ____D C:\Users\Parent\Desktop\New folder (4)
2015-11-21 21:40 - 2015-11-21 22:05 - 00325120 _____ C:\Users\Parent\Downloads\limera1n.exe
2015-11-21 21:10 - 2015-11-21 21:10 - 00452317 _____ C:\Users\Parent\Downloads\iCloudUnlock_0.1.1 (2).rar
2015-11-21 21:08 - 2015-11-21 21:08 - 00452317 _____ C:\Users\Parent\Downloads\iCloudUnlock_0.1.1.rar
2015-11-21 21:08 - 2015-11-21 21:08 - 00452317 _____ C:\Users\Parent\Downloads\iCloudUnlock_0.1.1 (1).rar
2015-11-21 19:56 - 2015-11-22 19:47 - 13955500 _____ C:\Users\Parent\Downloads\iphoneanalyzer.fat.gui-2.1.0.jar
2015-11-20 18:41 - 2015-11-20 18:41 - 00000005 _____ C:\Users\Parent\Documents\iphone model #.txt
2015-11-20 16:34 - 2009-05-18 13:17 - 00026600 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-11-20 16:34 - 2008-04-17 12:12 - 00107368 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi.dll
2015-11-20 16:33 - 2015-11-20 16:34 - 00000000 ____D C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2015-11-20 16:26 - 2015-11-20 16:36 - 81496432 _____ (Apple Inc.) C:\Users\Parent\Downloads\iTunesSetup104.exe
2015-11-20 16:21 - 2015-11-20 16:28 - 74840872 _____ (Apple Inc.) C:\Users\Parent\Downloads\iTunesSetup10.exe
2015-11-18 11:02 - 2015-11-18 11:02 - 00000019 _____ C:\Users\Parent\Documents\iphone ver.txt
2015-11-18 10:19 - 2015-11-18 10:19 - 00000000 ____D C:\Users\Parent\Desktop\TaiGJBreak_EN_2430
2015-11-18 10:16 - 2015-11-18 10:19 - 70697202 _____ C:\Users\Parent\Downloads\TaiGJBreak_EN_2430.zip
2015-11-18 10:14 - 2015-11-18 10:14 - 00000000 ____D C:\Users\Parent\Desktop\TaiGJBreak_EN_2410
2015-11-18 10:14 - 2015-11-18 10:14 - 00000000 ____D C:\Users\Parent\AppData\Roaming\TaiG
2015-11-18 10:11 - 2015-11-18 10:13 - 70648762 _____ C:\Users\Parent\Downloads\TaiGJBreak_EN_2410.zip
2015-11-18 09:15 - 2015-11-18 09:29 - 35796928 _____ C:\Users\Parent\Downloads\Pangu_v1.2.1 (3).exe
2015-11-17 03:20 - 2015-11-17 03:20 - 00000018 _____ C:\Users\Parent\Documents\movie yo look.txt
2015-11-17 01:47 - 2015-11-17 01:47 - 35796928 _____ C:\Users\Parent\Downloads\Pangu_v1.2.1 (2).exe
2015-11-16 23:43 - 2015-11-17 00:34 - 252315221 _____ C:\Users\Parent\Downloads\MOIPro-V1.0.0.8.zip
2015-11-16 18:13 - 2015-11-16 18:13 - 00000513 _____ C:\Users\Parent\Downloads\iCloud Bypass Tool (1).rar
2015-11-16 18:10 - 2015-11-16 18:10 - 00000513 _____ C:\Users\Parent\Downloads\iCloud Bypass Tool.rar
2015-11-16 18:10 - 2015-11-16 18:10 - 00000000 ____D C:\Users\Parent\Desktop\iCloud Bypass Tool
2015-11-16 16:48 - 2015-11-16 16:48 - 00000000 ____D C:\Users\Parent\Desktop\iREB-r7
2015-11-16 16:47 - 2015-11-16 16:47 - 00408541 _____ C:\Users\Parent\Downloads\iREB-r7.zip
2015-11-16 16:42 - 2015-11-16 16:42 - 00000000 ____D C:\Users\Parent\.tu
2015-11-16 16:36 - 2015-11-16 16:39 - 29817344 _____ () C:\Users\Parent\Downloads\tinyumbrella_windows_8_2_0_60.exe
2015-11-16 16:29 - 2015-11-16 16:32 - 23292692 _____ C:\Users\Parent\Downloads\sn0wbreeze-v2.9.14.zip
2015-11-16 16:17 - 2015-11-16 16:18 - 00000000 ____D C:\Users\Parent\Desktop\absinthe-win-2.0.4 (2)
2015-11-16 15:28 - 2015-11-16 15:31 - 928308786 _____ C:\Users\Parent\Desktop\00000141B104FD2C_iFaith_iPhone_4-6.1.3_(10B329)_signed.ipsw
2015-11-16 13:57 - 2015-11-16 13:57 - 00000000 ____D C:\Users\Parent\Desktop\New folder (3)
2015-11-16 12:50 - 2015-11-23 02:02 - 00001958 _____ C:\Users\Parent\Desktop\Gmail.lnk
2015-11-16 12:45 - 2015-11-16 12:45 - 00000187 _____ C:\Users\Parent\AppData\Local\Istexon.exe.config
2015-11-16 12:41 - 2015-11-16 12:41 - 00026624 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-11-16 12:39 - 2015-11-20 15:46 - 00000000 _____ C:\Windows\system32\outputfilePath
2015-11-16 12:38 - 2015-11-16 12:38 - 00000000 ____D C:\Program Files\JZIP
2015-11-16 12:37 - 2015-11-16 12:37 - 00000000 ____D C:\Users\Parent\AppData\Local\CEF
2015-11-15 15:41 - 2015-11-15 15:41 - 00000013 _____ C:\Users\Parent\.pluto.tv
2015-11-15 15:25 - 2015-11-23 02:02 - 00001784 _____ C:\Users\Public\Desktop\PlutoTV.lnk
2015-11-15 15:25 - 2015-11-15 20:30 - 00000000 ____D C:\Users\Parent\AppData\Local\PlutoTV
2015-11-15 15:25 - 2015-11-15 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pluto TV
2015-11-15 15:25 - 2015-11-15 15:25 - 00000000 ____D C:\Program Files\Pluto TV
2015-11-15 15:10 - 2015-11-15 15:17 - 72500800 _____ (Pluto TV ) C:\Users\Parent\Downloads\PlutoTVSetup.exe
2015-11-15 14:43 - 2015-11-15 14:43 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-15 14:42 - 2015-11-15 14:42 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-11-15 14:42 - 2015-11-15 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-15 14:37 - 2015-11-15 14:38 - 00584288 _____ (Oracle Corporation) C:\Users\Parent\Downloads\JavaSetup8u65.exe
2015-11-14 23:18 - 2015-11-14 23:18 - 00000000 ____D C:\Users\Parent\.oracle_jre_usage
2015-11-14 23:17 - 2015-11-15 14:43 - 00000000 ____D C:\ProgramData\Oracle
2015-11-14 23:17 - 2015-11-14 23:17 - 00000000 ____D C:\Users\Parent\AppData\LocalLow\Oracle
2015-11-14 21:36 - 2015-11-26 16:42 - 00000071 __RSH C:\ProgramData\3002.xml
2015-11-14 21:36 - 2015-11-14 21:36 - 00031328 __RSH C:\ProgramData\3002.abs
2015-11-14 21:36 - 2015-11-14 21:36 - 00015568 __RSH C:\ProgramData\3029.abs
2015-11-13 19:22 - 2015-11-13 19:22 - 00016858 _____ C:\ComboFix.txt
2015-11-13 16:56 - 2015-11-13 16:56 - 00000086 _____ C:\Users\Parent\Documents\advanced system.txt
2015-11-13 16:47 - 2015-11-13 16:47 - 01729536 _____ C:\Users\Parent\Downloads\AdwCleaner (1).exe
2015-11-13 10:16 - 2015-11-13 10:22 - 83434432 _____ C:\Users\Parent\Downloads\Pangu_v1.0.exe
2015-11-13 10:15 - 2015-11-13 10:19 - 35796928 _____ C:\Users\Parent\Downloads\Pangu_v1.2.1 (1).exe
2015-11-13 08:03 - 2015-11-13 11:10 - 00000000 ____D C:\Users\Parent\Desktop\New folder (2)
2015-11-13 07:42 - 2015-11-13 07:42 - 04984425 _____ C:\Users\Parent\Downloads\ifaith-v1.5.9.zip
2015-11-13 07:42 - 2015-11-13 07:42 - 00000000 ____D C:\Users\Parent\Desktop\ifaith-v1.5.9
2015-11-13 00:57 - 2015-11-13 00:57 - 00252939 _____ C:\Users\Parent\Desktop\spoof.xps
2015-11-12 16:20 - 2015-11-03 09:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 09:43 - 2015-11-17 18:38 - 00002563 _____ C:\Users\Parent\Documents\2hands.txt
2015-11-11 14:28 - 2015-11-18 09:36 - 00000000 ____D C:\Users\Parent\AppData\Local\pangu
2015-11-11 14:25 - 2015-11-18 09:51 - 00000000 ____D C:\Users\Parent\Desktop\taig2
2015-11-11 14:25 - 2015-11-13 11:25 - 35796928 _____ C:\Users\Parent\Downloads\Pangu_v1.2.1.exe
2015-11-11 14:25 - 2015-11-11 14:25 - 00000000 ____D C:\win-data
2015-11-11 14:19 - 2015-11-11 14:24 - 73242855 _____ C:\Users\Parent\Downloads\taig2.zip
2015-11-10 20:47 - 2015-11-10 20:48 - 00000000 ____D C:\Users\Parent\AppData\Local\libimobiledevice
2015-11-10 19:24 - 2015-11-10 19:30 - 00000000 ____D C:\Users\Parent\Desktop\iPhone4,1_9.0_13A344_Restore
2015-11-10 17:29 - 2015-11-10 18:37 - 1576112602 _____ C:\Users\Parent\Downloads\iPhone4,1_9.0_13A344_Restore.zip
2015-11-10 16:19 - 2015-11-22 12:57 - 00000600 _____ C:\Users\Parent\AppData\Local\PUTTY.RND
2015-11-10 14:29 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-10 14:29 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 14:29 - 2015-10-19 16:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 14:29 - 2015-10-19 16:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-10 14:29 - 2015-10-19 16:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-10 14:29 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-10 14:29 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-10 14:29 - 2015-10-19 16:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-10 14:29 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-10 14:29 - 2015-10-19 16:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-10 14:29 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-10 14:29 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-10 14:29 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-10 14:29 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-10 14:29 - 2015-10-19 15:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-10 14:29 - 2015-10-19 15:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 14:29 - 2015-10-19 15:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 14:29 - 2015-10-13 08:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 14:29 - 2015-10-13 08:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 14:28 - 2015-11-03 13:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-10 14:28 - 2015-10-30 14:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 14:28 - 2015-10-30 14:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-10 14:28 - 2015-10-30 14:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 14:28 - 2015-10-30 14:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 14:28 - 2015-10-30 14:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-10 14:28 - 2015-10-30 14:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 14:28 - 2015-10-30 14:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-10 14:28 - 2015-10-30 14:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-10 14:28 - 2015-10-30 14:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 14:28 - 2015-10-30 14:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-10 14:28 - 2015-10-30 14:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 14:28 - 2015-10-30 14:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 14:28 - 2015-10-30 14:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-10 14:28 - 2015-10-30 14:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-10 14:28 - 2015-10-30 14:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-10 14:28 - 2015-10-30 14:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-10 14:28 - 2015-10-30 14:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 14:28 - 2015-10-30 14:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-10 14:28 - 2015-10-30 14:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-10 14:28 - 2015-10-30 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 14:28 - 2015-10-30 14:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 14:28 - 2015-10-30 14:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-10 14:28 - 2015-10-30 14:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 14:28 - 2015-10-30 14:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-10 14:28 - 2015-10-30 14:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 14:28 - 2015-10-30 14:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 14:28 - 2015-10-30 14:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 14:28 - 2015-10-30 14:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-10 14:28 - 2015-10-30 14:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 14:28 - 2015-10-30 13:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 14:28 - 2015-10-30 13:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 14:28 - 2015-10-30 13:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-10 14:27 - 2015-10-30 14:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 14:27 - 2015-10-20 09:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 14:27 - 2015-10-20 09:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 14:27 - 2015-10-20 09:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 14:27 - 2015-10-20 09:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 14:27 - 2015-10-20 09:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 14:27 - 2015-10-20 09:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-10 14:27 - 2015-10-20 09:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-10 14:27 - 2015-10-20 09:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 14:27 - 2015-10-20 09:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-10 14:27 - 2015-10-20 09:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 14:27 - 2015-10-20 09:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-10 14:27 - 2015-10-12 20:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-10 14:27 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-10 14:27 - 2015-09-23 05:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 14:27 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 01:45 - 2015-11-10 01:45 - 00348160 _____ C:\Windows\system32\config\default.rhk
2015-11-10 01:45 - 2015-11-10 01:45 - 00057344 _____ C:\Windows\system32\config\sam.rhk
2015-11-10 01:45 - 2015-11-10 01:45 - 00028672 _____ C:\Windows\system32\config\security.rhk
2015-11-10 01:42 - 2015-11-10 01:45 - 48406528 _____ C:\Windows\system32\config\software.rhk
2015-11-10 00:23 - 2015-11-10 00:23 - 00000000 ____D C:\Users\Parent\Desktop\redsn0w_win_0.9.15b3
2015-11-10 00:21 - 2015-11-10 00:23 - 17279732 _____ C:\Users\Parent\Downloads\redsn0w_win_0.9.15b3.zip
2015-11-09 23:07 - 2015-11-09 23:10 - 00000000 ____D C:\Users\Parent\Desktop\absinthe-win-2.0.4 (1)
2015-11-09 23:05 - 2015-11-09 23:07 - 05387407 _____ C:\Users\Parent\Downloads\absinthe-win-2.0.4 (1).zip
2015-11-09 23:05 - 2015-11-09 23:05 - 05387407 _____ C:\Users\Parent\Downloads\absinthe-win-2.0.4.zip
2015-11-09 23:05 - 2015-11-09 23:05 - 05387407 _____ C:\Users\Parent\Downloads\absinthe-win-2.0.4 (3).zip
2015-11-09 23:05 - 2015-11-09 23:05 - 05387407 _____ C:\Users\Parent\Downloads\absinthe-win-2.0.4 (2).zip
2015-11-09 19:20 - 2015-11-09 19:21 - 00000000 ____D C:\Users\Parent\Desktop\iPhone2,1_5.0.1_9A405_Restore
2015-11-09 18:54 - 2015-11-09 19:14 - 718181968 _____ C:\Users\Parent\Downloads\iPhone2,1_5.0.1_9A405_Restore.zip
2015-11-09 18:40 - 2012-01-26 14:26 - 00000189 _____ C:\disabled.fix
2015-11-09 18:32 - 2015-11-09 18:33 - 00000000 ____D C:\Users\Parent\Desktop\iPhone3,3_5.0_9A334_Restore
2015-11-09 17:57 - 2015-11-09 18:31 - 819821067 _____ C:\Users\Parent\Downloads\iPhone3,3_5.0_9A334_Restore.zip
2015-11-09 17:22 - 2015-11-22 13:43 - 00000000 ____D C:\Users\Parent\AppData\Roaming\redsn0w
2015-11-09 17:21 - 2015-11-09 17:21 - 00000000 ____D C:\Users\Parent\Desktop\Gecko iPhone Toolkit
2015-11-09 17:10 - 2015-11-09 17:20 - 54441567 _____ C:\Users\Parent\Downloads\Gecko iPhone Toolkit.zip
2015-11-09 11:53 - 2015-11-09 11:54 - 00680049 _____ C:\repository.o9r1sh-1.3.zip
2015-11-09 11:26 - 2015-11-23 02:02 - 00001143 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2015-11-09 11:26 - 2015-11-09 11:40 - 00000000 ____D C:\Users\Parent\AppData\Roaming\Wise Registry Cleaner
2015-11-09 11:26 - 2015-11-09 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-11-09 11:26 - 2015-11-09 11:26 - 00000000 ____D C:\Program Files\Wise
2015-11-09 11:25 - 2015-11-09 11:25 - 02643824 _____ (WiseCleaner.com ) C:\Users\Parent\Downloads\WRCFree.exe
2015-11-05 21:29 - 2015-11-05 21:29 - 00000000 ____D C:\$SysReset
2015-11-05 19:28 - 2015-11-23 02:02 - 00002240 _____ C:\Users\Parent\Desktop\HP Support Assistant.lnk
2015-11-05 19:28 - 2015-11-05 19:34 - 167961429 _____ (Hewlett-Packard ) C:\Users\Parent\Downloads\sp54988 (1).exe
2015-11-05 19:22 - 2015-11-05 19:23 - 03774136 _____ (Oleg N. Scherbakov) C:\Users\Parent\Downloads\HPSupportSolutionsFramework-12.0.30.81.exe
2015-11-05 19:22 - 2015-11-05 19:23 - 03774136 _____ (Oleg N. Scherbakov) C:\Users\Parent\Downloads\HPSupportSolutionsFramework-12.0.30.81 (1).exe
2015-11-05 15:49 - 2015-11-05 15:49 - 00000000 _SHDL C:\Users\Parent\Documents\My Videos
2015-11-05 15:49 - 2015-11-05 15:49 - 00000000 _SHDL C:\Users\Parent\Documents\My Pictures
2015-11-05 15:49 - 2015-11-05 15:49 - 00000000 _SHDL C:\Users\Parent\Documents\My Music
2015-11-05 15:43 - 2015-11-05 15:43 - 00000000 ____D C:\AMD
2015-11-05 15:11 - 2015-11-05 15:11 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-11-05 13:28 - 2015-11-05 22:00 - 00000000 ____D C:\$Windows.~BT
2015-11-05 13:04 - 2015-11-23 02:02 - 00002507 _____ C:\Users\Parent\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-11-05 13:04 - 2015-11-05 21:35 - 00000000 ____D C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-11-05 13:04 - 2015-11-05 13:06 - 00000000 ____D C:\Users\Parent\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-11-05 13:03 - 2015-11-05 13:03 - 02721168 _____ (Microsoft Corporation) C:\Users\Parent\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2015-11-05 12:10 - 2015-11-05 12:14 - 2675703808 _____ C:\Users\Parent\Documents\Windows 10.iso
2015-11-05 12:03 - 2015-11-05 12:03 - 00330115 _____ C:\Users\Parent\Desktop\amp.xps
2015-11-05 11:00 - 2015-11-05 11:00 - 00000000 ____D C:\$Windows.~WS
2015-11-05 10:58 - 2015-11-05 11:00 - 18277680 _____ (Microsoft Corporation) C:\Users\Parent\Downloads\MediaCreationTool.exe
2015-11-04 17:25 - 2015-11-23 02:02 - 00000987 _____ C:\Users\Parent\Desktop\PeerBlock.lnk
2015-11-04 17:25 - 2015-11-05 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2015-11-04 17:25 - 2015-11-05 00:15 - 00000000 ____D C:\Program Files\PeerBlock
2015-11-04 17:24 - 2015-11-04 17:24 - 01954640 _____ (PeerBlock, LLC ) C:\Users\Parent\Downloads\PeerBlock-Setup_v1.0.0.r181.exe
2015-11-02 15:41 - 2015-11-05 21:35 - 00000000 ____D C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2015-10-29 14:27 - 2015-10-29 14:27 - 01171056 _____ (Alcpu ) C:\Users\Parent\Downloads\Core-Temp-setup.exe
2015-10-29 14:09 - 2015-10-29 14:09 - 00000000 _____ C:\Users\Parent\Downloads\C  Program Files Pidgin plugins buddynote.dll.ini
2015-10-29 12:04 - 2015-10-29 12:04 - 01700778 _____ C:\Users\Parent\Downloads\maclist.txt
2015-10-29 11:54 - 2015-10-29 12:04 - 03268037 _____ C:\Users\Parent\Downloads\maclist.raw
2015-10-29 11:53 - 2015-10-29 14:10 - 00000000 _____ C:\Users\Parent\Downloads\dkc.ini
2015-10-28 21:00 - 2015-10-28 21:00 - 00277754 _____ C:\Users\Parent\Desktop\chevy 305 100$.xps
2015-10-28 19:59 - 2015-10-28 19:59 - 00771584 _____ (kap holger lembke) C:\Users\Parent\Downloads\dkc.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-27 00:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows
2015-11-26 23:56 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-11-26 23:38 - 2015-10-14 22:11 - 00000000 ____D C:\Program Files\CCleaner
2015-11-26 22:49 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system32\NDF
2015-11-26 22:12 - 2010-11-20 13:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-26 22:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2015-11-26 18:49 - 2014-10-19 11:57 - 00000000 ____D C:\Users\Parent\AppData\Roaming\Kodi
2015-11-26 16:40 - 2014-10-18 22:07 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2015-11-26 01:31 - 2009-07-13 20:34 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-26 01:31 - 2009-07-13 20:34 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-26 01:23 - 2012-05-21 19:21 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-11-26 01:23 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-25 12:55 - 2012-03-05 17:29 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-25 02:08 - 2014-11-08 10:08 - 00003781 _____ C:\Users\Parent\.swfinfo
2015-11-25 01:41 - 2012-05-17 13:38 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-25 01:41 - 2012-05-17 13:38 - 00000000 ____D C:\Program Files\QuickTime
2015-11-25 01:39 - 2014-12-03 00:56 - 00000000 ____D C:\Windows\WindowsMobile
2015-11-25 01:37 - 2011-05-11 12:28 - 00000000 ____D C:\ProgramData\Apple
2015-11-25 01:32 - 2015-03-27 03:01 - 00007599 _____ C:\Users\Parent\AppData\Local\Resmon.ResmonCfg
2015-11-23 02:02 - 2015-10-21 23:27 - 00000901 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2015-11-23 02:02 - 2015-10-20 15:08 - 00001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rays browser.lnk
2015-11-23 02:02 - 2015-10-20 15:08 - 00001024 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2015-11-23 02:02 - 2015-10-20 14:50 - 00001110 _____ C:\Users\Parent\Desktop\Continue Safari Installation.lnk
2015-11-23 02:02 - 2015-10-14 22:11 - 00000923 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-23 02:02 - 2015-09-20 05:20 - 00001018 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-23 02:02 - 2015-07-16 22:55 - 00001925 _____ C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2015-11-23 02:02 - 2015-07-03 19:03 - 00002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
2015-11-23 02:02 - 2015-04-16 06:05 - 00002659 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2015-11-23 02:02 - 2015-03-18 00:09 - 00002096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.0.lnk
2015-11-23 02:02 - 2015-03-18 00:09 - 00002090 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk
2015-11-23 02:02 - 2014-12-29 02:49 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-23 02:02 - 2014-12-10 09:46 - 00001063 _____ C:\Users\Public\Desktop\youyoyyoykihy.lnk
2015-11-23 02:02 - 2012-04-19 20:53 - 00001879 _____ C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Start Menu\Welcome.lnk
2015-11-23 02:02 - 2012-04-19 18:59 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-11-23 02:02 - 2011-07-05 10:48 - 00001375 _____ C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-23 02:02 - 2011-07-05 10:48 - 00001360 _____ C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nvu.lnk
2015-11-23 02:02 - 2011-05-11 13:52 - 00001861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-11-23 02:02 - 2011-05-11 12:33 - 00001379 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
2015-11-23 02:02 - 2011-02-10 11:24 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-11-23 02:02 - 2009-07-13 20:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-11-22 21:29 - 2014-10-18 22:08 - 00017920 _____ C:\Windows\system32\rpcnetp.dll
2015-11-22 21:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\schemas
2015-11-22 20:26 - 2015-09-20 05:20 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-22 09:41 - 2012-03-05 15:18 - 00000000 ____D C:\Users\Parent\AppData\Local\Apple Computer
2015-11-20 20:19 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Offline Web Pages
2015-11-20 15:24 - 2014-11-16 03:26 - 00000000 ____D C:\Users\Parent\AppData\Local\Yahoo
2015-11-20 15:24 - 2014-11-16 03:24 - 00000000 ____D C:\Program Files\Yahoo!
2015-11-18 10:34 - 2014-12-07 04:07 - 00000000 ____D C:\Users\Parent\Desktop\HSPL4
2015-11-18 10:23 - 2014-12-26 18:22 - 00000000 ____D C:\Users\Parent\Desktop\TyphooN_CM7_v3.9.0-MAGLDR
2015-11-17 10:09 - 2011-05-04 18:09 - 00000000 ____D C:\Windows\Downloaded Installations
2015-11-16 16:42 - 2011-07-05 10:48 - 00000000 ____D C:\Users\Parent
2015-11-16 16:06 - 2012-03-05 15:40 - 00000000 ____D C:\Users\Parent\AppData\Roaming\Apple Computer
2015-11-15 14:42 - 2011-05-11 12:23 - 00000000 ____D C:\Program Files\Java
2015-11-14 23:46 - 2009-07-13 18:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-14 23:17 - 2015-09-21 15:37 - 00278624 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-11-13 19:22 - 2015-02-13 09:24 - 00000000 ____D C:\Qoobox
2015-11-13 19:17 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini
2015-11-13 18:47 - 2015-02-13 09:23 - 05638248 _____ (Swearware) C:\Users\Parent\Downloads\ComboFix.exe
2015-11-13 16:57 - 2014-12-28 05:30 - 00000000 ____D C:\AdwCleaner
2015-11-13 05:03 - 2009-07-13 20:33 - 00448096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 20:42 - 2015-02-10 14:21 - 00000000 ____D C:\Users\Parent\AppData\Roaming\vlc
2015-11-10 14:37 - 2014-11-11 17:59 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154962001-1373766814-1045438300-1002UA.job
2015-11-10 01:02 - 2014-11-11 17:59 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154962001-1373766814-1045438300-1002Core.job
2015-11-09 13:11 - 2009-07-13 20:53 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-09 11:07 - 2015-03-30 02:49 - 00000000 ___HD C:\Program Files\Temp
2015-11-09 11:00 - 2011-07-05 10:48 - 00000000 ____D C:\Users\Parent\AppData\Local\Google
2015-11-08 00:37 - 2012-04-24 17:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-08 00:37 - 2012-03-05 18:48 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-08 00:37 - 2012-03-05 18:34 - 00000000 ____D C:\Users\Parent\AppData\Local\Adobe
2015-11-06 15:59 - 2015-03-04 07:12 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-05 22:00 - 2011-02-10 11:19 - 00000000 ____D C:\Windows\Panther
2015-11-05 21:35 - 2015-10-14 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-05 21:35 - 2015-09-20 05:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-05 21:35 - 2015-07-16 22:55 - 00000000 ____D C:\Windows\system32\STRING
2015-11-05 21:35 - 2014-12-03 10:19 - 00000000 ____D C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-05 21:35 - 2014-12-03 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-05 21:35 - 2012-03-05 16:15 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Office
2015-11-05 21:35 - 2011-05-11 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-11-05 21:35 - 2011-05-11 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-11-05 21:35 - 2011-05-11 12:23 - 00000000 ____D C:\Windows\system32\Adobe
2015-11-05 21:35 - 2011-05-10 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ 9.0 Express Edition
2015-11-05 21:35 - 2011-05-04 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2015-11-05 21:35 - 2011-05-04 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
2015-11-05 21:35 - 2011-05-04 18:08 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-11-05 21:35 - 2011-05-04 18:05 - 00000000 ____D C:\Program Files\Realtek
2015-11-05 21:35 - 2010-11-20 16:46 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-05 21:35 - 2009-07-13 18:37 - 00000000 __RSD C:\Windows\Media
2015-11-05 21:35 - 2009-07-13 18:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-11-05 21:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Resources
2015-11-05 21:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\LiveKernelReports
2015-11-05 21:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\IME
2015-11-05 21:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Help
2015-11-05 21:35 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-05 19:27 - 2011-05-04 18:09 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-05 16:15 - 2014-10-27 04:57 - 00010449 _____ C:\Windows\diagerr.xml
2015-11-05 16:15 - 2014-10-27 04:57 - 00009528 _____ C:\Windows\diagwrn.xml
2015-11-05 16:14 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2015-11-05 16:03 - 2014-10-18 22:08 - 00000000 ____D C:\Users\Default\Desktop\Computer Safety Tips
2015-11-05 16:03 - 2014-10-18 22:08 - 00000000 ____D C:\Users\Default User\Desktop\Computer Safety Tips
2015-11-05 16:03 - 2011-07-05 10:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\TeamViewer
2015-11-05 16:03 - 2011-07-05 10:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\Nvu
2015-11-05 16:03 - 2011-07-05 10:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defraggler
2015-11-05 16:03 - 2011-07-05 10:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\hpqLog
2015-11-05 16:03 - 2011-07-05 10:46 - 00000000 ____D C:\Users\Default\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142070}
2015-11-05 16:03 - 2011-07-05 10:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TeamViewer
2015-11-05 16:03 - 2011-07-05 10:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Nvu
2015-11-05 16:03 - 2011-07-05 10:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defraggler
2015-11-05 16:03 - 2011-07-05 10:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\hpqLog
2015-11-05 16:03 - 2011-07-05 10:46 - 00000000 ____D C:\Users\Default User\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142070}
2015-11-04 15:29 - 2015-10-24 09:35 - 00000000 ____D C:\Users\Parent\Documents\bobo ass hole_data
2015-11-04 15:29 - 2014-12-26 18:24 - 00000000 ____D C:\Users\Parent\Desktop\TyphooN_CM7_v3.9.0-cLK
2015-11-04 15:29 - 2014-12-03 10:19 - 00000000 ____D C:\Users\Parent\Downloads\MAGLDR113_DAF
2015-11-04 01:01 - 2015-02-10 21:15 - 00000000 ____D C:\Users\Parent\AppData\LocalLow\Company
2015-11-04 00:25 - 2015-09-20 05:19 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-02 23:35 - 2012-03-05 17:28 - 00000000 ____D C:\Users\Parent\AppData\Local\ElevatedDiagnostics
2015-11-02 15:41 - 2015-03-04 07:10 - 00000000 ____D C:\Program Files\Kodi

==================== Files in the root of some directories =======

2015-01-25 08:12 - 2015-01-25 08:12 - 0002086 _____ () C:\Users\Parent\AppData\Roaming\FG
2015-01-25 08:12 - 2015-01-25 08:12 - 0001248 _____ () C:\Users\Parent\AppData\Roaming\UBRODQZ
2015-11-16 12:45 - 2015-11-16 12:45 - 0000187 _____ () C:\Users\Parent\AppData\Local\Istexon.exe.config
2015-11-10 16:19 - 2015-11-22 12:57 - 0000600 _____ () C:\Users\Parent\AppData\Local\PUTTY.RND
2015-03-27 03:01 - 2015-11-25 01:32 - 0007599 _____ () C:\Users\Parent\AppData\Local\Resmon.ResmonCfg
2015-11-14 21:36 - 2015-11-14 21:36 - 0031328 __RSH () C:\ProgramData\3002.abs
2015-11-14 21:36 - 2015-11-26 16:42 - 0000071 __RSH () C:\ProgramData\3002.xml
2015-11-14 21:36 - 2015-11-14 21:36 - 0015568 __RSH () C:\ProgramData\3029.abs
2012-03-05 16:49 - 2015-10-05 12:00 - 0001056 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\Parent\AppData\Local\temp\Gecko_iPhone_Toolkit.exe
C:\Users\Parent\AppData\Local\temp\redsn0w.exe
C:\Users\Parent\AppData\Local\temp\Uninstall.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-20 23:35

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:37 PM

Posted 28 November 2015 - 08:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs and Features Applet.
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1154962001-1373766814-1045438300-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (No Name) - C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfgalpdacmnhaikecnllfdpogahilkm [2015-02-12]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
CustomCLSID: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
Task: {0CAD139F-5E91-4F0C-BDBA-5CD14454F478} - \IBUpd -> No File <==== ATTENTION
Task: {25C4FE0E-D917-49C1-90D4-8429DE6CF86D} - System32\Tasks\JZIP => C:\Program Files\JZIP\JZIP\JZIP.exe
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {3B9335BC-37FD-41CD-8A8B-61F0CDF602DC} - \systemmgr -> No File <==== ATTENTION
Task: {400A92D5-149D-4E41-885D-F5AEC9DD3EC2} - System32\Tasks\UDZXH => C:\ProgramData\869b78dd0a6f49f08fdae40c91a846c4\869b78dd0a6f49f08fdae40c91a846c4.exe <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {63FA2138-1BA5-4702-9F37-2774931E1DE1} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {6CA8FD82-EDC5-4A21-886D-2CCA1FC2A02F} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {73F0B80F-BC14-482D-87EF-B2CA6E50FF13} - \LuckyTab -> No File <==== ATTENTION
Task: {947C221E-55C9-43F4-94EF-116D93EFBE28} - \Microsoft\Windows\RestartManager\{18C0EF1D-5C08-4e68-8241-78CC34601FB5} -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {BFD5C2C0-752F-4659-9DA8-EE6C0CF3C8F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {C1A110E2-91A7-4865-86F2-BBC1D816E146} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {F3BC0750-0F49-4859-B1BE-869E921C694B} - System32\Tasks\{51C3A10A-3C82-4294-B4EB-74B0D5B0D43D} => pcalua.exe -a "C:\Program Files\AnyProtectEx\uninstall.exe" <==== ATTENTION
Task: {FAC77BAF-5A7B-41CA-AC7B-83C58EFC024C} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {FDDCE3F4-DCC1-4E23-8B2D-B18135CCE84C} - System32\Tasks\dpynloae => C:\Windows\system32\config\systemprofile\AppData\Local\Viva <==== ATTENTION
C:\Program Files\JZIP
C:\ProgramData\869b78dd0a6f49f08fdae40c91a846c4\869b78dd0a6f49f08fdae40c91a846c4.exe
C:\Program Files\AnyProtectEx
C:\Windows\system32\config\systemprofile\AppData\Local\Viva
C:\Users\Parent\AppData\Local\temp\redsn0w.exe
C:\Users\Parent\AppData\Local\temp\Uninstall.exe
C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfgalpdacmnhaikecnllfdpogahilkm

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

How is the computer running now?

#3 cardoctorlv31

cardoctorlv31
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 28 November 2015 - 07:17 PM

thank you nasdaq for your quick response and help

  I followed your steps but I could not find Itibiti RTC in program features (hidden) I did check show hidden in options but still couldn't find also I don't have google chrome . here's my results . my pc is running somewhat better should be faster .I do here my hard drive constantly if that helps ? thank you so much for helping .

 

Fix result of Farbar Recovery Scan Tool (x86) Version:28-11-2015
Ran by Parent (2015-11-28 15:33:16) Run:1
Running from C:\Users\Parent\Downloads
Loaded Profiles: Parent (Available Profiles: Parent)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1154962001-1373766814-1045438300-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (No Name) - C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfgalpdacmnhaikecnllfdpogahilkm [2015-02-12]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
CustomCLSID: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Parent\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
Task: {0CAD139F-5E91-4F0C-BDBA-5CD14454F478} - \IBUpd -> No File <==== ATTENTION
Task: {25C4FE0E-D917-49C1-90D4-8429DE6CF86D} - System32\Tasks\JZIP => C:\Program Files\JZIP\JZIP\JZIP.exe
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {3B9335BC-37FD-41CD-8A8B-61F0CDF602DC} - \systemmgr -> No File <==== ATTENTION
Task: {400A92D5-149D-4E41-885D-F5AEC9DD3EC2} - System32\Tasks\UDZXH => C:\ProgramData\869b78dd0a6f49f08fdae40c91a846c4\869b78dd0a6f49f08fdae40c91a846c4.exe <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {63FA2138-1BA5-4702-9F37-2774931E1DE1} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {6CA8FD82-EDC5-4A21-886D-2CCA1FC2A02F} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {73F0B80F-BC14-482D-87EF-B2CA6E50FF13} - \LuckyTab -> No File <==== ATTENTION
Task: {947C221E-55C9-43F4-94EF-116D93EFBE28} - \Microsoft\Windows\RestartManager\{18C0EF1D-5C08-4e68-8241-78CC34601FB5} -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {BFD5C2C0-752F-4659-9DA8-EE6C0CF3C8F0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {C1A110E2-91A7-4865-86F2-BBC1D816E146} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {F3BC0750-0F49-4859-B1BE-869E921C694B} - System32\Tasks\{51C3A10A-3C82-4294-B4EB-74B0D5B0D43D} => pcalua.exe -a "C:\Program Files\AnyProtectEx\uninstall.exe" <==== ATTENTION
Task: {FAC77BAF-5A7B-41CA-AC7B-83C58EFC024C} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {FDDCE3F4-DCC1-4E23-8B2D-B18135CCE84C} - System32\Tasks\dpynloae => C:\Windows\system32\config\systemprofile\AppData\Local\Viva <==== ATTENTION
C:\Program Files\JZIP
C:\ProgramData\869b78dd0a6f49f08fdae40c91a846c4\869b78dd0a6f49f08fdae40c91a846c4.exe
C:\Program Files\AnyProtectEx
C:\Windows\system32\config\systemprofile\AppData\Local\Viva
C:\Users\Parent\AppData\Local\temp\redsn0w.exe
C:\Users\Parent\AppData\Local\temp\Uninstall.exe
C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfgalpdacmnhaikecnllfdpogahilkm

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully.
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully.
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1154962001-1373766814-1045438300-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully.
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-1154962001-1373766814-1045438300-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-1154962001-1373766814-1045438300-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-1154962001-1373766814-1045438300-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully.
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfgalpdacmnhaikecnllfdpogahilkm => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully.
AgereSoftModem => service removed successfully.
"HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.
"HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.
"HKU\S-1-5-21-1154962001-1373766814-1045438300-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CAD139F-5E91-4F0C-BDBA-5CD14454F478}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CAD139F-5E91-4F0C-BDBA-5CD14454F478}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25C4FE0E-D917-49C1-90D4-8429DE6CF86D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25C4FE0E-D917-49C1-90D4-8429DE6CF86D}" => key removed successfully.
C:\Windows\System32\Tasks\JZIP => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JZIP" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B9335BC-37FD-41CD-8A8B-61F0CDF602DC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B9335BC-37FD-41CD-8A8B-61F0CDF602DC}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\systemmgr => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{400A92D5-149D-4E41-885D-F5AEC9DD3EC2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{400A92D5-149D-4E41-885D-F5AEC9DD3EC2}" => key removed successfully.
C:\Windows\System32\Tasks\UDZXH => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UDZXH" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B184694-64C3-4633-94C5-945B3FA561D6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B184694-64C3-4633-94C5-945B3FA561D6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63FA2138-1BA5-4702-9F37-2774931E1DE1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63FA2138-1BA5-4702-9F37-2774931E1DE1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CA8FD82-EDC5-4A21-886D-2CCA1FC2A02F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CA8FD82-EDC5-4A21-886D-2CCA1FC2A02F}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73F0B80F-BC14-482D-87EF-B2CA6E50FF13}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73F0B80F-BC14-482D-87EF-B2CA6E50FF13}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{947C221E-55C9-43F4-94EF-116D93EFBE28}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{947C221E-55C9-43F4-94EF-116D93EFBE28}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RestartManager\{18C0EF1D-5C08-4e68-8241-78CC34601FB5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F54B95F-5096-4803-AE61-E9B3AC5B616D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F54B95F-5096-4803-AE61-E9B3AC5B616D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFD5C2C0-752F-4659-9DA8-EE6C0CF3C8F0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFD5C2C0-752F-4659-9DA8-EE6C0CF3C8F0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1A110E2-91A7-4865-86F2-BBC1D816E146}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1A110E2-91A7-4865-86F2-BBC1D816E146}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D21F6024-191F-4454-BBBC-09A650DA2549}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D21F6024-191F-4454-BBBC-09A650DA2549}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3BC0750-0F49-4859-B1BE-869E921C694B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3BC0750-0F49-4859-B1BE-869E921C694B}" => key removed successfully.
C:\Windows\System32\Tasks\{51C3A10A-3C82-4294-B4EB-74B0D5B0D43D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{51C3A10A-3C82-4294-B4EB-74B0D5B0D43D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAC77BAF-5A7B-41CA-AC7B-83C58EFC024C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAC77BAF-5A7B-41CA-AC7B-83C58EFC024C}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDDCE3F4-DCC1-4E23-8B2D-B18135CCE84C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDDCE3F4-DCC1-4E23-8B2D-B18135CCE84C}" => key removed successfully.
C:\Windows\System32\Tasks\dpynloae => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dpynloae" => key removed successfully.
C:\Program Files\JZIP => moved successfully
"C:\ProgramData\869b78dd0a6f49f08fdae40c91a846c4\869b78dd0a6f49f08fdae40c91a846c4.exe" => not found.
"C:\Program Files\AnyProtectEx" => not found.
"C:\Windows\system32\config\systemprofile\AppData\Local\Viva" => not found.
"C:\Users\Parent\AppData\Local\temp\redsn0w.exe" => not found.
"C:\Users\Parent\AppData\Local\temp\Uninstall.exe" => not found.
"C:\Users\Parent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfgalpdacmnhaikecnllfdpogahilkm" => not found.
EmptyTemp: => 66.4 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 15:33:57 ====

 

 

# AdwCleaner v5.022 - Logfile created 28/11/2015 at 15:50:27
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Parent - HOPE
# Running from : C:\Users\Parent\Desktop\adwcleaner_5.022.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [586 bytes] ##########



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:37 PM

Posted 29 November 2015 - 09:19 AM

I could not find Itibiti RTC in program features


Lets look in the Registry.

Please run the Farbar Recovery Scan Tool. Enter Itibiti in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

===

Reset what ever browser you have using.
The tool was not able to detect it.
What do you normally use. Is it set as the Default browser?
===

....I do here my hard drive constantly if that helps
Use Internet Explorer and install any important Microsoft Security Updates.

https://www.microsoft.com/security/pc-security/updates.aspx

===

Restart the computer when done.

How is the computer running now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:37 PM

Posted 05 December 2015 - 01:44 PM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users