Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

something is filling my hard drive space


  • This topic is locked This topic is locked
42 replies to this topic

#1 kugoi

kugoi

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 09 December 2015 - 11:30 AM

a few days ago we noticed the computer was suddenly really slow. while trying to figure out why, i saw we are using 928 of our 930 gig of memory. There is no way we've used that much. avg and malwarebytes are coming up clean.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Megan (administrator) on NEWCOMPUTER (09-12-2015 10:53:56)
Running from C:\Users\Megan\Downloads
Loaded Profiles: Megan & Austin & Kids & Austin2 & Sky & Administrator (Available Profiles: Megan & Austin & Kids & Austin2 & Sky & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ScreenRetriever\csrsrvs.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Lenovo Motion\PGService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Lenovo Motion\PG_Service_Launcher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\ScreenRetriever\SRsrvr.exe
(ScreenRetriever) C:\Program Files (x86)\ScreenRetriever\realtime\winSR.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Lenovo Motion\WebcamSplitterServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ScreenRetriever) C:\Program Files (x86)\ScreenRetriever\realtime\winSR.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Lenovo Motion\PG_Tray.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Seifert) C:\Program Files (x86)\WinDirStat\windirstat.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2014-04-25] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168920 2014-04-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1753432 2012-09-18] (Lenovo)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\RunLEDS.exe [1752920 2012-09-18] (Lenovo)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2819984 2015-12-03] ()
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50143872 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\...\RunOnce: [Uninstall C:\Users\Megan\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Megan\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\...\MountPoints2: {7eb6a1ee-d04b-11e4-8261-b01041b19a20} - "E:\iStudio.exe"
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [150528 2015-07-09] (Microsoft Corporation)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1004\...\MountPoints2: {7eb6a1ee-d04b-11e4-8261-b01041b19a20} - "E:\iStudio.exe"
HKU\S-1-5-21-3405048555-2605891794-1985660793-1005\...\MountPoints2: {7eb6a1ee-d04b-11e4-8261-b01041b19a20} - "E:\iStudio.exe"
HKU\S-1-5-21-3405048555-2605891794-1985660793-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [149504 2015-07-09] (Microsoft Corporation)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-09] (Microsoft Corporation)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1007\...\RunOnce: [Uninstall C:\Users\Sky\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sky\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3405048555-2605891794-1985660793-1007\...\RunOnce: [Uninstall C:\Users\Sky\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sky\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-3405048555-2605891794-1985660793-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [583680 2015-07-09] (Microsoft Corporation)
HKU\S-1-5-21-3405048555-2605891794-1985660793-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Motion.lnk [2014-08-05]
ShortcutTarget: Lenovo Motion.lnk -> C:\Program Files (x86)\Lenovo\Lenovo Motion\PG_Tray.exe (PointGrab LTD)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{9e7493f7-cf47-4f16-bb4c-6330162b9444}: [DhcpNameServer] 192.168.0.1 205.171.2.226

Internet Explorer:
==================
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={BF57FE90-AD0E-4DBD-9D21-8B5576CC16A0}&mid=c4c37a36aee447ccaed76159075573d3-e021cf412efec8ccf927e2c2c10853d6f8aa9e97&lang=en&ds=AVG&coid=avgtbavg&cmpid=1015avz&pr=fr&d=2015-10-29 04:25:44&v=4.1.8.599&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3405048555-2605891794-1985660793-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3405048555-2605891794-1985660793-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3405048555-2605891794-1985660793-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3405048555-2605891794-1985660793-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-1005\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3405048555-2605891794-1985660793-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3405048555-2605891794-1985660793-1006\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-1006\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3405048555-2605891794-1985660793-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3405048555-2605891794-1985660793-1007\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-1007\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3405048555-2605891794-1985660793-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3405048555-2605891794-1985660793-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-3405048555-2605891794-1985660793-1004 -> DefaultScope {6EE6C697-E70C-4C3A-943A-E10D0E5030FD} URL =
SearchScopes: HKU\S-1-5-21-3405048555-2605891794-1985660793-1004 -> {6EE6C697-E70C-4C3A-943A-E10D0E5030FD} URL =
SearchScopes: HKU\S-1-5-21-3405048555-2605891794-1985660793-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={BF57FE90-AD0E-4DBD-9D21-8B5576CC16A0}&mid=c4c37a36aee447ccaed76159075573d3-e021cf412efec8ccf927e2c2c10853d6f8aa9e97&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-10-29 04:25:44&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.1.951\AVG Web TuneUp.dll [2015-12-03] (AVG)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.1.951\AVG Web TuneUp.dll [2015-12-03] (AVG)

FireFox:
========
FF ProfilePath: C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\sod2ee6g.default-1449493328580
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.1\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3405048555-2605891794-1985660793-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Megan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3405048555-2605891794-1985660793-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Austin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3405048555-2605891794-1985660793-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kids\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 csrsrvs; C:\Program Files (x86)\ScreenRetriever\csrsrvs.exe [70544 2011-05-13] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [532224 2014-04-22] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Lenovo Motion\PGService.exe [142600 2014-03-06] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Lenovo Motion\PG_Service_Launcher.exe [488200 2014-03-06] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SRsrvr; C:\Program Files (x86)\ScreenRetriever\SRsrvr.exe [69056 2012-10-31] ()
R2 SRvnc_service; C:\Program Files (x86)\ScreenRetriever\realtime\winSR.exe [1247120 2011-05-13] (ScreenRetriever)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4378024 2015-11-23] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater40.2.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.1\ToolbarUpdater.exe [1926544 2015-12-03] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-03] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9112792 2014-05-02] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-06-23] (Realtek Semiconductor Corporation                           )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-11-23] (TuneUp Software)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-09 10:53 - 2015-12-09 10:55 - 00027534 _____ C:\Users\Megan\Downloads\FRST.txt
2015-12-09 10:52 - 2015-12-09 10:53 - 00000000 ____D C:\FRST
2015-12-09 10:51 - 2015-12-09 10:52 - 02369024 _____ (Farbar) C:\Users\Megan\Downloads\FRST64.exe
2015-12-09 10:36 - 2015-12-09 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-12-09 10:35 - 2015-12-09 10:36 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2015-12-09 10:32 - 2015-12-09 10:33 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Megan\Downloads\cbSetup.exe
2015-12-09 09:37 - 2015-12-09 09:37 - 00001115 _____ C:\Users\Megan\Desktop\WinDirStat.lnk
2015-12-09 09:37 - 2015-12-09 09:37 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-12-09 09:37 - 2015-12-09 09:37 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2015-12-09 09:36 - 2015-12-09 09:37 - 00645729 _____ (WDS Team) C:\Users\Megan\Downloads\windirstat1_1_2_setup.exe
2015-12-09 09:14 - 2015-12-09 09:14 - 00002862 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-12-09 09:14 - 2015-12-09 09:14 - 00000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-09 09:14 - 2015-12-09 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-09 09:14 - 2015-12-09 09:14 - 00000000 ____D C:\Program Files\CCleaner
2015-12-09 09:13 - 2015-12-09 09:13 - 06801752 _____ (Piriform Ltd) C:\Users\Megan\Downloads\ccsetup512.exe
2015-12-09 08:41 - 2015-11-23 16:41 - 00046504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2015-12-09 08:41 - 2015-11-23 16:37 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll
2015-12-09 08:41 - 2015-11-23 16:37 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll
2015-12-09 08:40 - 2015-12-09 08:40 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2015-12-09 08:40 - 2015-12-09 08:40 - 00002211 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2015-12-09 08:40 - 2015-12-09 08:40 - 00000000 ____D C:\Users\Megan\AppData\Roaming\AVG
2015-12-09 08:36 - 2015-12-09 08:37 - 05640425 _____ (Swearware) C:\Users\Megan\Downloads\ComboFix.exe
2015-12-09 08:34 - 2015-12-09 08:37 - 02924112 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Megan\Downloads\AVG_PCTuneUp_1293.exe
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\WINDOWS\My Product Name
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\Users\Megan\Desktop\OpenOffice 4.1.2 (en-US) Installation Files
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\f4f10080d151d362852ff669b9
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\d7c62b445da2a01fdcb9762287eea8b2
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\b94fc1025f35504412ba
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\af5684b22e34dcd3c6f749464a27d7da
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\9bedadc8bb3abffbcff5bb59
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\995557e22a5fae54e66c
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\88152c4fd4cef59307
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\6a033aaca0f8082e489939
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\6329fdbbccc8036efb0f7be6
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\2538a98802e049277849b4ee35aa
2015-12-09 08:19 - 2015-12-09 08:19 - 00016148 _____ C:\WINDOWS\system32\NEWCOMPUTER_Megan_HistoryPrediction.bin
2015-12-09 08:19 - 2015-12-09 08:19 - 00016148 _____ C:\WINDOWS\system32\NEWCOMPUTER_Austin_HistoryPrediction.bin
2015-12-07 08:02 - 2015-12-07 08:02 - 00000000 ____D C:\Users\Megan\Desktop\Old Firefox Data
2015-12-03 21:25 - 2015-12-03 21:25 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2015-12-03 18:39 - 2015-12-03 19:23 - 00000000 ____D C:\Users\Megan\Desktop\christmas
2015-12-03 18:17 - 2015-12-03 18:17 - 00016148 _____ C:\WINDOWS\system32\NEWCOMPUTER_Sky_HistoryPrediction.bin
2015-12-03 16:59 - 2015-12-03 16:59 - 00000000 ____D C:\Users\Sky\AppData\Roaming\OpenOffice
2015-12-03 16:06 - 2015-12-03 16:06 - 00002385 _____ C:\Users\Sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-03 16:06 - 2015-12-03 16:06 - 00000000 ___RD C:\Users\Sky\OneDrive
2015-12-03 16:03 - 2015-12-03 16:03 - 00000000 ____D C:\Users\Sky\AppData\Roaming\Apple Computer
2015-12-03 16:03 - 2015-12-03 16:03 - 00000000 ____D C:\Users\Sky\AppData\Local\AVG Web TuneUp
2015-12-03 16:02 - 2015-12-03 16:02 - 00000000 ____D C:\Users\Sky\AppData\Local\Publishers
2015-12-03 16:01 - 2015-12-03 16:03 - 00000000 ____D C:\Users\Sky\AppData\Local\Comms
2015-12-03 16:00 - 2015-12-03 16:00 - 00000020 ___SH C:\Users\Sky\ntuser.ini
2015-12-03 16:00 - 2015-12-03 16:00 - 00000000 ____D C:\Users\Sky\AppData\Local\TileDataLayer
2015-12-01 17:31 - 2015-12-01 17:31 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Apple Computer
2015-12-01 09:46 - 2015-12-01 09:46 - 05644355 _____ C:\Users\Megan\Downloads\Sourdough_eBook.pdf
2015-11-30 11:34 - 2015-11-30 11:34 - 00016148 _____ C:\WINDOWS\system32\NEWCOMPUTER_Kids_HistoryPrediction.bin
2015-11-29 18:44 - 2015-11-29 19:08 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Apple Computer
2015-11-29 18:44 - 2015-11-29 18:44 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-29 18:44 - 2015-11-29 18:44 - 00000000 ____D C:\Users\Megan\AppData\Local\Apple Computer
2015-11-29 18:44 - 2015-11-29 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-29 18:43 - 2015-11-29 18:44 - 00000000 ____D C:\Program Files\iTunes
2015-11-29 18:43 - 2015-11-29 18:43 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-29 18:43 - 2015-11-29 18:43 - 00000000 ____D C:\Program Files\iPod
2015-11-29 18:43 - 2015-11-29 18:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-29 18:42 - 2015-11-29 18:42 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-29 18:42 - 2015-11-29 18:42 - 00000000 ____D C:\Users\Megan\AppData\Local\Apple
2015-11-29 18:42 - 2015-11-29 18:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-29 18:39 - 2015-11-29 18:39 - 00000000 ____D C:\Program Files\Bonjour
2015-11-29 18:39 - 2015-11-29 18:39 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-11-29 18:38 - 2015-11-29 18:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-29 18:36 - 2015-11-29 18:42 - 00000000 ____D C:\ProgramData\Apple
2015-11-29 18:15 - 2015-11-29 18:31 - 167839512 _____ (Apple Inc.) C:\Users\Megan\Downloads\iTunes6464Setup.exe
2015-11-29 17:17 - 2015-11-29 17:17 - 00190646 _____ C:\Users\Megan\Downloads\3e086m2cu4-Anakin_Skywalker_v2.7z
2015-11-29 16:36 - 2015-11-29 16:37 - 03697346 _____ C:\Users\Megan\Downloads\y6uvuz6jlc-Darthmaul.rar
2015-11-29 16:36 - 2015-11-29 16:36 - 01692927 _____ C:\Users\Megan\Downloads\ndxxojlf84xs-ST(1).rar
2015-11-29 16:35 - 2015-11-29 16:35 - 01692927 _____ C:\Users\Megan\Downloads\ndxxojlf84xs-ST.rar
2015-11-29 16:34 - 2015-11-29 16:34 - 00221082 _____ C:\Users\Megan\Downloads\an0zmnpie7-Anakin_Skywalker.7z
2015-11-25 17:20 - 2015-11-25 17:20 - 00258896 _____ C:\Users\Megan\Downloads\minecraft_rigV3.zip
2015-11-25 17:16 - 2015-11-25 17:16 - 00367775 _____ C:\Users\Megan\Downloads\minecraft_rigV2.zip
2015-11-24 10:58 - 2015-11-24 10:58 - 00000000 ____D C:\Users\Megan\AppData\LocalLow\Macromedia
2015-11-24 10:56 - 2015-11-24 10:56 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-11-24 10:55 - 2015-11-24 10:55 - 05028296 _____ (Adobe Systems Inc.) C:\Users\Megan\Downloads\Shockwave_Installer_Slim.exe
2015-11-23 05:51 - 2015-11-23 05:51 - 00138349 _____ C:\Users\Megan\Downloads\AUSTIN_L_WARD_III_and_MEGAN_R_WARD_2014_Tax_Return.pdf
2015-11-22 11:59 - 2015-11-22 12:00 - 00296490 _____ C:\Users\Megan\Downloads\EO_ingestion_webinar.pdf
2015-11-20 15:11 - 2015-11-20 15:12 - 20850947 _____ C:\Users\Megan\Downloads\gw4c6lw7or28-AudiR8.rar
2015-11-20 15:08 - 2015-11-20 15:08 - 00458990 _____ C:\Users\Megan\Downloads\police_car.7z
2015-11-20 15:01 - 2015-11-20 15:01 - 00000000 ____D C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!
2015-11-20 15:00 - 2015-11-20 15:00 - 00732727 _____ C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!.zip
2015-11-20 14:53 - 2015-11-20 14:53 - 03022929 _____ C:\Users\Megan\Downloads\zm635em2gz-dcu_batman.7z
2015-11-20 14:48 - 2015-11-20 14:48 - 00471266 _____ C:\Users\Megan\Downloads\2yyzamcu92-katana.rar
2015-11-17 19:09 - 2015-11-17 19:09 - 00000000 ____D C:\Users\Public\Documents\sun
2015-11-17 17:44 - 2015-11-17 17:44 - 00244666 _____ C:\Users\Megan\Downloads\ddeh6ae6kr28-Minecraft-Rig.zip
2015-11-17 13:31 - 2015-11-17 13:31 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-11-15 20:30 - 2015-11-15 20:30 - 00343668 _____ C:\Users\Megan\Downloads\Police Car(1).7z
2015-11-15 18:14 - 2015-11-15 18:19 - 60947145 _____ C:\Users\Megan\Downloads\Grade 2 Course Set.zip
2015-11-15 18:14 - 2015-11-15 18:18 - 59464491 _____ C:\Users\Megan\Downloads\Grade 3 Course Set.zip
2015-11-15 18:14 - 2015-11-15 18:18 - 36389021 _____ C:\Users\Megan\Downloads\Grade K Course Set.zip
2015-11-15 18:14 - 2015-11-15 18:17 - 29726918 _____ C:\Users\Megan\Downloads\Grade 1 Course Set.zip
2015-11-13 13:00 - 2015-11-13 13:01 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2015-11-13 13:00 - 2015-11-13 13:00 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2015-11-13 12:34 - 2015-11-13 12:58 - 140783556 _____ C:\Users\Megan\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-US.exe
2015-11-13 12:02 - 2015-11-13 12:02 - 16017912 _____ C:\Users\Megan\Downloads\OfficeCallCenter.zip
2015-11-13 11:08 - 2015-11-13 11:08 - 02230722 _____ C:\Users\Megan\Downloads\StickManPACK1.zip
2015-11-13 11:06 - 2015-11-13 11:06 - 01039879 _____ C:\Users\Megan\Downloads\Classic_Mic.zip
2015-11-13 10:59 - 2015-11-13 10:59 - 46804537 _____ C:\Users\Megan\Downloads\rwgul32eedj4-Optimus.zip
2015-11-13 10:52 - 2015-11-13 10:52 - 00000000 ____D C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee
2015-11-13 10:51 - 2015-11-13 10:51 - 28733790 _____ C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee.zip
2015-11-13 10:18 - 2015-11-13 10:19 - 21460131 _____ C:\Users\Austin\Downloads\sdrm3yuq5v-BATMAN - The Dark Night(1).rar
2015-11-13 08:23 - 2015-11-13 08:23 - 10564393 _____ C:\Users\Austin\Downloads\wpiz9zpo5i-GreenLantern.7z
2015-11-13 08:22 - 2015-11-13 08:22 - 07507650 _____ C:\Users\Austin\Downloads\updbcq7zzv9c-GreenArrowA.7z
2015-11-13 08:18 - 2015-11-13 08:18 - 21460131 _____ C:\Users\Austin\Downloads\sdrm3yuq5v-BATMAN - The Dark Night.rar
2015-11-12 20:27 - 2015-11-12 20:28 - 00000000 ____D C:\Users\Megan\Downloads\hw3kg8jycy-iron man
2015-11-12 20:26 - 2015-11-12 20:27 - 10663846 _____ C:\Users\Megan\Downloads\hw3kg8jycy-iron man.zip
2015-11-12 20:25 - 2015-11-12 20:25 - 00900609 _____ C:\Users\Megan\Downloads\ldtz2exalzb4-IronManmark3.7z
2015-11-12 20:24 - 2015-11-12 20:24 - 01077785 _____ C:\Users\Megan\Downloads\zfg6s8te7j-IronManMark42.7z
2015-11-12 14:59 - 2015-11-12 14:59 - 00343668 _____ C:\Users\Megan\Downloads\Police Car.7z
2015-11-12 14:29 - 2015-11-12 14:29 - 06790848 _____ C:\Users\Austin\Downloads\idfrjn1tkdfk-Spider-Man.7z
2015-11-11 22:09 - 2015-11-11 22:09 - 00729622 _____ C:\Users\Megan\Downloads\z8a814f1kv-puniisher.zip
2015-11-11 22:01 - 2015-11-11 22:01 - 07680089 _____ C:\Users\Megan\Downloads\au3wrq86hj-Thor.rar
2015-11-11 21:55 - 2015-11-11 21:55 - 08985201 _____ C:\Users\Megan\Downloads\iolingzvel8g-XNA_Spider-Man_TASM2.7z
2015-11-11 21:34 - 2015-11-11 21:35 - 33464652 _____ C:\Users\Megan\Downloads\1s7cdm3og2-Wolverine.zip
2015-11-11 21:30 - 2015-11-11 21:31 - 06790848 _____ C:\Users\Megan\Downloads\idfrjn1tkdfk-Spider-Man(1).7z
2015-11-11 20:51 - 2015-11-11 20:51 - 00713195 ____R C:\Users\Megan\Downloads\Hulk.7z
2015-11-11 20:49 - 2015-11-11 20:49 - 06790848 ____R C:\Users\Megan\Downloads\idfrjn1tkdfk-Spider-Man.7z
2015-11-11 20:42 - 2015-11-11 20:42 - 06957359 _____ C:\Users\Megan\Downloads\v4g9a1y3x2ww-Robin.7z
2015-11-11 08:30 - 2015-11-11 08:30 - 00000000 ___RD C:\Users\Austin\3D Objects
2015-11-10 19:32 - 2015-11-10 19:32 - 00000000 ___RD C:\Users\Megan\3D Objects
2015-11-10 19:29 - 2015-11-10 19:30 - 15784323 _____ C:\Users\Megan\Downloads\sbv9148irj-Deadpool.zip
2015-11-10 12:56 - 2015-11-10 12:56 - 00000740 _____ C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blender.lnk
2015-11-09 15:58 - 2015-11-09 15:58 - 00000000 ____D C:\Users\Kids\AppData\Local\MicrosoftEdge

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-09 10:53 - 2015-07-10 04:47 - 00000000 ____D C:\Windows
2015-12-09 10:50 - 2015-10-07 12:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-09 10:36 - 2015-10-22 11:38 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-09 10:36 - 2015-07-30 17:40 - 00000000 ____D C:\WINDOWS\INF
2015-12-09 09:58 - 2015-06-21 15:11 - 00000000 ____D C:\ProgramData\MFAData
2015-12-09 09:17 - 2015-10-27 18:03 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-09 09:17 - 2015-10-22 15:17 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-09 08:40 - 2015-06-21 15:10 - 00000000 ____D C:\ProgramData\Avg
2015-12-09 08:40 - 2015-06-21 15:10 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-09 08:40 - 2015-06-21 15:09 - 00000000 ____D C:\Users\Megan\AppData\Local\AvgSetupLog
2015-12-09 08:40 - 2015-06-21 15:09 - 00000000 ____D C:\Users\Megan\AppData\Local\Avg
2015-12-09 08:32 - 2014-08-05 14:00 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-12-09 08:28 - 2015-06-21 14:59 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Nitro PDF
2015-12-09 08:26 - 2015-07-30 17:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-09 08:25 - 2015-07-30 17:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 08:22 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Kids
2015-12-09 08:22 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Austin2
2015-12-09 08:22 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Administrator
2015-12-09 08:21 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-09 08:19 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Megan
2015-12-09 08:19 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Austin
2015-12-09 08:19 - 2015-10-22 11:21 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-09 08:19 - 2015-02-25 23:21 - 00000000 __SHD C:\Users\Megan\IntelGraphicsProfiles
2015-12-09 08:18 - 2015-03-03 02:33 - 00000000 __SHD C:\Users\Austin\IntelGraphicsProfiles
2015-12-09 08:17 - 2015-07-30 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-08 20:14 - 2015-06-21 13:09 - 00000000 ____D C:\Users\Austin\AppData\Local\SweetLabs App Platform
2015-12-07 16:48 - 2015-08-06 14:29 - 00000000 ____D C:\tmp
2015-12-07 16:01 - 2015-09-25 16:18 - 00003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMegan
2015-12-07 16:01 - 2015-09-25 16:18 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMegan.job
2015-12-07 09:07 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-07 08:03 - 2015-10-27 18:07 - 00000000 ____D C:\Users\Megan\Desktop\Asher
2015-12-07 08:00 - 2015-06-21 15:56 - 00012769 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2015-12-07 08:00 - 2015-06-21 15:56 - 00000000 ____D C:\ProgramData\ScreenRetriever
2015-12-07 08:00 - 2015-06-21 15:54 - 00000000 __SHD C:\Program Files (x86)\ScreenRetriever
2015-12-06 12:18 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\TAPI
2015-12-06 12:18 - 2015-07-10 04:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-12-06 12:17 - 2015-02-25 23:25 - 00000000 __RDO C:\Users\Megan\OneDrive
2015-12-06 11:45 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-06 11:42 - 2015-06-21 15:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-06 11:40 - 2015-06-21 15:22 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-06 11:40 - 2015-06-21 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-06 11:40 - 2015-06-21 15:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-06 11:38 - 2015-10-18 07:01 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Skype
2015-12-06 08:41 - 2015-10-18 07:01 - 00000000 ____D C:\ProgramData\Skype
2015-12-04 15:26 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-04 05:33 - 2015-02-25 23:21 - 00000000 ____D C:\Users\Megan\AppData\Local\Packages
2015-12-03 21:25 - 2015-10-29 03:25 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2015-12-03 21:25 - 2015-10-29 03:25 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-12-03 18:39 - 2015-07-01 09:54 - 00000000 ____D C:\Users\Megan\Desktop\gay marriage
2015-12-03 18:36 - 2015-07-27 07:36 - 00000000 ____D C:\Users\Austin\Desktop\ADMINS
2015-12-03 18:22 - 2015-03-03 02:33 - 00000000 ____D C:\Users\Austin\AppData\Local\Packages
2015-12-03 16:50 - 2015-03-05 13:07 - 00000000 ____D C:\Users\Sky\AppData\Local\Packages
2015-12-03 16:06 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Sky
2015-12-03 16:00 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-03 16:00 - 2015-03-05 13:07 - 00000000 __SHD C:\Users\Sky\IntelGraphicsProfiles
2015-12-02 15:50 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-27 12:13 - 2015-06-25 18:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-25 19:40 - 2015-08-06 14:28 - 00001648 _____ C:\Users\Megan\Desktop\blender - Shortcut.lnk
2015-11-24 17:05 - 2015-03-03 08:00 - 00000000 __SHD C:\Users\Kids\IntelGraphicsProfiles
2015-11-24 10:58 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-11-24 10:58 - 2015-02-25 12:11 - 00000000 ____D C:\Users\Megan\AppData\LocalLow\Adobe
2015-11-22 21:58 - 2015-09-25 08:36 - 00000000 ____D C:\Users\Austin\AppData\Local\LenovoReach
2015-11-21 19:30 - 2015-07-28 09:04 - 00000000 ____D C:\Users\Austin\AppData\Roaming\LSC
2015-11-18 07:57 - 2015-06-21 15:11 - 00000916 _____ C:\Users\Public\Desktop\AVG.lnk
2015-11-18 07:57 - 2015-06-21 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-11-17 20:58 - 2015-07-07 11:34 - 00000000 ____D C:\Users\Austin\AppData\Roaming\HpUpdate
2015-11-17 19:52 - 2015-02-27 14:33 - 00000000 ____D C:\Users\Megan\Documents\MDT
2015-11-17 11:35 - 2015-07-30 16:49 - 00240056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-15 18:35 - 2015-02-27 14:31 - 00000000 ____D C:\Users\Megan\Documents\Homeschool
2015-11-13 23:20 - 2015-06-22 03:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-13 19:49 - 2015-06-22 03:59 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-13 14:57 - 2015-02-25 18:59 - 00000000 ___RD C:\Users\Megan\Documents\Scanned Documents
2015-11-13 13:01 - 2015-06-21 15:37 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2015-11-13 12:57 - 2015-04-24 15:22 - 00000000 ____D C:\Users\Megan\Documents\Homemaker bundle
2015-11-11 20:44 - 2015-10-19 16:39 - 00000000 ____D C:\ProgramData\tmp
2015-11-11 19:05 - 2015-11-06 15:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-11 19:05 - 2015-06-21 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-10 17:47 - 2015-10-07 12:05 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-10 08:18 - 2015-06-21 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

==================== Files in the root of some directories =======

2015-06-21 14:42 - 2015-10-22 10:49 - 0593753 _____ () C:\Users\Megan\AppData\Local\BTServer.log
2015-08-02 08:42 - 2015-08-02 08:42 - 0004608 _____ () C:\Users\Megan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-31 13:52 - 2015-08-31 13:52 - 0001532 _____ () C:\Users\Megan\AppData\Local\recently-used.xbel
2015-06-23 10:11 - 2015-06-23 10:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-10-22 11:21 - 2015-10-22 11:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Austin\AppData\Local\Temp\avguirn_08145904651.exe
C:\Users\Austin\AppData\Local\Temp\oct4CF9.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-17 11:45

==================== End of FRST.txt ============================Attached File  Addition.txt   46.54KB   5 downloads



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:37 PM

Posted 09 December 2015 - 12:05 PM

:welcome:

Hello kugoi,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
CloseProcesses:
EmptyTemp:
Folder: C:\Users\Megan\Downloads
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
HKLM-x32\...\Run: [] => [X]
Task: {4AD35E7A-6089-4CC7-A3DB-1D5636FCCC93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4BCDE60D-D398-4690-A911-FC9E769FAAA2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5FB146CA-DD70-4B61-BFFD-A5EC9CB1A935} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {62ADA48C-3ED2-4B8F-83FA-D9167C5662AA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {66AD7EC5-7AD9-42BF-BFE6-4540945A7DBC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7F78AFB9-E282-4CA9-88BB-56C5E85CD88A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {827B8DA4-F71C-49CA-B5A9-299CE0BB444E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9D5A9ACC-8E18-452F-8545-05FFD5C77CC5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B0A07F24-323A-46BE-8BE0-2CA2B11AD9D1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D7B1532A-01F5-4542-96BF-991730A14415} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D8BC660B-3DB9-4EC1-8660-AB1831456ECB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\f4f10080d151d362852ff669b9
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\d7c62b445da2a01fdcb9762287eea8b2
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\b94fc1025f35504412ba
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\af5684b22e34dcd3c6f749464a27d7da
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\9bedadc8bb3abffbcff5bb59
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\995557e22a5fae54e66c
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\88152c4fd4cef59307
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\6a033aaca0f8082e489939
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\6329fdbbccc8036efb0f7be6
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\2538a98802e049277849b4ee35aa
end

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.



***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Edited by Jo*, 09 December 2015 - 12:38 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 kugoi

kugoi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 09 December 2015 - 02:43 PM

the security check seems to be stuck at "performing system health check" Is that supposed to take so long? It's probably been there for half an hour.



#4 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:37 PM

Posted 09 December 2015 - 02:46 PM


perhaps it takes so long because your harddisk is full...

give it another 10 min.
Then stop it and go on with FSRT / FSRT64 and the fixlist.txt

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 kugoi

kugoi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 09 December 2015 - 03:39 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Megan (2015-12-09 14:57:44) Run:1
Running from C:\Users\Megan\Downloads
Loaded Profiles: Megan & Austin & Kids & Austin2 & Sky & Administrator (Available Profiles: Megan & Austin & Kids & Austin2 & Sky & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
EmptyTemp:
Folder: C:\Users\Megan\Downloads
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
HKLM-x32\...\Run: [] => [X]
Task: {4AD35E7A-6089-4CC7-A3DB-1D5636FCCC93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4BCDE60D-D398-4690-A911-FC9E769FAAA2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5FB146CA-DD70-4B61-BFFD-A5EC9CB1A935} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {62ADA48C-3ED2-4B8F-83FA-D9167C5662AA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {66AD7EC5-7AD9-42BF-BFE6-4540945A7DBC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7F78AFB9-E282-4CA9-88BB-56C5E85CD88A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {827B8DA4-F71C-49CA-B5A9-299CE0BB444E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9D5A9ACC-8E18-452F-8545-05FFD5C77CC5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B0A07F24-323A-46BE-8BE0-2CA2B11AD9D1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D7B1532A-01F5-4542-96BF-991730A14415} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D8BC660B-3DB9-4EC1-8660-AB1831456ECB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\f4f10080d151d362852ff669b9
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\d7c62b445da2a01fdcb9762287eea8b2
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\b94fc1025f35504412ba
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\af5684b22e34dcd3c6f749464a27d7da
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\9bedadc8bb3abffbcff5bb59
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\995557e22a5fae54e66c
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\88152c4fd4cef59307
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\6a033aaca0f8082e489939
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\6329fdbbccc8036efb0f7be6
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\2538a98802e049277849b4ee35aa
end
*****************

Processes closed successfully.

========================= Folder: C:\Users\Megan\Downloads ========================

2015-11-20 13:36 - 2015-11-20 13:36 - 0189244 _____ () C:\Users\Megan\Downloads\014B2FD7A2DB000014200002-attachment-1-1120151240.jpg
2015-11-20 16:03 - 2015-11-20 16:03 - 0178845 _____ () C:\Users\Megan\Downloads\014B31BE807000008F500002-attachment-1-1120151457.jpg
2015-11-20 16:03 - 2015-11-20 16:03 - 0073546 _____ () C:\Users\Megan\Downloads\014B325535B200000B600002-attachment-1-IMG_4914.jpg
2015-02-25 19:15 - 2015-02-25 19:15 - 0201838 _____ () C:\Users\Megan\Downloads\0225151319.jpg
2015-02-25 19:14 - 2015-02-25 19:14 - 0209531 _____ () C:\Users\Megan\Downloads\0225151326.jpg
2015-02-25 19:14 - 2015-02-25 19:14 - 0195610 _____ () C:\Users\Megan\Downloads\0225151356.jpg
2015-02-25 19:14 - 2015-02-25 19:14 - 0191542 _____ () C:\Users\Megan\Downloads\0225151424.jpg
2015-02-25 19:13 - 2015-02-25 19:14 - 0194316 _____ () C:\Users\Megan\Downloads\0225151428.jpg
2015-02-25 19:13 - 2015-02-25 19:13 - 0200146 _____ () C:\Users\Megan\Downloads\0225151435.jpg
2015-02-27 13:49 - 2015-02-27 13:49 - 0186320 _____ () C:\Users\Megan\Downloads\0227150808.jpg
2015-02-27 13:49 - 2015-02-27 13:49 - 0195931 _____ () C:\Users\Megan\Downloads\0227150814.jpg
2015-02-27 13:48 - 2015-02-27 13:48 - 0184374 _____ () C:\Users\Megan\Downloads\0227150821.jpg
2015-02-27 13:48 - 2015-02-27 13:48 - 0201016 _____ () C:\Users\Megan\Downloads\0227150854.jpg
2015-02-27 13:48 - 2015-02-27 13:48 - 0170613 _____ () C:\Users\Megan\Downloads\0227150924.jpg
2015-02-27 13:48 - 2015-02-27 13:48 - 0178601 _____ () C:\Users\Megan\Downloads\0227150928.jpg
2015-02-27 13:47 - 2015-02-27 13:47 - 0196954 _____ () C:\Users\Megan\Downloads\0227150933.jpg
2015-11-20 13:35 - 2015-11-20 13:35 - 0191252 _____ () C:\Users\Megan\Downloads\024B30298DF70000EB400002-attachment-1-1120151303.jpg
2015-11-20 13:35 - 2015-11-20 13:35 - 0197832 _____ () C:\Users\Megan\Downloads\044B30418D9800000F300002-attachment-1-1120151310.jpg
2015-11-20 16:03 - 2015-11-20 16:03 - 0191730 _____ () C:\Users\Megan\Downloads\044B30ECA797000043600002-attachment-1-1120151358.jpg
2015-11-20 13:36 - 2015-11-20 13:36 - 0201969 _____ () C:\Users\Megan\Downloads\054B3015DDCA0000C5600002-attachment-1-1120151257.jpg
2015-11-20 16:03 - 2015-11-20 16:03 - 0184703 _____ () C:\Users\Megan\Downloads\054B315CE6640000B4300002-attachment-1-1120151429.jpg
2015-11-20 16:03 - 2015-11-20 16:03 - 0200790 _____ () C:\Users\Megan\Downloads\064B319F3513000041500002-attachment-1-1120151448.jpg
2015-11-18 11:35 - 2015-11-18 11:35 - 0226930 _____ () C:\Users\Megan\Downloads\1118151119.jpg
2015-11-18 11:35 - 2015-11-18 11:35 - 0219792 _____ () C:\Users\Megan\Downloads\1118151131.jpg
2015-11-18 11:40 - 2015-11-18 11:40 - 0217867 _____ () C:\Users\Megan\Downloads\1118151138.jpg
2015-11-18 11:55 - 2015-11-18 11:55 - 0210409 _____ () C:\Users\Megan\Downloads\1118151145.jpg
2015-11-18 12:32 - 2015-11-18 12:32 - 0214933 _____ () C:\Users\Megan\Downloads\1118151210.jpg
2015-11-18 12:32 - 2015-11-18 12:32 - 0210637 _____ () C:\Users\Megan\Downloads\1118151218.jpg
2015-11-11 21:34 - 2015-11-11 21:35 - 33464652 _____ () C:\Users\Megan\Downloads\1s7cdm3og2-Wolverine.zip
2015-11-20 14:48 - 2015-11-20 14:48 - 0471266 _____ () C:\Users\Megan\Downloads\2yyzamcu92-katana.rar
2015-11-29 17:17 - 2015-11-29 17:17 - 0190646 _____ () C:\Users\Megan\Downloads\3e086m2cu4-Anakin_Skywalker_v2.7z
2015-08-25 10:49 - 2015-08-25 10:49 - 0770571 _____ () C:\Users\Megan\Downloads\7_Keys-Study_Guide_Level_I.pdf
2015-08-25 10:28 - 2015-08-25 10:28 - 2912845 _____ () C:\Users\Megan\Downloads\7keysCOMPLETE.pdf
2015-12-09 11:02 - 2015-12-09 11:13 - 0047660 _____ () C:\Users\Megan\Downloads\Addition.txt
2015-11-29 16:34 - 2015-11-29 16:34 - 0221082 _____ () C:\Users\Megan\Downloads\an0zmnpie7-Anakin_Skywalker.7z
2015-06-21 15:30 - 2015-06-21 15:35 - 140852175 _____ () C:\Users\Megan\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US(1).exe
2015-02-27 14:07 - 2015-02-27 14:15 - 140852175 _____ () C:\Users\Megan\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2015-11-13 12:34 - 2015-11-13 12:58 - 140783556 _____ () C:\Users\Megan\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-US.exe
2015-11-11 22:01 - 2015-11-11 22:01 - 7680089 _____ () C:\Users\Megan\Downloads\au3wrq86hj-Thor.rar
2015-11-23 05:51 - 2015-11-23 05:51 - 0138349 _____ () C:\Users\Megan\Downloads\AUSTIN_L_WARD_III_and_MEGAN_R_WARD_2014_Tax_Return.pdf
2015-02-25 23:38 - 2015-02-25 23:38 - 4800040 _____ (AVG Technologies) C:\Users\Megan\Downloads\avg_free_stb_all_5736p1_177.exe
2015-06-21 15:08 - 2015-06-21 15:08 - 16902256 _____ (AVG Technologies) C:\Users\Megan\Downloads\avg_gsr_stb_all_ltst_635.exe
2015-12-09 08:34 - 2015-12-09 08:37 - 2924112 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Megan\Downloads\AVG_PCTuneUp_1293.exe
2015-08-06 14:16 - 2015-08-06 14:18 - 83956748 _____ () C:\Users\Megan\Downloads\blender-2.75a-windows64.msi
2015-08-06 14:23 - 2015-08-06 14:25 - 104139129 _____ () C:\Users\Megan\Downloads\blender-2.75a-windows64.zip
2015-12-09 10:32 - 2015-12-09 10:33 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Megan\Downloads\cbSetup.exe
2015-12-09 09:13 - 2015-12-09 09:13 - 6801752 _____ (Piriform Ltd) C:\Users\Megan\Downloads\ccsetup512.exe
2015-11-13 11:06 - 2015-11-13 11:06 - 1039879 _____ () C:\Users\Megan\Downloads\Classic_Mic.zip
2015-12-09 08:36 - 2015-12-09 08:37 - 5640425 _____ (Swearware) C:\Users\Megan\Downloads\ComboFix.exe
2015-06-22 15:15 - 2015-06-22 15:15 - 0010042 _____ () C:\Users\Megan\Downloads\DARE.jpg
2015-11-17 17:44 - 2015-11-17 17:44 - 0244666 _____ () C:\Users\Megan\Downloads\ddeh6ae6kr28-Minecraft-Rig.zip
2015-02-25 23:21 - 2015-11-16 14:38 - 0000298 ___SH () C:\Users\Megan\Downloads\desktop.ini
2015-11-13 10:51 - 2015-11-13 10:51 - 28733790 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee.zip
2015-10-18 12:30 - 2015-10-18 12:30 - 5261285 _____ () C:\Users\Megan\Downloads\eedf5d_204b985b0ad241d691d046d547d42235.pdf
2015-10-18 12:31 - 2015-10-18 12:31 - 14616361 _____ () C:\Users\Megan\Downloads\eedf5d_47f12caaf5034d45b88aef9c20d51f91.pdf
2015-10-10 20:45 - 2015-10-10 20:45 - 3517665 _____ () C:\Users\Megan\Downloads\EEI Manual Digital Version 2015.pdf
2015-10-10 20:45 - 2015-10-10 20:45 - 4166396 _____ () C:\Users\Megan\Downloads\EEI Manual Print Version 2015.pdf
2015-08-11 11:25 - 2015-08-11 11:26 - 0069879 _____ () C:\Users\Megan\Downloads\ENTER_US(1).pdf
2015-08-11 11:21 - 2015-08-11 11:22 - 0069879 _____ () C:\Users\Megan\Downloads\ENTER_US.pdf
2015-11-22 11:59 - 2015-11-22 12:00 - 0296490 _____ () C:\Users\Megan\Downloads\EO_ingestion_webinar.pdf
2015-12-09 14:57 - 2015-12-09 14:57 - 0002366 _____ () C:\Users\Megan\Downloads\fixlist.txt
2015-12-09 14:57 - 2015-12-09 14:57 - 0009632 _____ () C:\Users\Megan\Downloads\Fixlog.txt
2015-12-09 10:53 - 2015-12-09 11:13 - 0049453 _____ () C:\Users\Megan\Downloads\FRST.txt
2015-12-09 10:51 - 2015-12-09 10:52 - 2369024 _____ (Farbar) C:\Users\Megan\Downloads\FRST64.exe
2015-08-30 14:40 - 2015-08-30 15:21 - 91931728 _____ (The GIMP Team                                               ) C:\Users\Megan\Downloads\gimp-2.8.14-setup-1.exe
2015-11-15 18:14 - 2015-11-15 18:17 - 29726918 _____ () C:\Users\Megan\Downloads\Grade 1 Course Set.zip
2015-11-15 18:14 - 2015-11-15 18:19 - 60947145 _____ () C:\Users\Megan\Downloads\Grade 2 Course Set.zip
2015-11-15 18:14 - 2015-11-15 18:18 - 59464491 _____ () C:\Users\Megan\Downloads\Grade 3 Course Set.zip
2015-11-15 18:14 - 2015-11-15 18:18 - 36389021 _____ () C:\Users\Megan\Downloads\Grade K Course Set.zip
2015-11-20 15:11 - 2015-11-20 15:12 - 20850947 _____ () C:\Users\Megan\Downloads\gw4c6lw7or28-AudiR8.rar
2015-09-02 12:49 - 2015-09-02 12:49 - 7067824 _____ () C:\Users\Megan\Downloads\HPPSdr.exe
2015-09-02 12:50 - 2015-09-02 12:50 - 3774136 _____ (Oleg N. Scherbakov) C:\Users\Megan\Downloads\HPSupportSolutionsFramework-12.0.30.81.exe
2015-11-11 20:51 - 2015-11-11 20:51 - 0713195 ____R () C:\Users\Megan\Downloads\Hulk.7z
2015-11-12 20:26 - 2015-11-12 20:27 - 10663846 _____ () C:\Users\Megan\Downloads\hw3kg8jycy-iron man.zip
2015-05-20 18:46 - 2015-05-20 18:46 - 51814249 _____ () C:\Users\Megan\Downloads\Hymns CR.zip
2015-10-09 18:37 - 2015-10-09 19:59 - 257579167 _____ () C:\Users\Megan\Downloads\hymns-vocal-1-95.zip
2015-10-13 05:53 - 2015-10-14 05:18 - 255989826 _____ () C:\Users\Megan\Downloads\hymns-vocal-96-191.zip
2015-11-11 21:30 - 2015-11-11 21:31 - 6790848 _____ () C:\Users\Megan\Downloads\idfrjn1tkdfk-Spider-Man(1).7z
2015-11-11 20:49 - 2015-11-11 20:49 - 6790848 ____R () C:\Users\Megan\Downloads\idfrjn1tkdfk-Spider-Man.7z
2015-11-25 21:36 - 2015-11-25 21:36 - 0840261 _____ () C:\Users\Megan\Downloads\IMG_1812.JPG
2015-03-02 08:40 - 2015-03-02 08:40 - 0120353 _____ () C:\Users\Megan\Downloads\Invitations.jpg
2015-11-11 21:55 - 2015-11-11 21:55 - 8985201 _____ () C:\Users\Megan\Downloads\iolingzvel8g-XNA_Spider-Man_TASM2.7z
2015-11-29 18:15 - 2015-11-29 18:31 - 167839512 _____ (Apple Inc.) C:\Users\Megan\Downloads\iTunes6464Setup.exe
2015-10-06 19:06 - 2015-10-06 19:06 - 6699032 _____ () C:\Users\Megan\Downloads\jing.exe
2015-11-20 15:00 - 2015-11-20 15:00 - 0732727 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!.zip
2015-11-12 20:25 - 2015-11-12 20:25 - 0900609 _____ () C:\Users\Megan\Downloads\ldtz2exalzb4-IronManmark3.7z
2015-08-11 11:19 - 2015-08-11 11:20 - 24761504 _____ () C:\Users\Megan\Downloads\LEGO_Club_Magazine_Red_Brick_July_Augustpdf.pdf
2015-06-21 15:59 - 2015-06-21 16:01 - 78740016 _____ (Lightworks) C:\Users\Megan\Downloads\lightworks_v12.0.2_full_64bit_setup(1).exe
2015-03-22 17:03 - 2015-03-22 17:04 - 78740016 _____ (Lightworks) C:\Users\Megan\Downloads\lightworks_v12.0.2_full_64bit_setup.exe
2015-03-22 17:03 - 2015-03-22 17:03 - 0770335 _____ () C:\Users\Megan\Downloads\Lightworks_v12.0_Quick_Start_Guide.pdf
2015-06-25 18:27 - 2015-06-25 18:27 - 1133583 _____ () C:\Users\Megan\Downloads\Losing-It-A-Christian-Parents-Guide-to-Overcoming-Anger.pdf
2015-06-21 15:21 - 2015-06-21 15:21 - 21546080 _____ (Malwarebytes Corporation                                    ) C:\Users\Megan\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-06-16 11:39 - 2015-06-16 11:39 - 21546080 _____ (Malwarebytes Corporation                                    ) C:\Users\Megan\Downloads\mbam-setup-2.1.6.1022.exe
2015-11-25 17:16 - 2015-11-25 17:16 - 0367775 _____ () C:\Users\Megan\Downloads\minecraft_rigV2.zip
2015-11-25 17:20 - 2015-11-25 17:20 - 0258896 _____ () C:\Users\Megan\Downloads\minecraft_rigV3.zip
2015-11-29 16:36 - 2015-11-29 16:36 - 1692927 _____ () C:\Users\Megan\Downloads\ndxxojlf84xs-ST(1).rar
2015-11-29 16:35 - 2015-11-29 16:35 - 1692927 _____ () C:\Users\Megan\Downloads\ndxxojlf84xs-ST.rar
2015-11-13 12:02 - 2015-11-13 12:02 - 16017912 _____ () C:\Users\Megan\Downloads\OfficeCallCenter.zip
2015-09-11 15:23 - 2015-09-11 15:23 - 0005311 _____ () C:\Users\Megan\Downloads\orient_custom_shape(1).py
2015-08-10 16:10 - 2015-08-10 16:10 - 0005311 _____ () C:\Users\Megan\Downloads\orient_custom_shape.py
2015-09-20 06:15 - 2015-09-20 06:15 - 0014536 _____ () C:\Users\Megan\Downloads\PIP Free Compass.pdf
2015-11-15 20:30 - 2015-11-15 20:30 - 0343668 _____ () C:\Users\Megan\Downloads\Police Car(1).7z
2015-11-12 14:59 - 2015-11-12 14:59 - 0343668 _____ () C:\Users\Megan\Downloads\Police Car.7z
2015-11-20 15:08 - 2015-11-20 15:08 - 0458990 _____ () C:\Users\Megan\Downloads\police_car.7z
2015-11-13 10:59 - 2015-11-13 10:59 - 46804537 _____ () C:\Users\Megan\Downloads\rwgul32eedj4-Optimus.zip
2015-11-10 19:29 - 2015-11-10 19:30 - 15784323 _____ () C:\Users\Megan\Downloads\sbv9148irj-Deadpool.zip
2015-06-21 15:52 - 2015-06-21 15:53 - 2369608 _____ (ScreenRetriever                                             ) C:\Users\Megan\Downloads\ScreenRetriever_Installer-v2.2.52_(1).exe
2015-10-14 05:09 - 2015-10-14 05:09 - 2369608 _____ (ScreenRetriever                                             ) C:\Users\Megan\Downloads\ScreenRetriever_Installer-v2.2.52_(2).exe
2015-03-19 05:12 - 2015-03-19 05:12 - 2369608 _____ (ScreenRetriever                                             ) C:\Users\Megan\Downloads\ScreenRetriever_Installer-v2.2.52_.exe
2015-12-09 14:00 - 2015-12-09 14:00 - 0852771 _____ () C:\Users\Megan\Downloads\SecurityCheck.exe
2015-11-24 10:55 - 2015-11-24 10:55 - 5028296 _____ (Adobe Systems Inc.) C:\Users\Megan\Downloads\Shockwave_Installer_Slim.exe
2015-10-18 06:59 - 2015-10-18 07:00 - 43716224 _____ (Skype Technologies S.A.) C:\Users\Megan\Downloads\SkypeSetupFull.exe
2015-12-01 09:46 - 2015-12-01 09:46 - 5644355 _____ () C:\Users\Megan\Downloads\Sourdough_eBook.pdf
2015-10-25 19:07 - 2015-10-25 19:09 - 15264074 _____ () C:\Users\Megan\Downloads\SteampunkKid.zip
2015-11-13 11:08 - 2015-11-13 11:08 - 2230722 _____ () C:\Users\Megan\Downloads\StickManPACK1.zip
2015-08-23 17:51 - 2015-08-23 17:51 - 1029292 _____ () C:\Users\Megan\Downloads\the-new-covenant-does-it-abolish-gods-law.pdf
2015-02-25 19:20 - 2015-10-19 16:21 - 0174080 ___SH () C:\Users\Megan\Downloads\Thumbs.db
2015-08-17 10:12 - 2015-08-17 10:18 - 326972773 _____ () C:\Users\Megan\Downloads\UHLBmobi.zip
2015-08-14 14:25 - 2015-08-14 14:25 - 1088664 _____ (Unity Technologies ApS) C:\Users\Megan\Downloads\UnityWebPlayer.exe
2015-07-02 11:46 - 2015-07-02 11:46 - 1256417 _____ () C:\Users\Megan\Downloads\UnlimitedMotivation.zip
2015-11-11 20:42 - 2015-11-11 20:42 - 6957359 _____ () C:\Users\Megan\Downloads\v4g9a1y3x2ww-Robin.7z
2015-06-25 18:41 - 2015-06-25 18:42 - 7392009 _____ () C:\Users\Megan\Downloads\Ward_Asher_SuperheroSketchpad(1).pdf
2015-06-25 18:56 - 2015-06-25 18:56 - 7392009 _____ () C:\Users\Megan\Downloads\Ward_Asher_SuperheroSketchpad(2).pdf
2015-06-25 18:59 - 2015-06-25 18:59 - 7391293 _____ () C:\Users\Megan\Downloads\Ward_Asher_SuperheroSketchpad(3).pdf
2015-06-25 19:10 - 2015-06-25 19:10 - 7391293 _____ () C:\Users\Megan\Downloads\Ward_Asher_SuperheroSketchpad(4).pdf
2015-06-25 19:23 - 2015-06-25 19:24 - 6803690 _____ () C:\Users\Megan\Downloads\Ward_Asher_SuperheroSketchpad(5).pdf
2015-06-25 19:28 - 2015-06-25 19:28 - 5333725 _____ () C:\Users\Megan\Downloads\Ward_Asher_SuperheroSketchpad(6).pdf
2015-06-25 19:35 - 2015-06-25 19:36 - 5172597 _____ () C:\Users\Megan\Downloads\Ward_Asher_SuperheroSketchpad(7).pdf
2015-06-25 19:41 - 2015-06-25 19:41 - 5173017 _____ () C:\Users\Megan\Downloads\Ward_Asher_SuperheroSketchpad(8).pdf
2015-06-25 19:43 - 2015-06-25 19:44 - 5173027 _____ () C:\Users\Megan\Downloads\Ward_Asher_SuperheroSketchpad(9).pdf
2015-06-25 18:38 - 2015-06-25 18:38 - 7392009 _____ () C:\Users\Megan\Downloads\Ward_Asher_SuperheroSketchpad.pdf
2015-06-22 18:12 - 2015-06-22 18:12 - 0122833 _____ () C:\Users\Megan\Downloads\WILSON.htm
2015-12-09 09:36 - 2015-12-09 09:37 - 0645729 _____ (WDS Team) C:\Users\Megan\Downloads\windirstat1_1_2_setup.exe
2015-11-20 17:29 - 2015-11-20 17:29 - 2138269 _____ () C:\Users\Megan\Downloads\Word of the Lord - Demonstration.mp3
2015-11-20 17:28 - 2015-11-20 17:29 - 2102824 _____ () C:\Users\Megan\Downloads\Wow It's A Great Day - Demonstration.mp3
2015-11-29 16:36 - 2015-11-29 16:37 - 3697346 _____ () C:\Users\Megan\Downloads\y6uvuz6jlc-Darthmaul.rar
2015-11-11 22:09 - 2015-11-11 22:09 - 0729622 _____ () C:\Users\Megan\Downloads\z8a814f1kv-puniisher.zip
2015-11-12 20:24 - 2015-11-12 20:24 - 1077785 _____ () C:\Users\Megan\Downloads\zfg6s8te7j-IronManMark42.7z
2015-11-20 14:53 - 2015-11-20 14:53 - 3022929 _____ () C:\Users\Megan\Downloads\zm635em2gz-dcu_batman.7z
2015-11-13 10:52 - 2015-11-13 10:52 - 0000000 ____D () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee
2015-11-13 10:52 - 2015-11-13 10:52 - 0000000 ____D () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\__MACOSX
2015-11-13 10:52 - 2015-11-13 10:52 - 0000000 ____D () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\__MACOSX\BumbleBee
2012-05-20 13:44 - 2015-11-13 10:52 - 0000082 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\__MACOSX\BumbleBee\._.DS_Store
2015-11-13 10:52 - 2015-11-13 10:52 - 0000000 ____D () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee
2012-05-20 13:44 - 2015-11-13 10:52 - 0015364 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\.DS_Store
2012-05-20 13:38 - 2015-11-13 10:52 - 0255259 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\1.JPG
2012-05-20 13:39 - 2015-11-13 10:52 - 0213389 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\2.JPG
2012-05-20 13:50 - 2015-11-13 10:52 - 0134624 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\3.JPG
2012-01-26 10:20 - 2015-11-13 10:52 - 4250668 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\RB_Bumblebee_TEXTSET_Color_NormX.png
2012-01-26 10:20 - 2015-11-13 10:52 - 6769384 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\RB_Bumblebee_TEXTSET_Masks_NormY.png
2012-01-26 10:20 - 2015-11-13 10:52 - 0002879 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\RB_BumblebeeEye_MASK.png
2012-01-26 10:34 - 2015-11-13 10:52 - 0481370 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\RB-BumbleBee.lwo
2012-01-26 10:25 - 2015-11-13 10:52 - 0000365 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\RB-BumbleBee.mtl
2012-01-26 10:25 - 2015-11-13 10:52 - 1700151 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\RB-BumbleBee.obj
2012-01-26 10:21 - 2015-11-13 10:52 - 0360216 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\VH_Bumblebee_Clr.png
2012-01-26 10:21 - 2015-11-13 10:52 - 0280644 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\VH_Bumblebee_Norm.png
2012-01-26 10:21 - 2015-11-13 10:52 - 0245160 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\VH_Bumblebee_Norm_Swizle.png
2012-01-26 10:21 - 2015-11-13 10:52 - 0696518 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\VH_Bumblebee_Norm_Var_1024_DXT5.png
2012-01-26 10:21 - 2015-11-13 10:52 - 0815476 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\VH_BumblebeeEngineCasters_TEXTSET_Color_NormX.png
2012-01-26 10:21 - 2015-11-13 10:52 - 1010413 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\VH_BumblebeeEngineCasters_TEXTSET_Masks_NormY.png
2012-01-26 10:21 - 2015-11-13 10:52 - 3189600 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\VH_BumblebeeNew_TEXTSET_Color_NormX.png
2012-01-26 10:21 - 2015-11-13 10:52 - 4146142 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\VH_BumblebeeNew_TEXTSET_Masks_NormY.png
2012-01-26 10:39 - 2015-11-13 10:52 - 0880150 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\VH-BumbleBee.lwo
2012-01-26 10:27 - 2015-11-13 10:52 - 0000806 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\VH-BumbleBee.mtl
2012-01-26 10:27 - 2015-11-13 10:52 - 2874113 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\VH-BumbleBee.obj
2012-01-26 10:23 - 2015-11-13 10:52 - 0399051 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP_Bazooka_CLR.png
2012-01-26 10:23 - 2015-11-13 10:52 - 0443490 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP_Bazooka_MASK.png
2012-01-26 10:23 - 2015-11-13 10:52 - 0288108 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP_Bazooka_NORM.png
2012-01-26 10:39 - 2015-11-13 10:52 - 1461596 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP_BumblebeePlasmaCannon_TEXTSET_Color_NormX.png
2012-01-26 10:23 - 2015-11-13 10:52 - 0390927 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP_BumblebeePlasmaCannon_TEXTSET_Color_NormX_2.png
2012-01-26 10:23 - 2015-11-13 10:52 - 1099535 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP_BumblebeePlasmaCannon_TEXTSET_Masks_NormY.png
2012-01-26 10:23 - 2015-11-13 10:52 - 0078945 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP_BumblebeePlasmaCannon_TEXTSET_Masks_NormY_2.png
2012-01-26 10:39 - 2015-11-13 10:52 - 0059666 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP-BumbleBee Bazooka.lwo
2012-01-26 10:27 - 2015-11-13 10:52 - 0000386 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP-BumbleBee Bazooka.mtl
2012-01-26 10:27 - 2015-11-13 10:52 - 0201855 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP-BumbleBee Bazooka.obj
2012-01-26 10:39 - 2015-11-13 10:52 - 0067296 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP-BumbleBee Plasma Cannon.lwo
2012-01-26 10:27 - 2015-11-13 10:52 - 0000389 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP-BumbleBee Plasma Cannon.mtl
2012-01-26 10:27 - 2015-11-13 10:52 - 0221659 _____ () C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee\BumbleBee\WEP-BumbleBee Plasma Cannon.obj
2015-09-02 12:52 - 2015-09-02 12:55 - 0000000 ____D () C:\Users\Megan\Downloads\HP Downloads
2015-07-20 07:01 - 2015-07-20 07:01 - 169870888 _____ () C:\Users\Megan\Downloads\HP Downloads\HP Officejet Pro 8610 e-All-in-One Printer series Full Feature Software and Drivers - OJ8610_198.exe
2015-11-12 20:27 - 2015-11-12 20:28 - 0000000 ____D () C:\Users\Megan\Downloads\hw3kg8jycy-iron man
2012-10-19 05:43 - 2015-11-12 20:28 - 5956771 _____ () C:\Users\Megan\Downloads\hw3kg8jycy-iron man\iron-man-v1_&_v2_(+war_machine).3ds
2012-10-19 06:30 - 2015-11-12 20:28 - 0008375 _____ () C:\Users\Megan\Downloads\hw3kg8jycy-iron man\iron-man-v1_&_v2_(+war_machine).mtl
2012-10-19 06:30 - 2015-11-12 20:28 - 13190778 _____ () C:\Users\Megan\Downloads\hw3kg8jycy-iron man\iron-man-v1_&_v2_(+war_machine).obj
2012-10-19 06:21 - 2015-11-12 20:28 - 3140644 _____ () C:\Users\Megan\Downloads\hw3kg8jycy-iron man\war_machine-v2.3ds
2012-10-19 06:22 - 2015-11-12 20:28 - 0000468 _____ () C:\Users\Megan\Downloads\hw3kg8jycy-iron man\war_machine-v2.mtl
2012-10-19 06:22 - 2015-11-12 20:28 - 17283819 _____ () C:\Users\Megan\Downloads\hw3kg8jycy-iron man\war_machine-v2.obj
2015-11-20 15:01 - 2015-11-20 15:01 - 0000000 ____D () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!
2015-11-20 15:01 - 2015-11-20 15:01 - 0000000 ____D () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack
2013-07-29 19:58 - 2015-11-20 15:01 - 0000025 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\DO NOT POST IN THE INTERNET AND CLAIM ITS YOURS.txt
2013-07-29 20:12 - 2015-11-20 15:01 - 0000020 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Remember To Like This Model And Comment Down Below.txt
2015-11-20 15:01 - 2015-11-20 15:01 - 0000000 ____D () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Bassic Animations
2013-07-29 20:05 - 2015-11-20 15:01 - 0475184 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Bassic Animations\Steve Salute(For Blender Only).blend
2015-11-20 15:01 - 2015-11-20 15:01 - 0000000 ____D () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\For Unity 3D
2013-07-29 20:06 - 2015-11-20 15:01 - 0000020 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\For Unity 3D\IN THE NEXT UPDATE.txt
2015-11-20 15:01 - 2015-11-20 15:01 - 0000000 ____D () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model
2015-11-20 15:01 - 2015-11-20 15:01 - 0000000 ____D () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Blury Steve
2012-12-17 15:05 - 2015-11-20 15:01 - 0001360 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Blury Steve\steve(Original).png
2013-07-29 20:13 - 2015-11-20 15:01 - 0000291 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Blury Steve\Steve.mtl
2013-07-29 20:13 - 2015-11-20 15:01 - 0005793 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Blury Steve\Steve.obj
2015-11-20 15:01 - 2015-11-20 15:01 - 0000000 ____D () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Intstructions
2013-07-29 20:27 - 2015-11-20 15:01 - 0000799 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Intstructions\Click On Me.txt
2015-11-20 15:01 - 2015-11-20 15:01 - 0000000 ____D () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Santa Demo
2013-07-29 20:09 - 2015-11-20 15:01 - 0018843 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Santa Demo\Santa.png
2013-07-29 20:16 - 2015-11-20 15:01 - 0000281 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Santa Demo\Steve.mtl
2013-07-29 20:16 - 2015-11-20 15:01 - 0005793 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Santa Demo\Steve.obj
2015-11-20 15:01 - 2015-11-20 15:01 - 0000000 ____D () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Save
2013-07-29 20:27 - 2015-11-20 15:01 - 0451144 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Save\Santa Already Done For You.blend
2013-07-29 20:33 - 2015-11-20 15:01 - 0471588 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Save\Steve Already Rigged For You.blend
2015-11-20 15:01 - 2015-11-20 15:01 - 0000000 ____D () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Steve
2013-07-29 19:29 - 2015-11-20 15:01 - 0012485 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Steve\Copy of steve(Original).png
2013-07-29 20:14 - 2015-11-20 15:01 - 0000299 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Steve\Steve.mtl
2013-07-29 20:14 - 2015-11-20 15:01 - 0005793 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Model\Steve\Steve.obj
2015-11-20 15:01 - 2015-11-20 15:01 - 0000000 ____D () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Snapshots
2013-07-29 19:50 - 2015-11-20 15:01 - 0381106 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Snapshots\Snap1.png
2013-07-29 20:07 - 2015-11-20 15:01 - 0039384 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Snapshots\Snap2.png
2013-07-29 20:08 - 2015-11-20 15:01 - 0015906 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Snapshots\Snap3.png
2013-07-29 20:10 - 2015-11-20 15:01 - 0016400 _____ () C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!\Minecraft Character Pack\Snapshots\Snap4.png

====== End of Folder: ======

wfpcapture => service removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AD35E7A-6089-4CC7-A3DB-1D5636FCCC93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AD35E7A-6089-4CC7-A3DB-1D5636FCCC93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BCDE60D-D398-4690-A911-FC9E769FAAA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BCDE60D-D398-4690-A911-FC9E769FAAA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5FB146CA-DD70-4B61-BFFD-A5EC9CB1A935}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FB146CA-DD70-4B61-BFFD-A5EC9CB1A935}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62ADA48C-3ED2-4B8F-83FA-D9167C5662AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62ADA48C-3ED2-4B8F-83FA-D9167C5662AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66AD7EC5-7AD9-42BF-BFE6-4540945A7DBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66AD7EC5-7AD9-42BF-BFE6-4540945A7DBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F78AFB9-E282-4CA9-88BB-56C5E85CD88A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F78AFB9-E282-4CA9-88BB-56C5E85CD88A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{827B8DA4-F71C-49CA-B5A9-299CE0BB444E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{827B8DA4-F71C-49CA-B5A9-299CE0BB444E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D5A9ACC-8E18-452F-8545-05FFD5C77CC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D5A9ACC-8E18-452F-8545-05FFD5C77CC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0A07F24-323A-46BE-8BE0-2CA2B11AD9D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0A07F24-323A-46BE-8BE0-2CA2B11AD9D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7B1532A-01F5-4542-96BF-991730A14415}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7B1532A-01F5-4542-96BF-991730A14415}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8BC660B-3DB9-4EC1-8660-AB1831456ECB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8BC660B-3DB9-4EC1-8660-AB1831456ECB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
C:\f4f10080d151d362852ff669b9 => moved successfully
C:\d7c62b445da2a01fdcb9762287eea8b2 => moved successfully
C:\b94fc1025f35504412ba => moved successfully
C:\af5684b22e34dcd3c6f749464a27d7da => moved successfully
C:\9bedadc8bb3abffbcff5bb59 => moved successfully
C:\995557e22a5fae54e66c => moved successfully
C:\88152c4fd4cef59307 => moved successfully
C:\6a033aaca0f8082e489939 => moved successfully
C:\6329fdbbccc8036efb0f7be6 => moved successfully
C:\2538a98802e049277849b4ee35aa => moved successfully
EmptyTemp: => 440.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:03:07 ====



#6 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:37 PM

Posted 09 December 2015 - 03:55 PM

Hello kugoi,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 kugoi

kugoi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 10 December 2015 - 09:28 AM

Malware bytes anti-rootkit, found 6 things. I could not find a mbar-log, but there's a system-log file, so that's what I'm posting here.

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.0.10240.16431

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.794000 GHz
Memory total: 4208230400, free: 2074337280

=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     12/10/2015 09:02:49
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\drivers\DDCDrv.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\avgwfpa.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\System32\drivers\Rt630x64.sys
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\RtkBtfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\drivers\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001ba372590, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001ba368040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001ba372590, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001b8ea7580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe001b8eb6d80, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe001b8ebb060, DeviceName: \Device\00000034\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C6B334E1

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3844599600
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid fc4166f5-d91-4788-b726-12f619f1ffa1
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3844599600
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid fc4166f5-d91-4788-b726-12f619f1ffa1
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID c31cb2c2-3b70-41d3-99d8-be13c56db7
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                                     

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 468a720c-7fa0-4a63-9f5d-2d1b8ef193c7
    FirstLBA 2050048  Last LBA 2582527
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 9373cf7-8054-4055-bf13-a987f3883fb8
    FirstLBA 2582528  Last LBA 3606527
    Attributes 1
    Partition Name                                     

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 5c5ec789-871d-4937-ae1e-daba94d488c
    FirstLBA 3606528  Last LBA 3868671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 586510d4-2f3f-42a0-bc73-35cf9d81fa65
    FirstLBA 3868672  Last LBA 1902323711
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID fe97ba6a-43f2-4d14-a9f6-5856b5d259e8
    FirstLBA 1902323712  Last LBA 1953523711
    Attributes 1
    Partition Name                                     

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe001d0518610, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001ce5c4580, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001d0518610, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001cf4c9500, DeviceName: \Device\00000085\, DriverName: \Driver\UASPStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1A97F5FB

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953523119
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204885504 bytes
Sector size: 512 bytes

Done!
File "c:\programdata\avg2015\chjw\665a391c5a38eb07.dat:a929d832-a2ef-4303-9d69-7a19c8c16b34" is sparse (flags = 32768)
File "C:\Users\Megan\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2015\log\avgcore.log.1" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]
Scan finished
 

 

Running adwcleaner now



#8 kugoi

kugoi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 10 December 2015 - 09:33 AM

adwcleaner file. I would like to keep the avg secure search, but it's not working and needs to be reinstalled anyways.
 Otherwise, I don't recognize anything

 

# AdwCleaner v5.024 - Logfile created 10/12/2015 at 09:25:15
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Megan - NEWCOMPUTER
# Running from : C:\Users\Megan\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : vToolbarUpdater40.2.1

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Amazon\ABB
Folder Found : C:\Program Files (x86)\LenovoBrowserGuard
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\pokki
Folder Found : C:\Users\Administrator\AppData\Local\LenovoBrowserGuard
Folder Found : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\Extensions\Avg@toolbar
Folder Found : C:\Users\Austin2\AppData\Local\pokki
Folder Found : C:\Users\Kids\AppData\Local\LenovoBrowserGuard
Folder Found : C:\Users\Kids\AppData\Local\pokki
Folder Found : C:\Users\Megan\AppData\Local\LenovoBrowserGuard
Folder Found : C:\Users\Sky\AppData\Local\pokki

***** [ Files ] *****

File Found : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\searchplugins\avg-secure-search.xml

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Classes\pokki
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Jing]
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\SweetLabs App Platform
Key Found : HKLM\SOFTWARE\LenovoBrowserGuard
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

***** [ Web browsers ] *****

[C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Found : user_pref("avg.wtu.ext.Revert_DSP", "Ask Web Search");
[C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Found : user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{2f98481d-16b4-4318-a781-b8c9ebe98ff0}\",\"mid\":\"c4c37a36aee447ccaed76159075573d3-[...]
[C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Found : user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"hxxps://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"hxxp://www.google.com\"},{\"name\":\"Yahoo\",\"value[...]
[C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename.US", "AVG Secure Search");
[C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "Ask Web Search");
[C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gcMembers_.lastActivePing", "1436783695068");
[C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._gcMembers_.toolbar.ownSearch", true);
[C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "weatherblink@mindspark.com");

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6643 bytes] ##########
 



#9 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:37 PM

Posted 10 December 2015 - 09:47 AM

Hello kugoi,

you can keep avg search.

---

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.


    ***


    Double click on AdwCleaner.exe to run the tool again.
    Vista / Windows 7/8 users right-click and select
Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 kugoi

kugoi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 10 December 2015 - 10:51 AM

mbar log

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16431
Megan :: NEWCOMPUTER [administrator]

12/10/2015 9:54:13 AM
mbar-log-2015-12-10 (09-54-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 635298
Time elapsed: 20 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [90ad73ca1369a98dc10c9f555aa9758b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [24191b2294e861d59c4a00f4ed167a86]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [9da0e9547dffe05612f4af48937016ea]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [9ba205385527ff378d40e70d59aaae52]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [af8e91acfb81280e875fd420e41fc53b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [3706a5986913b18534d225d2ca39eb15]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

adwcleaner

# AdwCleaner v5.024 - Logfile created 10/12/2015 at 10:35:11
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Local]
# Operating system : Windows 10 Home  (x64)
# Username : Megan - NEWCOMPUTER
# Running from : C:\Users\Megan\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.2.1

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Amazon\ABB
[-] Folder Deleted : C:\Program Files (x86)\LenovoBrowserGuard
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\pokki
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\LenovoBrowserGuard
[-] Folder Deleted : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\Extensions\Avg@toolbar
[-] Folder Deleted : C:\Users\Austin2\AppData\Local\pokki
[-] Folder Deleted : C:\Users\Kids\AppData\Local\LenovoBrowserGuard
[-] Folder Deleted : C:\Users\Kids\AppData\Local\pokki
[-] Folder Deleted : C:\Users\Megan\AppData\Local\LenovoBrowserGuard
[-] Folder Deleted : C:\Users\Sky\AppData\Local\pokki

***** [ Files ] *****

[-] File Deleted : C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\searchplugins\avg-secure-search.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Jing]
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKLM\SOFTWARE\LenovoBrowserGuard
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

***** [ Web browsers ] *****

[-] [C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Deleted : user_pref("avg.wtu.ext.Revert_DSP", "Ask Web Search");
[-] [C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Deleted : user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{2f98481d-16b4-4318-a781-b8c9ebe98ff0}\",\"mid\":\"c4c37a36aee447ccaed76159075573d3-[...]
[-] [C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Deleted : user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"hxxps://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"hxxp://www.google.com\"},{\"name\":\"Yahoo\",\"value[...]
[-] [C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[-] [C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename.US", "AVG Secure Search");
[-] [C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Ask Web Search");
[-] [C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.lastActivePing", "1436783695068");
[-] [C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.toolbar.ownSearch", true);
[-] [C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\w1hxltn7.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "weatherblink@mindspark.com");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7094 bytes] ##########
 

 

jrt.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by Megan (Administrator) on Thu 12/10/2015 at 10:41:43.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\Megan\Start Menu\Programs\pc app store.lnk (Shortcut)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/10/2015 at 10:44:33.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Megan (administrator) on NEWCOMPUTER (10-12-2015 10:46:07)
Running from C:\Users\Megan\Downloads
Loaded Profiles: Megan (Available Profiles: Megan & Austin & Kids & Austin2 & Sky & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
() C:\Program Files (x86)\ScreenRetriever\csrsrvs.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Lenovo Motion\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Lenovo Motion\PG_Service_Launcher.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\ScreenRetriever\SRsrvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Lenovo Motion\WebcamSplitterServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ScreenRetriever) C:\Program Files (x86)\ScreenRetriever\realtime\winSR.exe
(ScreenRetriever) C:\Program Files (x86)\ScreenRetriever\realtime\winSR.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2014-04-25] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168920 2014-04-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1753432 2012-09-18] (Lenovo)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\RunLEDS.exe [1752920 2012-09-18] (Lenovo)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50143872 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\...\RunOnce: [Uninstall C:\Users\Megan\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Megan\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\...\MountPoints2: {7eb6a1ee-d04b-11e4-8261-b01041b19a20} - "E:\iStudio.exe"
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [150528 2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Motion.lnk [2014-08-05]
ShortcutTarget: Lenovo Motion.lnk -> C:\Program Files (x86)\Lenovo\Lenovo Motion\PG_Tray.exe (PointGrab LTD)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{9e7493f7-cf47-4f16-bb4c-6330162b9444}: [DhcpNameServer] 192.168.0.1 205.171.2.226

Internet Explorer:
==================
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-3405048555-2605891794-1985660793-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com

FireFox:
========
FF ProfilePath: C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\sod2ee6g.default-1449493328580
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3405048555-2605891794-1985660793-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Megan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 csrsrvs; C:\Program Files (x86)\ScreenRetriever\csrsrvs.exe [70544 2011-05-13] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [532224 2014-04-22] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Lenovo Motion\PGService.exe [142600 2014-03-06] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Lenovo Motion\PG_Service_Launcher.exe [488200 2014-03-06] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SRsrvr; C:\Program Files (x86)\ScreenRetriever\SRsrvr.exe [69056 2012-10-31] ()
R2 SRvnc_service; C:\Program Files (x86)\ScreenRetriever\realtime\winSR.exe [1247120 2011-05-13] (ScreenRetriever)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4378024 2015-11-23] (AVG Technologies CZ, s.r.o.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-03] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9112792 2014-05-02] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-06-23] (Realtek Semiconductor Corporation                           )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-11-23] (TuneUp Software)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S0 rjaty; System32\drivers\imofugc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 10:44 - 2015-12-10 10:44 - 00000642 _____ C:\Users\Megan\Desktop\JRT.txt
2015-12-10 10:39 - 2015-12-10 10:39 - 00016148 _____ C:\WINDOWS\system32\NEWCOMPUTER_Megan_HistoryPrediction.bin
2015-12-10 10:29 - 2015-12-10 10:29 - 00001130 _____ C:\avenger.txt
2015-12-10 10:29 - 2015-12-10 10:29 - 00000000 ____D C:\Avenger
2015-12-10 10:16 - 2015-12-10 10:16 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2015-12-10 09:55 - 2015-12-10 10:41 - 01599336 _____ (Malwarebytes) C:\Users\Megan\Downloads\JRT.exe
2015-12-10 09:25 - 2015-12-10 10:35 - 00000000 ____D C:\AdwCleaner
2015-12-10 09:02 - 2015-12-10 10:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-10 09:02 - 2015-12-10 10:19 - 00000000 ____D C:\Users\Megan\Desktop\mbar
2015-12-09 16:16 - 2015-12-10 09:24 - 01738240 _____ C:\Users\Megan\Downloads\AdwCleaner.exe
2015-12-09 16:07 - 2015-12-09 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-12-09 16:03 - 2015-12-10 09:02 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Megan\Downloads\mbar-1.09.3.1001.exe
2015-12-09 14:57 - 2015-12-09 15:03 - 00035760 ____N C:\Users\Megan\Downloads\Fixlog.txt
2015-12-09 14:00 - 2015-12-09 14:00 - 00852771 ____N C:\Users\Megan\Downloads\SecurityCheck.exe
2015-12-09 11:02 - 2015-12-09 11:13 - 00047660 ____N C:\Users\Megan\Downloads\Addition.txt
2015-12-09 10:53 - 2015-12-10 10:46 - 00019124 _____ C:\Users\Megan\Downloads\FRST.txt
2015-12-09 10:52 - 2015-12-10 10:46 - 00000000 ____D C:\FRST
2015-12-09 10:51 - 2015-12-09 10:52 - 02369024 ____N (Farbar) C:\Users\Megan\Downloads\FRST64.exe
2015-12-09 10:35 - 2015-12-09 16:07 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2015-12-09 10:32 - 2015-12-09 10:33 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\Megan\Downloads\cbSetup.exe
2015-12-09 09:37 - 2015-12-09 09:37 - 00001115 _____ C:\Users\Megan\Desktop\WinDirStat.lnk
2015-12-09 09:37 - 2015-12-09 09:37 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-12-09 09:37 - 2015-12-09 09:37 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2015-12-09 09:36 - 2015-12-09 09:37 - 00645729 ____N (WDS Team) C:\Users\Megan\Downloads\windirstat1_1_2_setup.exe
2015-12-09 09:14 - 2015-12-09 09:14 - 00002862 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-12-09 09:14 - 2015-12-09 09:14 - 00000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-09 09:14 - 2015-12-09 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-09 09:14 - 2015-12-09 09:14 - 00000000 ____D C:\Program Files\CCleaner
2015-12-09 09:13 - 2015-12-09 09:13 - 06801752 ____N (Piriform Ltd) C:\Users\Megan\Downloads\ccsetup512.exe
2015-12-09 08:41 - 2015-11-23 16:41 - 00046504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2015-12-09 08:41 - 2015-11-23 16:37 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll
2015-12-09 08:41 - 2015-11-23 16:37 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll
2015-12-09 08:40 - 2015-12-09 08:40 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2015-12-09 08:40 - 2015-12-09 08:40 - 00002211 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2015-12-09 08:40 - 2015-12-09 08:40 - 00000000 ____D C:\Users\Megan\AppData\Roaming\AVG
2015-12-09 08:36 - 2015-12-09 08:37 - 05640425 ____N (Swearware) C:\Users\Megan\Downloads\ComboFix.exe
2015-12-09 08:34 - 2015-12-09 08:37 - 02924112 ____N (AVG Technologies CZ, s.r.o.) C:\Users\Megan\Downloads\AVG_PCTuneUp_1293.exe
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\WINDOWS\My Product Name
2015-12-09 08:32 - 2015-12-09 08:32 - 00000000 _____ C:\Users\Megan\Desktop\OpenOffice 4.1.2 (en-US) Installation Files
2015-12-09 08:19 - 2015-12-09 08:19 - 00016148 _____ C:\WINDOWS\system32\NEWCOMPUTER_Austin_HistoryPrediction.bin
2015-12-07 08:02 - 2015-12-07 08:02 - 00000000 ____D C:\Users\Megan\Desktop\Old Firefox Data
2015-12-03 18:39 - 2015-12-03 19:23 - 00000000 ____D C:\Users\Megan\Desktop\christmas
2015-12-03 18:17 - 2015-12-03 18:17 - 00016148 _____ C:\WINDOWS\system32\NEWCOMPUTER_Sky_HistoryPrediction.bin
2015-12-03 16:59 - 2015-12-03 16:59 - 00000000 ____D C:\Users\Sky\AppData\Roaming\OpenOffice
2015-12-03 16:06 - 2015-12-03 16:06 - 00002385 _____ C:\Users\Sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-03 16:06 - 2015-12-03 16:06 - 00000000 ___RD C:\Users\Sky\OneDrive
2015-12-03 16:03 - 2015-12-03 16:03 - 00000000 ____D C:\Users\Sky\AppData\Roaming\Apple Computer
2015-12-03 16:03 - 2015-12-03 16:03 - 00000000 ____D C:\Users\Sky\AppData\Local\AVG Web TuneUp
2015-12-03 16:02 - 2015-12-03 16:02 - 00000000 ____D C:\Users\Sky\AppData\Local\Publishers
2015-12-03 16:01 - 2015-12-03 16:03 - 00000000 ____D C:\Users\Sky\AppData\Local\Comms
2015-12-03 16:00 - 2015-12-03 16:00 - 00000020 ___SH C:\Users\Sky\ntuser.ini
2015-12-03 16:00 - 2015-12-03 16:00 - 00000000 ____D C:\Users\Sky\AppData\Local\TileDataLayer
2015-12-01 17:31 - 2015-12-01 17:31 - 00000000 ____D C:\Users\Austin\AppData\Roaming\Apple Computer
2015-12-01 09:46 - 2015-12-01 09:46 - 05644355 ____N C:\Users\Megan\Downloads\Sourdough_eBook.pdf
2015-11-30 11:34 - 2015-11-30 11:34 - 00016148 _____ C:\WINDOWS\system32\NEWCOMPUTER_Kids_HistoryPrediction.bin
2015-11-29 18:44 - 2015-11-29 19:08 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Apple Computer
2015-11-29 18:44 - 2015-11-29 18:44 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-29 18:44 - 2015-11-29 18:44 - 00000000 ____D C:\Users\Megan\AppData\Local\Apple Computer
2015-11-29 18:44 - 2015-11-29 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-29 18:43 - 2015-11-29 18:44 - 00000000 ____D C:\Program Files\iTunes
2015-11-29 18:43 - 2015-11-29 18:43 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-29 18:43 - 2015-11-29 18:43 - 00000000 ____D C:\Program Files\iPod
2015-11-29 18:43 - 2015-11-29 18:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-29 18:42 - 2015-11-29 18:42 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-29 18:42 - 2015-11-29 18:42 - 00000000 ____D C:\Users\Megan\AppData\Local\Apple
2015-11-29 18:42 - 2015-11-29 18:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-29 18:39 - 2015-11-29 18:39 - 00000000 ____D C:\Program Files\Bonjour
2015-11-29 18:39 - 2015-11-29 18:39 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-11-29 18:38 - 2015-11-29 18:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-29 18:36 - 2015-11-29 18:42 - 00000000 ____D C:\ProgramData\Apple
2015-11-29 18:15 - 2015-11-29 18:31 - 167839512 ____N (Apple Inc.) C:\Users\Megan\Downloads\iTunes6464Setup.exe
2015-11-29 17:17 - 2015-11-29 17:17 - 00190646 ____N C:\Users\Megan\Downloads\3e086m2cu4-Anakin_Skywalker_v2.7z
2015-11-29 16:36 - 2015-11-29 16:37 - 03697346 ____N C:\Users\Megan\Downloads\y6uvuz6jlc-Darthmaul.rar
2015-11-29 16:36 - 2015-11-29 16:36 - 01692927 ____N C:\Users\Megan\Downloads\ndxxojlf84xs-ST(1).rar
2015-11-29 16:35 - 2015-11-29 16:35 - 01692927 ____N C:\Users\Megan\Downloads\ndxxojlf84xs-ST.rar
2015-11-29 16:34 - 2015-11-29 16:34 - 00221082 ____N C:\Users\Megan\Downloads\an0zmnpie7-Anakin_Skywalker.7z
2015-11-25 17:20 - 2015-11-25 17:20 - 00258896 ____N C:\Users\Megan\Downloads\minecraft_rigV3.zip
2015-11-25 17:16 - 2015-11-25 17:16 - 00367775 ____N C:\Users\Megan\Downloads\minecraft_rigV2.zip
2015-11-24 10:58 - 2015-11-24 10:58 - 00000000 ____D C:\Users\Megan\AppData\LocalLow\Macromedia
2015-11-24 10:56 - 2015-11-24 10:56 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-11-24 10:55 - 2015-11-24 10:55 - 05028296 ____N (Adobe Systems Inc.) C:\Users\Megan\Downloads\Shockwave_Installer_Slim.exe
2015-11-23 05:51 - 2015-11-23 05:51 - 00138349 ____N C:\Users\Megan\Downloads\AUSTIN_L_WARD_III_and_MEGAN_R_WARD_2014_Tax_Return.pdf
2015-11-22 11:59 - 2015-11-22 12:00 - 00296490 ____N C:\Users\Megan\Downloads\EO_ingestion_webinar.pdf
2015-11-20 15:11 - 2015-11-20 15:12 - 20850947 ____N C:\Users\Megan\Downloads\gw4c6lw7or28-AudiR8.rar
2015-11-20 15:08 - 2015-11-20 15:08 - 00458990 ____N C:\Users\Megan\Downloads\police_car.7z
2015-11-20 15:01 - 2015-11-20 15:01 - 00000000 ____D C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!
2015-11-20 15:00 - 2015-11-20 15:00 - 00732727 ____N C:\Users\Megan\Downloads\l53m8coci9-MINECRAFT 2013!!!!.zip
2015-11-20 14:53 - 2015-11-20 14:53 - 03022929 ____N C:\Users\Megan\Downloads\zm635em2gz-dcu_batman.7z
2015-11-20 14:48 - 2015-11-20 14:48 - 00471266 ____N C:\Users\Megan\Downloads\2yyzamcu92-katana.rar
2015-11-17 19:09 - 2015-11-17 19:09 - 00000000 ____D C:\Users\Public\Documents\sun
2015-11-17 17:44 - 2015-11-17 17:44 - 00244666 ____N C:\Users\Megan\Downloads\ddeh6ae6kr28-Minecraft-Rig.zip
2015-11-17 13:31 - 2015-11-17 13:31 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-11-15 20:30 - 2015-11-15 20:30 - 00343668 ____N C:\Users\Megan\Downloads\Police Car(1).7z
2015-11-15 18:14 - 2015-11-15 18:19 - 60947145 ____N C:\Users\Megan\Downloads\Grade 2 Course Set.zip
2015-11-15 18:14 - 2015-11-15 18:18 - 59464491 ____N C:\Users\Megan\Downloads\Grade 3 Course Set.zip
2015-11-15 18:14 - 2015-11-15 18:18 - 36389021 ____N C:\Users\Megan\Downloads\Grade K Course Set.zip
2015-11-15 18:14 - 2015-11-15 18:17 - 29726918 ____N C:\Users\Megan\Downloads\Grade 1 Course Set.zip
2015-11-13 13:00 - 2015-11-13 13:01 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2015-11-13 13:00 - 2015-11-13 13:00 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2015-11-13 12:34 - 2015-11-13 12:58 - 140783556 ____N C:\Users\Megan\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-US.exe
2015-11-13 12:02 - 2015-11-13 12:02 - 16017912 ____N C:\Users\Megan\Downloads\OfficeCallCenter.zip
2015-11-13 11:08 - 2015-11-13 11:08 - 02230722 ____N C:\Users\Megan\Downloads\StickManPACK1.zip
2015-11-13 11:06 - 2015-11-13 11:06 - 01039879 ____N C:\Users\Megan\Downloads\Classic_Mic.zip
2015-11-13 10:59 - 2015-11-13 10:59 - 46804537 ____N C:\Users\Megan\Downloads\rwgul32eedj4-Optimus.zip
2015-11-13 10:52 - 2015-11-13 10:52 - 00000000 ____D C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee
2015-11-13 10:51 - 2015-11-13 10:51 - 28733790 ____N C:\Users\Megan\Downloads\dongu8n0am0w-BumbleBee.zip
2015-11-13 10:18 - 2015-11-13 10:19 - 21460131 _____ C:\Users\Austin\Downloads\sdrm3yuq5v-BATMAN - The Dark Night(1).rar
2015-11-13 08:23 - 2015-11-13 08:23 - 10564393 _____ C:\Users\Austin\Downloads\wpiz9zpo5i-GreenLantern.7z
2015-11-13 08:22 - 2015-11-13 08:22 - 07507650 _____ C:\Users\Austin\Downloads\updbcq7zzv9c-GreenArrowA.7z
2015-11-13 08:18 - 2015-11-13 08:18 - 21460131 _____ C:\Users\Austin\Downloads\sdrm3yuq5v-BATMAN - The Dark Night.rar
2015-11-12 20:27 - 2015-11-12 20:28 - 00000000 ____D C:\Users\Megan\Downloads\hw3kg8jycy-iron man
2015-11-12 20:26 - 2015-11-12 20:27 - 10663846 ____N C:\Users\Megan\Downloads\hw3kg8jycy-iron man.zip
2015-11-12 20:25 - 2015-11-12 20:25 - 00900609 ____N C:\Users\Megan\Downloads\ldtz2exalzb4-IronManmark3.7z
2015-11-12 20:24 - 2015-11-12 20:24 - 01077785 ____N C:\Users\Megan\Downloads\zfg6s8te7j-IronManMark42.7z
2015-11-12 14:59 - 2015-11-12 14:59 - 00343668 ____N C:\Users\Megan\Downloads\Police Car.7z
2015-11-12 14:29 - 2015-11-12 14:29 - 06790848 _____ C:\Users\Austin\Downloads\idfrjn1tkdfk-Spider-Man.7z
2015-11-11 22:09 - 2015-11-11 22:09 - 00729622 ____N C:\Users\Megan\Downloads\z8a814f1kv-puniisher.zip
2015-11-11 22:01 - 2015-11-11 22:01 - 07680089 ____N C:\Users\Megan\Downloads\au3wrq86hj-Thor.rar
2015-11-11 21:55 - 2015-11-11 21:55 - 08985201 ____N C:\Users\Megan\Downloads\iolingzvel8g-XNA_Spider-Man_TASM2.7z
2015-11-11 21:34 - 2015-11-11 21:35 - 33464652 ____N C:\Users\Megan\Downloads\1s7cdm3og2-Wolverine.zip
2015-11-11 21:30 - 2015-11-11 21:31 - 06790848 ____N C:\Users\Megan\Downloads\idfrjn1tkdfk-Spider-Man(1).7z
2015-11-11 20:51 - 2015-11-11 20:51 - 00713195 ____R C:\Users\Megan\Downloads\Hulk.7z
2015-11-11 20:49 - 2015-11-11 20:49 - 06790848 ____R C:\Users\Megan\Downloads\idfrjn1tkdfk-Spider-Man.7z
2015-11-11 20:42 - 2015-11-11 20:42 - 06957359 ____N C:\Users\Megan\Downloads\v4g9a1y3x2ww-Robin.7z
2015-11-11 08:30 - 2015-11-11 08:30 - 00000000 ___RD C:\Users\Austin\3D Objects
2015-11-10 19:32 - 2015-11-10 19:32 - 00000000 ___RD C:\Users\Megan\3D Objects
2015-11-10 19:29 - 2015-11-10 19:30 - 15784323 ____N C:\Users\Megan\Downloads\sbv9148irj-Deadpool.zip
2015-11-10 12:56 - 2015-11-10 12:56 - 00000740 _____ C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blender.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 10:47 - 2015-10-07 12:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-10 10:39 - 2015-10-22 11:21 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-10 10:39 - 2015-07-30 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-10 10:39 - 2015-02-25 23:21 - 00000000 __SHD C:\Users\Megan\IntelGraphicsProfiles
2015-12-10 10:38 - 2015-07-10 04:47 - 00000000 ____D C:\Windows
2015-12-10 10:38 - 2015-07-10 04:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-12-10 10:38 - 2015-06-21 15:56 - 00013916 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2015-12-10 10:38 - 2015-06-21 15:54 - 00000000 __SHD C:\Program Files (x86)\ScreenRetriever
2015-12-10 10:37 - 2015-07-30 17:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-10 10:35 - 2015-06-21 15:11 - 00000000 ____D C:\ProgramData\MFAData
2015-12-10 10:35 - 2014-08-05 14:01 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-12-10 10:32 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-10 10:19 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\Help
2015-12-10 10:17 - 2015-06-21 15:10 - 00000000 ____D C:\ProgramData\Avg
2015-12-10 09:54 - 2015-06-21 15:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-10 09:53 - 2015-06-21 15:21 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-09 15:41 - 2015-07-30 17:40 - 00000000 ____D C:\WINDOWS\INF
2015-12-09 15:15 - 2015-07-30 17:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 15:05 - 2015-07-30 16:49 - 00240432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-09 15:03 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Megan
2015-12-09 14:58 - 2015-10-13 06:52 - 00000000 ____D C:\Users\Megan\AppData\LocalLow\Temp
2015-12-09 10:36 - 2015-10-22 11:38 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-09 09:17 - 2015-10-27 18:03 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-09 09:17 - 2015-10-22 15:17 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-09 08:40 - 2015-06-21 15:10 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-09 08:40 - 2015-06-21 15:09 - 00000000 ____D C:\Users\Megan\AppData\Local\AvgSetupLog
2015-12-09 08:40 - 2015-06-21 15:09 - 00000000 ____D C:\Users\Megan\AppData\Local\Avg
2015-12-09 08:32 - 2014-08-05 14:00 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-12-09 08:28 - 2015-06-21 14:59 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Nitro PDF
2015-12-09 08:22 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Kids
2015-12-09 08:22 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Austin2
2015-12-09 08:22 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Administrator
2015-12-09 08:19 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Austin
2015-12-09 08:18 - 2015-03-03 02:33 - 00000000 __SHD C:\Users\Austin\IntelGraphicsProfiles
2015-12-08 20:14 - 2015-06-21 13:09 - 00000000 ____D C:\Users\Austin\AppData\Local\SweetLabs App Platform
2015-12-07 16:48 - 2015-08-06 14:29 - 00000000 ____D C:\tmp
2015-12-07 16:01 - 2015-09-25 16:18 - 00003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMegan
2015-12-07 16:01 - 2015-09-25 16:18 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMegan.job
2015-12-07 09:07 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-07 08:03 - 2015-10-27 18:07 - 00000000 ____D C:\Users\Megan\Desktop\Asher
2015-12-07 08:00 - 2015-06-21 15:56 - 00000000 ____D C:\ProgramData\ScreenRetriever
2015-12-06 12:18 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\TAPI
2015-12-06 12:17 - 2015-02-25 23:25 - 00000000 __RDO C:\Users\Megan\OneDrive
2015-12-06 11:45 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-06 11:40 - 2015-06-21 15:22 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-06 11:40 - 2015-06-21 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-06 11:40 - 2015-06-21 15:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-06 11:38 - 2015-10-18 07:01 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Skype
2015-12-06 08:41 - 2015-10-18 07:01 - 00000000 ____D C:\ProgramData\Skype
2015-12-04 15:26 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-04 05:33 - 2015-02-25 23:21 - 00000000 ____D C:\Users\Megan\AppData\Local\Packages
2015-12-03 21:25 - 2015-10-29 03:25 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2015-12-03 21:25 - 2015-10-29 03:25 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-12-03 18:39 - 2015-07-01 09:54 - 00000000 ____D C:\Users\Megan\Desktop\gay marriage
2015-12-03 18:36 - 2015-07-27 07:36 - 00000000 ____D C:\Users\Austin\Desktop\ADMINS
2015-12-03 18:22 - 2015-03-03 02:33 - 00000000 ____D C:\Users\Austin\AppData\Local\Packages
2015-12-03 16:50 - 2015-03-05 13:07 - 00000000 ____D C:\Users\Sky\AppData\Local\Packages
2015-12-03 16:06 - 2015-10-22 11:23 - 00000000 ____D C:\Users\Sky
2015-12-03 16:00 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-03 16:00 - 2015-03-05 13:07 - 00000000 __SHD C:\Users\Sky\IntelGraphicsProfiles
2015-12-02 15:50 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-27 12:13 - 2015-06-25 18:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-25 19:40 - 2015-08-06 14:28 - 00001648 _____ C:\Users\Megan\Desktop\blender - Shortcut.lnk
2015-11-24 17:05 - 2015-03-03 08:00 - 00000000 __SHD C:\Users\Kids\IntelGraphicsProfiles
2015-11-24 10:58 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-11-24 10:58 - 2015-02-25 12:11 - 00000000 ____D C:\Users\Megan\AppData\LocalLow\Adobe
2015-11-22 21:58 - 2015-09-25 08:36 - 00000000 ____D C:\Users\Austin\AppData\Local\LenovoReach
2015-11-21 19:30 - 2015-07-28 09:04 - 00000000 ____D C:\Users\Austin\AppData\Roaming\LSC
2015-11-18 07:57 - 2015-06-21 15:11 - 00000916 _____ C:\Users\Public\Desktop\AVG.lnk
2015-11-18 07:57 - 2015-06-21 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-11-17 20:58 - 2015-07-07 11:34 - 00000000 ____D C:\Users\Austin\AppData\Roaming\HpUpdate
2015-11-17 19:52 - 2015-02-27 14:33 - 00000000 ____D C:\Users\Megan\Documents\MDT
2015-11-15 18:35 - 2015-02-27 14:31 - 00000000 ____D C:\Users\Megan\Documents\Homeschool
2015-11-13 23:20 - 2015-06-22 03:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-13 19:49 - 2015-06-22 03:59 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-13 14:57 - 2015-02-25 18:59 - 00000000 ___RD C:\Users\Megan\Documents\Scanned Documents
2015-11-13 13:01 - 2015-06-21 15:37 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2015-11-13 12:57 - 2015-04-24 15:22 - 00000000 ____D C:\Users\Megan\Documents\Homemaker bundle
2015-11-11 20:44 - 2015-10-19 16:39 - 00000000 ____D C:\ProgramData\tmp
2015-11-11 19:05 - 2015-11-06 15:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-11 19:05 - 2015-06-21 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-10 17:47 - 2015-10-07 12:05 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-10 08:18 - 2015-06-21 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

==================== Files in the root of some directories =======

2015-06-21 14:42 - 2015-10-22 10:49 - 0593753 _____ () C:\Users\Megan\AppData\Local\BTServer.log
2015-08-02 08:42 - 2015-08-02 08:42 - 0004608 _____ () C:\Users\Megan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-31 13:52 - 2015-08-31 13:52 - 0001532 _____ () C:\Users\Megan\AppData\Local\recently-used.xbel
2015-06-23 10:11 - 2015-06-23 10:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-10-22 11:21 - 2015-10-22 11:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Megan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-09 15:41

==================== End of FRST.txt ============================

 

computer is running faster it seems, but all my memory is still full



#11 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:37 PM

Posted 10 December 2015 - 11:02 AM

Is the hard disk of the pc or the Memory of the pc full or both?


Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 kugoi

kugoi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 10 December 2015 - 11:06 AM

my hard disk space. It says we've used 905gig on C drive, and there is no way possible we've used that much.

 

Farbar Service Scanner Version: 10-06-2014
Ran by Megan (administrator) on 10-12-2015 at 11:06:18
Running from "C:\Users\Megan\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#13 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:37 PM

Posted 10 December 2015 - 11:35 AM

Do you know which folders cause your problem, that the hard disk is full?


Hello kugoi,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
AlternateDataStreams: C:\2538a98802e049277849b4ee35aa:Win32App
AlternateDataStreams: C:\6329fdbbccc8036efb0f7be6:Win32App
AlternateDataStreams: C:\6a033aaca0f8082e489939:Win32App
AlternateDataStreams: C:\88152c4fd4cef59307:Win32App
AlternateDataStreams: C:\995557e22a5fae54e66c:Win32App
AlternateDataStreams: C:\9bedadc8bb3abffbcff5bb59:Win32App
AlternateDataStreams: C:\af5684b22e34dcd3c6f749464a27d7da:Win32App
AlternateDataStreams: C:\b94fc1025f35504412ba:Win32App
AlternateDataStreams: C:\d7c62b445da2a01fdcb9762287eea8b2:Win32App
AlternateDataStreams: C:\f4f10080d151d362852ff669b9:Win32App
AlternateDataStreams: C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}:Win32App
AlternateDataStreams: C:\Users\Megan\Desktop\OpenOffice 4.1.2 (en-US) Installation Files:Win32App
AlternateDataStreams: C:\Users\Megan\AppData\Local\Temp:Win32Append
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 kugoi

kugoi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 10 December 2015 - 11:41 AM

as far as I can tell, no files are larger than expected. I don't know what is taking up all my space. I would guess we were using less than 200gig just a few weeks ago.



#15 kugoi

kugoi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 10 December 2015 - 11:47 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Megan (2015-12-10 11:43:11) Run:2
Running from C:\Users\Megan\Downloads
Loaded Profiles: Megan (Available Profiles: Megan & Austin & Kids & Austin2 & Sky & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
EmptyTemp:
AlternateDataStreams: C:\2538a98802e049277849b4ee35aa:Win32App
AlternateDataStreams: C:\6329fdbbccc8036efb0f7be6:Win32App
AlternateDataStreams: C:\6a033aaca0f8082e489939:Win32App
AlternateDataStreams: C:\88152c4fd4cef59307:Win32App
AlternateDataStreams: C:\995557e22a5fae54e66c:Win32App
AlternateDataStreams: C:\9bedadc8bb3abffbcff5bb59:Win32App
AlternateDataStreams: C:\af5684b22e34dcd3c6f749464a27d7da:Win32App
AlternateDataStreams: C:\b94fc1025f35504412ba:Win32App
AlternateDataStreams: C:\d7c62b445da2a01fdcb9762287eea8b2:Win32App
AlternateDataStreams: C:\f4f10080d151d362852ff669b9:Win32App
AlternateDataStreams: C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}:Win32App
AlternateDataStreams: C:\Users\Megan\Desktop\OpenOffice 4.1.2 (en-US) Installation Files:Win32App
AlternateDataStreams: C:\Users\Megan\AppData\Local\Temp:Win32Append
end
*****************

"C:\2538a98802e049277849b4ee35aa" => ":Win32App" ADS not found.
"C:\6329fdbbccc8036efb0f7be6" => ":Win32App" ADS not found.
"C:\6a033aaca0f8082e489939" => ":Win32App" ADS not found.
"C:\88152c4fd4cef59307" => ":Win32App" ADS not found.
"C:\995557e22a5fae54e66c" => ":Win32App" ADS not found.
"C:\9bedadc8bb3abffbcff5bb59" => ":Win32App" ADS not found.
"C:\af5684b22e34dcd3c6f749464a27d7da" => ":Win32App" ADS not found.
"C:\b94fc1025f35504412ba" => ":Win32App" ADS not found.
"C:\d7c62b445da2a01fdcb9762287eea8b2" => ":Win32App" ADS not found.
"C:\f4f10080d151d362852ff669b9" => ":Win32App" ADS not found.
C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5} => ":Win32App" ADS removed successfully.
C:\Users\Megan\Desktop\OpenOffice 4.1.2 (en-US) Installation Files => ":Win32App" ADS removed successfully.
"C:\Users\Megan\AppData\Local\Temp" => ":Win32Append" ADS not found.
EmptyTemp: => 133.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:43:29 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users