Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outbound "Malicious Website Blocked" constantly popping up


  • This topic is locked This topic is locked
9 replies to this topic

#1 pilgrim56

pilgrim56

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wyoming
  • Local time:12:10 AM

Posted 29 December 2015 - 07:44 PM

I have Malwarebytes Anti-Malware and I get pop up warning every 3 to 4 seconds that it has blocked a Malicious Website.  Its an outbound connection with the warning:

 

Domain: (empty)

IP: (different all the time)

Port: (different all the time)

Type: Outbound

Process: C:\Windows\System32\svchost.exe

 

When I received the laptop from previous owner, Avast virus protection was installed but not updated.

I removed it and installed Malwarebytes Premium and Eset Nod32 virus protection.

Ran MBAM and quarantined infections (lMBAMlog.txt file attached), Eset found nothing.

 

It was after MBAM install that running on the wireless connection began to produce the above stated pop-ups.

When MBAM is activated, the pop-ups start immediately and I loose wireless internet.

If wireless is turned off, no pop-ups.

Wireless connection is reestablished once I deactivate MBAM.

 

In  my attempts to fix, I also ran RogueKiller and got rid of a bunch of pum.dns

 

I also notice that what ever I search for in IE goggle, the top return is always a link to "Raaz.io/SafeSearch Install Now"

I downloaded and ran the Farbar recovery Scan Tool and my log is attached.

Thank you for looking at my topic,

Pilgrim.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-12-2015
Ran by Sidney (administrator) on SIDNEY-PC (29-12-2015 15:01:50)
Running from C:\Users\Sidney\Desktop
Loaded Profiles: Sidney (Available Profiles: Sidney)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(NETGEAR,Inc.) C:\Program Files (x86)\NETGEAR\A6200\A6200.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [GENIE] => C:\Program Files (x86)\NETGEAR\A6200\A6200.exe [348888 2013-02-18] (NETGEAR,Inc.)
HKLM\...\Run: [LanuchApp] => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe [15136 2012-07-11] ()
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\RunOnce: [Fesulok] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sidney\AppData\Local\29d7106b1506c019\Dufaku.dat"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 216.128.224.3 216.128.238.3
Tcpip\..\Interfaces\{5FD2069A-87F3-4D12-9CF9-ECFA87309A4A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CDC0E5FC-C178-47CB-8356-F7628A1112CA}: [NameServer] 199.203.131.150,82.163.143.168
Tcpip\..\Interfaces\{CDC0E5FC-C178-47CB-8356-F7628A1112CA}: [DhcpNameServer] 216.128.224.3 216.128.238.3

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_15_48_orgnl&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyEyBtAzzyCtDzzyC0AtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2SyByCtCyC0B0CyEyEtGyCyCtDtCtGzytC0EtDtGtDyD0FtDtGtC0DyEyEyB0A0E0B0EyEyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtCzyzztBzzzztGyC0E0AtCtGyE0E0DyCtGzzyB0B0CtGtB0C0AtAtC0CyC0Azz0EyE0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtBtD%26cr%3D1862324624%26a%3Dhdr_s_15_48_orgnl%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL =
SearchScopes: HKLM -> {254476EF-F0CB-45F8-8524-AA78100BB7B5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> {000709D2-5C48-4176-892A-0C7E8BA03BA3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1747975209-1935908775-2939679204-1000 -> DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS534
SearchScopes: HKU\S-1-5-21-1747975209-1935908775-2939679204-1000 -> {000709D2-5C48-4176-892A-0C7E8BA03BA3} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-1747975209-1935908775-2939679204-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1747975209-1935908775-2939679204-1000 -> {254476EF-F0CB-45F8-8524-AA78100BB7B5} URL =
SearchScopes: HKU\S-1-5-21-1747975209-1935908775-2939679204-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS534
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-28] (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-28] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-03-23] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1747975209-1935908775-2939679204-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1747975209-1935908775-2939679204-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-11-13] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Sidney\AppData\Roaming\Mozilla\Firefox\Profiles\acnr3txr.default-1445956950922
FF NewTab: about:newtab
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_15_48_orgnl&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyEyBtAzzyCtDzzyC0AtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2SyByCtCyC0B0CyEyEtGyCyCtDtCtGzytC0EtDtGtDyD0FtDtGtC0DyEyEyB0A0E0B0EyEyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtCzyzztBzzzztGyC0E0AtCtGyE0E0DyCtGzzyB0B0CtGtB0C0AtAtC0CyC0Azz0EyE0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtBtD%26cr%3D1862324624%26a%3Dhdr_s_15_48_orgnl%26os%3DWindows%2B7%2BHome%2BPremium
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_15_48_orgnl&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyEyBtAzzyCtDzzyC0AtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2SyByCtCyC0B0CyEyEtGyCyCtDtCtGzytC0EtDtGtDyD0FtDtGtC0DyEyEyB0A0E0B0EyEyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtCzyzztBzzzztGyC0E0AtCtGyE0E0DyCtGzzyB0B0CtGtB0C0AtAtC0CyC0Azz0EyE0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtBtD%26cr%3D1862324624%26a%3Dhdr_s_15_48_orgnl%26os%3DWindows%2B7%2BHome%2BPremium","hxxps://www.google.com/?trackid=sp-006"
CHR NewTab: Default -> "chrome-extension://fhndhalcfnmpglbelaejgmjlialaopij/components/supertab/html/supertab.html"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_15_48_orgnl&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyEyBtAzzyCtDzzyC0AtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1M1Q1CtCyDtN1L1G1B1V1N2Y1L1Qzu2SyByCtCyC0B0CyEyEtGyCyCtDtCtGzytC0EtDtGtDyD0FtDtGtC0DyEyEyB0A0E0B0EyEyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtCzyzztBzzzztGyC0E0AtCtGyE0E0DyCtGzzyB0B0CtGtB0C0AtAtC0CyC0Azz0EyE0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtBtD%26cr%3D1862324624%26a%3Dhdr_s_15_48_orgnl%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Provided by Yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Profile: C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (avast! Online Security) - C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-01]
CHR Extension: (Google Wallet) - C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]
CHR HKLM\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2521080 2015-11-19] (ESET)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [123320 2013-06-29] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [29984 2012-09-24] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [170792 2015-11-16] (ESET)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-29] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2015-12-29] (Realtek Semiconductor Corporation                           )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-12-28] (SlimWare Utilities, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-29] ()
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-29 15:01 - 2015-12-29 15:02 - 00023365 _____ C:\Users\Sidney\Desktop\FRST.txt
2015-12-29 15:01 - 2015-12-29 15:01 - 00000000 ____D C:\FRST
2015-12-29 14:57 - 2015-12-29 14:52 - 02370560 _____ (Farbar) C:\Users\Sidney\Desktop\FRST64.exe
2015-12-29 14:13 - 2015-12-29 14:13 - 00026603 _____ C:\ComboFix.txt
2015-12-29 13:53 - 2015-12-29 14:13 - 00000000 ____D C:\Qoobox
2015-12-29 13:53 - 2011-06-25 22:45 - 00256000 _____ C:\windows\PEV.exe
2015-12-29 13:53 - 2010-11-07 09:20 - 00208896 _____ C:\windows\MBR.exe
2015-12-29 13:53 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-12-29 13:53 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-12-29 13:53 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-12-29 13:53 - 2000-08-30 16:00 - 00098816 _____ C:\windows\sed.exe
2015-12-29 13:53 - 2000-08-30 16:00 - 00080412 _____ C:\windows\grep.exe
2015-12-29 13:53 - 2000-08-30 16:00 - 00068096 _____ C:\windows\zip.exe
2015-12-29 13:52 - 2015-12-29 14:11 - 00000000 ____D C:\windows\erdnt
2015-12-29 12:51 - 2015-12-29 12:53 - 00000000 ___SD C:\windows\system32\GWX
2015-12-29 12:51 - 2015-12-29 12:51 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-12-29 12:35 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-12-29 12:35 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-12-29 12:35 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-12-29 12:35 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-12-29 12:35 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-12-29 12:35 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-12-29 12:35 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-12-29 12:35 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-12-29 12:35 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-12-29 12:35 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-12-29 12:35 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-12-29 12:35 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-12-29 12:35 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-12-29 12:35 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-12-29 12:35 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-12-29 12:35 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-12-29 12:35 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-12-29 12:35 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-12-29 12:35 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-12-29 12:35 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-12-29 12:35 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-12-29 12:35 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-12-29 12:35 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-29 12:35 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-12-29 12:35 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-12-29 12:35 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-12-29 12:35 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-12-29 12:35 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-12-29 12:35 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-12-29 12:35 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-12-29 12:35 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-12-29 12:35 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-12-29 12:35 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-12-29 12:35 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-12-29 12:35 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-12-29 12:35 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-12-29 12:35 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-12-29 12:35 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-12-29 12:35 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-12-29 12:35 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-12-29 12:35 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-12-29 12:35 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-12-29 12:35 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-12-29 12:35 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-12-29 12:35 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-12-29 12:35 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-12-29 12:35 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-12-29 12:35 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-12-29 12:35 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-12-29 12:35 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-12-29 12:35 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-12-29 12:35 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-12-29 12:35 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-12-29 12:35 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-12-29 12:35 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-12-29 12:35 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-12-29 12:35 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-12-29 12:35 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-12-29 12:35 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-12-29 12:35 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-12-29 12:35 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-12-29 12:35 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-12-29 12:35 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-12-29 12:35 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-12-29 09:39 - 2015-12-29 10:59 - 00030848 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-12-29 09:39 - 2015-12-29 10:28 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-29 08:27 - 2015-12-29 08:25 - 01514568 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\rtwlane.sys
2015-12-29 08:27 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\windows\system32\Rtlihvs.dll
2015-12-29 08:26 - 2015-12-29 08:27 - 00000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
2015-12-29 08:26 - 2013-01-30 11:41 - 00430080 _____ (Realtek) C:\windows\SwUSB.exe
2015-12-29 08:26 - 2012-12-14 15:54 - 00036864 _____ () C:\windows\runSW.exe
2015-12-29 08:06 - 2015-12-29 08:06 - 00002165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2015-12-29 08:06 - 2015-12-29 08:06 - 00002153 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2015-12-29 08:06 - 2015-12-29 08:06 - 00000000 ____D C:\Program Files (x86)\Belarc
2015-12-29 07:54 - 2015-12-29 07:54 - 00000058 _____ C:\Users\Sidney\Desktop\WINSCK.txt
2015-12-28 19:34 - 2015-12-28 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-28 19:34 - 2015-12-28 19:34 - 00000000 ____D C:\ProgramData\ESET
2015-12-28 19:34 - 2015-12-28 19:34 - 00000000 ____D C:\Program Files\ESET
2015-12-28 19:17 - 2015-12-28 19:18 - 02838216 _____ (ESET) C:\Users\Sidney\Downloads\eset_nod32_antivirus_live_installer.exe
2015-12-28 18:42 - 2015-12-29 06:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-28 18:34 - 2015-08-05 09:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-12-28 18:33 - 2015-10-01 10:06 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-12-28 18:33 - 2015-10-01 10:04 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-12-28 18:33 - 2015-10-01 10:00 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-12-28 18:33 - 2015-10-01 10:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-12-28 18:33 - 2015-10-01 10:00 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-12-28 18:33 - 2015-10-01 10:00 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-12-28 18:33 - 2015-10-01 10:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-12-28 18:33 - 2015-10-01 09:50 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-12-28 18:33 - 2015-10-01 09:00 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-12-28 18:33 - 2015-07-22 16:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-12-28 18:33 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-12-28 18:33 - 2015-07-22 08:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-12-28 18:33 - 2015-07-15 10:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-12-28 18:33 - 2015-07-15 10:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-12-28 18:33 - 2015-07-15 10:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-12-28 18:33 - 2015-07-14 19:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-12-28 18:33 - 2015-07-09 09:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-12-28 18:33 - 2015-07-09 09:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-12-28 18:33 - 2015-07-09 09:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-12-28 18:33 - 2015-07-09 09:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-12-28 18:32 - 2015-10-19 17:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-12-28 18:32 - 2015-10-19 17:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-12-28 18:32 - 2015-10-19 17:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-12-28 18:32 - 2015-10-19 17:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-12-28 18:32 - 2015-10-19 17:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-12-28 18:32 - 2015-10-19 17:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-12-28 18:32 - 2015-10-19 17:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-12-28 18:32 - 2015-10-19 17:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-12-28 18:32 - 2015-10-19 17:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-12-28 18:32 - 2015-10-19 17:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-12-28 18:32 - 2015-10-19 17:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-12-28 18:32 - 2015-10-19 17:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-12-28 18:32 - 2015-10-19 17:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-12-28 18:32 - 2015-10-19 17:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-12-28 18:32 - 2015-10-19 17:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-12-28 18:32 - 2015-10-19 16:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-12-28 18:32 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-12-28 18:32 - 2015-10-19 16:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-12-28 18:32 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-12-28 18:32 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-12-28 18:32 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-12-28 18:32 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-12-28 18:32 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-12-28 18:32 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-12-28 18:32 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-12-28 18:32 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-12-28 18:32 - 2015-10-19 16:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-12-28 18:32 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-12-28 18:32 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-12-28 18:32 - 2015-10-19 16:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-12-28 18:32 - 2015-10-19 16:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-12-28 18:32 - 2015-10-19 16:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-12-28 18:32 - 2015-10-19 16:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-12-28 18:32 - 2015-10-19 16:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-12-28 18:32 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-12-28 18:32 - 2015-10-19 16:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-12-28 18:32 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-12-28 18:32 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 15:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-12-28 18:32 - 2015-10-19 15:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-12-28 18:32 - 2015-10-19 15:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-12-28 18:32 - 2015-10-19 15:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-12-28 18:32 - 2015-10-19 15:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-12-28 18:32 - 2015-10-19 15:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 15:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 15:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-12-28 18:32 - 2015-10-19 15:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-12-28 18:32 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-12-28 18:32 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-12-28 18:32 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-12-28 18:32 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-12-28 18:32 - 2015-07-22 09:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-12-28 18:32 - 2015-07-22 09:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-12-28 18:32 - 2015-06-25 02:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-12-28 18:32 - 2015-06-25 02:01 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-12-28 18:32 - 2015-06-25 02:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-12-28 18:32 - 2015-06-25 01:44 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-12-28 18:31 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-12-28 18:31 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2015-12-28 18:31 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-12-28 18:31 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-12-28 18:31 - 2015-08-06 10:04 - 14176768 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-12-28 18:31 - 2015-08-06 10:03 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2015-12-28 18:31 - 2015-08-06 09:44 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-12-28 18:31 - 2015-08-06 09:44 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2015-12-28 18:31 - 2015-07-30 10:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-12-28 18:31 - 2015-07-30 09:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-12-28 18:31 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-12-28 18:31 - 2015-07-10 09:51 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-12-28 18:31 - 2015-07-10 09:51 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-12-28 18:31 - 2015-07-10 09:51 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-12-28 18:31 - 2015-07-10 09:34 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-12-28 18:31 - 2015-07-10 09:34 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-12-28 18:31 - 2015-07-10 09:33 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-12-28 18:30 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-12-28 18:30 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-12-28 18:30 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-12-28 18:30 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-12-28 18:30 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-12-28 18:30 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-12-28 18:30 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-12-28 18:30 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-12-28 18:30 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-12-28 18:30 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-12-28 18:30 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-12-28 18:30 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-12-28 18:30 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-12-28 18:30 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-12-28 18:30 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-12-28 18:30 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-12-28 18:30 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2015-12-28 18:30 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2015-12-28 18:30 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2015-12-28 18:30 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2015-12-28 18:30 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-12-28 18:30 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-12-28 18:30 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2015-12-28 18:30 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-12-28 18:30 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2015-12-28 18:30 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-12-28 18:30 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-12-28 18:30 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-12-28 18:30 - 2015-10-29 09:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-12-28 18:30 - 2015-10-29 09:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-12-28 18:30 - 2015-10-29 09:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-12-28 18:30 - 2015-10-29 09:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-12-28 18:30 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-12-28 18:30 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-12-28 18:30 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-12-28 18:30 - 2015-09-18 11:22 - 00025432 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-12-28 18:30 - 2015-09-18 11:19 - 01291264 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-12-28 18:30 - 2015-09-18 11:19 - 00766464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-12-28 18:30 - 2015-09-18 11:19 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-12-28 18:30 - 2015-09-18 11:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-12-28 18:30 - 2015-09-18 11:19 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-12-28 18:30 - 2015-09-18 11:09 - 01163776 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-12-28 18:30 - 2015-08-27 10:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-12-28 18:30 - 2015-08-27 10:18 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-12-28 18:30 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-12-28 18:30 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-12-28 18:30 - 2015-08-27 09:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-12-28 18:30 - 2015-08-27 09:58 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-12-28 18:30 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-12-28 18:30 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-12-28 18:30 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-12-28 18:30 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-12-28 18:30 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-12-28 18:30 - 2015-07-01 12:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-12-28 18:30 - 2015-07-01 12:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-12-28 18:30 - 2015-07-01 12:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-12-28 18:30 - 2015-07-01 12:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-12-28 18:29 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2015-12-28 18:29 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2015-12-28 18:29 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2015-12-28 18:29 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-12-28 18:20 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2015-12-28 18:20 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2015-12-28 18:20 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-12-28 18:20 - 2015-10-01 10:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-12-28 18:20 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-12-28 18:20 - 2015-09-01 19:04 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-12-28 18:20 - 2015-09-01 19:04 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-12-28 18:20 - 2015-09-01 19:04 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-12-28 18:20 - 2015-09-01 19:04 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-12-28 18:20 - 2015-09-01 18:48 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-12-28 18:20 - 2015-09-01 18:48 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-12-28 18:20 - 2015-09-01 18:48 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-12-28 18:20 - 2015-09-01 18:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-12-28 18:20 - 2015-09-01 17:47 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-12-28 18:20 - 2015-09-01 17:33 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-12-28 16:10 - 2015-12-29 14:06 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-28 16:10 - 2015-12-28 16:10 - 00001143 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-28 16:10 - 2015-12-28 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-28 16:10 - 2015-12-28 16:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-28 16:10 - 2015-12-28 16:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-28 16:10 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-12-28 16:10 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-12-28 16:10 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-12-26 21:27 - 2015-12-26 21:27 - 00000000 ____D C:\Users\Sidney\AppData\Local\{F4636DC7-DAC8-4EA5-A2B3-CD0C5736016E}
2015-12-16 08:06 - 2015-12-16 08:07 - 00000000 ____D C:\Users\Sidney\AppData\Local\{47D3B8C3-798A-400D-9D18-050EE64B530D}
2015-12-14 13:18 - 2015-12-14 13:18 - 00000000 ____D C:\Users\Sidney\AppData\Local\{DE1C73D9-98C0-4ADD-B563-1E67B69449CE}
2015-12-13 10:36 - 2015-12-13 10:36 - 00000000 ___HD C:\Users\Sidney\AppData\Local\29d7106b1506c019
2015-12-08 12:56 - 2015-12-08 12:56 - 00000000 ____D C:\Users\Sidney\AppData\Local\{0817764C-1B73-450B-A242-8109D0B01A57}
2015-12-03 07:00 - 2015-12-03 07:00 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2015-12-03 07:00 - 2015-12-03 07:00 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-02 20:28 - 2015-12-02 20:28 - 00000000 ____D C:\Users\Sidney\AppData\Local\{ADAAD23B-A5FF-43D6-A10A-D729CC2B7475}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-29 15:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-29 14:51 - 2011-07-14 06:56 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-29 14:30 - 2014-04-02 11:37 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-29 14:14 - 2009-07-13 20:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-29 14:14 - 2009-07-13 20:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-29 14:07 - 2009-07-13 18:34 - 00000215 _____ C:\windows\system.ini
2015-12-29 14:06 - 2011-07-14 06:56 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-29 14:05 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-29 14:04 - 2009-07-13 18:34 - 76021760 _____ C:\windows\system32\config\software.bak
2015-12-29 14:04 - 2009-07-13 18:34 - 44302336 _____ C:\windows\system32\config\components.bak
2015-12-29 14:04 - 2009-07-13 18:34 - 18087936 _____ C:\windows\system32\config\system.bak
2015-12-29 14:04 - 2009-07-13 18:34 - 01048576 _____ C:\windows\system32\config\default.bak
2015-12-29 14:04 - 2009-07-13 18:34 - 00262144 _____ C:\windows\system32\config\security.bak
2015-12-29 14:04 - 2009-07-13 18:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2015-12-29 13:52 - 2015-04-23 13:25 - 00000000 ____D C:\Data
2015-12-29 12:51 - 2009-07-13 19:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-12-29 12:42 - 2013-08-05 13:36 - 00776078 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-12-29 12:42 - 2009-07-13 21:13 - 00776078 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-29 12:42 - 2009-07-13 19:20 - 00000000 ____D C:\windows\inf
2015-12-29 09:15 - 2009-07-13 19:20 - 00000000 ____D C:\windows\rescache
2015-12-29 08:26 - 2011-03-23 18:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-29 06:14 - 2009-07-13 19:20 - 00000000 ____D C:\windows\system32\NDF
2015-12-29 06:09 - 2014-03-26 11:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-28 23:36 - 2013-04-29 12:50 - 00000000 ____D C:\Users\Sidney\AppData\Local\Google
2015-12-28 23:35 - 2011-07-14 06:56 - 00000000 ____D C:\Program Files\Google
2015-12-28 23:35 - 2011-07-14 06:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-28 19:08 - 2013-04-30 21:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-28 19:08 - 2013-04-30 21:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-28 19:08 - 2009-07-13 20:45 - 00268392 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-28 19:05 - 2015-08-04 15:11 - 00000000 ____D C:\windows\system32\appraiser
2015-12-28 19:05 - 2014-10-31 10:13 - 00000000 ___SD C:\windows\system32\CompatTel
2015-12-28 19:04 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-28 18:56 - 2013-04-30 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-28 18:44 - 2013-07-14 07:11 - 00000000 ____D C:\windows\system32\MRT
2015-12-28 16:53 - 2009-07-13 19:20 - 00000000 ____D C:\windows\LiveKernelReports
2015-12-28 16:52 - 2015-08-25 13:55 - 00000000 ____D C:\ProgramData\BorderlineInit
2015-12-28 16:52 - 2015-08-16 19:24 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter
2015-12-28 16:14 - 2015-08-26 08:05 - 00000000 ____D C:\Program Files (x86)\LockerTearmiiNal
2015-12-28 15:57 - 2015-07-21 07:53 - 00016056 _____ (SlimWare Utilities, Inc.) C:\windows\system32\Drivers\SWDUMon.sys
2015-12-28 15:56 - 2013-04-29 15:09 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-22 09:35 - 2011-07-14 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-21 20:05 - 2014-10-29 17:21 - 00000446 _____ C:\Users\Sidney\AppData\Roaming\WB.CFG
2015-12-15 21:44 - 2013-05-02 18:10 - 00000000 ____D C:\Users\Sidney\AppData\Local\CrashDumps
2015-12-11 07:30 - 2014-04-02 11:37 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-12-11 07:30 - 2014-04-02 11:37 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-11 07:30 - 2014-04-02 11:37 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-03 19:46 - 2011-07-14 06:56 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 19:46 - 2011-07-14 06:56 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 13:18 - 2010-11-20 19:27 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-11-30 20:24 - 2013-04-29 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-11-19 15:34 - 2014-07-05 08:13 - 4177239 _____ () C:\Program Files (x86)\IMG_8393.JPG
2014-11-19 15:34 - 2014-07-05 09:25 - 5456094 _____ () C:\Program Files (x86)\IMG_8396.JPG
2014-11-19 15:34 - 2014-07-05 09:26 - 2785181 _____ () C:\Program Files (x86)\IMG_8399.JPG
2014-11-19 15:34 - 2014-07-05 09:26 - 3364284 _____ () C:\Program Files (x86)\IMG_8401.JPG
2014-11-19 15:34 - 2014-07-05 09:26 - 3075767 _____ () C:\Program Files (x86)\IMG_8402.JPG
2014-11-19 15:34 - 2014-07-05 09:26 - 3352929 _____ () C:\Program Files (x86)\IMG_8403.JPG
2014-11-19 15:34 - 2014-07-05 09:26 - 2719464 _____ () C:\Program Files (x86)\IMG_8405.JPG
2014-11-19 15:34 - 2014-07-05 09:26 - 4792374 _____ () C:\Program Files (x86)\IMG_8406.JPG
2014-11-19 15:34 - 2014-07-05 09:26 - 2433896 _____ () C:\Program Files (x86)\IMG_8407.JPG
2014-11-19 15:34 - 2014-07-05 09:26 - 2065087 _____ () C:\Program Files (x86)\IMG_8409.JPG
2014-11-19 15:34 - 2014-07-05 09:26 - 2124453 _____ () C:\Program Files (x86)\IMG_8410.JPG
2014-11-19 15:34 - 2014-07-05 09:26 - 3567359 _____ () C:\Program Files (x86)\IMG_8413.JPG
2014-11-19 15:34 - 2014-07-05 09:26 - 4520381 _____ () C:\Program Files (x86)\IMG_8414.JPG
2014-11-19 15:34 - 2014-07-05 09:27 - 3099701 _____ () C:\Program Files (x86)\IMG_8416.JPG
2014-11-19 15:34 - 2014-07-05 09:27 - 4078079 _____ () C:\Program Files (x86)\IMG_8417.JPG
2014-11-19 15:34 - 2014-07-05 09:27 - 5375598 _____ () C:\Program Files (x86)\IMG_8419.JPG
2014-11-19 15:34 - 2014-07-05 09:27 - 2372193 _____ () C:\Program Files (x86)\IMG_8420.JPG
2014-11-19 15:34 - 2014-07-05 09:27 - 3821951 _____ () C:\Program Files (x86)\IMG_8421.JPG
2014-11-19 15:34 - 2014-07-05 09:28 - 2592716 _____ () C:\Program Files (x86)\IMG_8422.JPG
2014-11-19 15:34 - 2014-07-05 09:28 - 4464829 _____ () C:\Program Files (x86)\IMG_8423.JPG
2014-11-19 15:34 - 2014-07-05 09:28 - 3081742 _____ () C:\Program Files (x86)\IMG_8424.JPG
2014-11-19 15:34 - 2014-07-05 09:28 - 4195626 _____ () C:\Program Files (x86)\IMG_8425.JPG
2014-11-19 15:34 - 2014-07-05 09:28 - 3423113 _____ () C:\Program Files (x86)\IMG_8426.JPG
2014-11-19 15:34 - 2014-07-05 09:28 - 4358775 _____ () C:\Program Files (x86)\IMG_8427.JPG
2014-11-19 15:34 - 2014-07-05 09:28 - 2593618 _____ () C:\Program Files (x86)\IMG_8428.JPG
2014-11-19 15:34 - 2014-07-05 09:28 - 2363796 _____ () C:\Program Files (x86)\IMG_8429.JPG
2014-11-19 15:34 - 2014-07-05 09:28 - 3244520 _____ () C:\Program Files (x86)\IMG_8430.JPG
2014-11-19 15:34 - 2014-07-05 09:28 - 2654751 _____ () C:\Program Files (x86)\IMG_8431.JPG
2014-11-19 15:34 - 2014-07-05 09:29 - 3009183 _____ () C:\Program Files (x86)\IMG_8432.JPG
2014-11-19 15:34 - 2014-07-05 09:29 - 3742391 _____ () C:\Program Files (x86)\IMG_8433.JPG
2014-11-19 15:34 - 2014-07-05 09:29 - 2947160 _____ () C:\Program Files (x86)\IMG_8434.JPG
2014-11-19 15:34 - 2014-07-05 09:29 - 2362101 _____ () C:\Program Files (x86)\IMG_8435.JPG
2014-11-19 15:34 - 2014-07-05 09:29 - 2389323 _____ () C:\Program Files (x86)\IMG_8436.JPG
2014-11-19 15:34 - 2014-07-05 09:29 - 4040205 _____ () C:\Program Files (x86)\IMG_8437.JPG
2014-11-19 15:34 - 2014-07-05 09:29 - 2177904 _____ () C:\Program Files (x86)\IMG_8439.JPG
2014-11-19 15:34 - 2014-07-05 09:29 - 3155877 _____ () C:\Program Files (x86)\IMG_8441.JPG
2014-11-19 15:34 - 2014-07-05 09:29 - 3483400 _____ () C:\Program Files (x86)\IMG_8442.JPG
2014-11-19 15:34 - 2014-07-05 09:30 - 2988370 _____ () C:\Program Files (x86)\IMG_8445.JPG
2014-11-19 15:34 - 2014-07-05 09:30 - 3005337 _____ () C:\Program Files (x86)\IMG_8446.JPG
2014-11-19 15:34 - 2014-07-05 09:30 - 2960838 _____ () C:\Program Files (x86)\IMG_8447.JPG
2014-11-19 15:34 - 2014-07-05 09:30 - 3714504 _____ () C:\Program Files (x86)\IMG_8448.JPG
2014-11-19 15:34 - 2014-07-05 09:30 - 2869110 _____ () C:\Program Files (x86)\IMG_8449.JPG
2014-11-19 15:34 - 2014-07-05 09:30 - 2483769 _____ () C:\Program Files (x86)\IMG_8450.JPG
2014-11-19 15:34 - 2014-07-05 09:30 - 3323676 _____ () C:\Program Files (x86)\IMG_8451.JPG
2014-11-19 15:34 - 2014-07-05 09:30 - 3138207 _____ () C:\Program Files (x86)\IMG_8452.JPG
2014-11-19 15:34 - 2014-07-05 09:31 - 4217236 _____ () C:\Program Files (x86)\IMG_8453.JPG
2014-11-19 15:34 - 2014-07-05 09:31 - 2378795 _____ () C:\Program Files (x86)\IMG_8454.JPG
2014-11-19 15:34 - 2014-07-05 09:31 - 3707330 _____ () C:\Program Files (x86)\IMG_8455.JPG
2014-11-19 15:34 - 2014-07-05 09:31 - 4463270 _____ () C:\Program Files (x86)\IMG_8456.JPG
2014-11-19 15:34 - 2014-07-05 09:31 - 2059063 _____ () C:\Program Files (x86)\IMG_8457.JPG
2014-11-19 15:34 - 2014-07-05 09:31 - 2156755 _____ () C:\Program Files (x86)\IMG_8458.JPG
2014-11-19 15:34 - 2014-07-05 09:31 - 5501952 _____ () C:\Program Files (x86)\IMG_8459.JPG
2014-11-19 15:34 - 2014-07-05 09:31 - 2571440 _____ () C:\Program Files (x86)\IMG_8460.JPG
2014-11-19 15:34 - 2014-07-05 09:31 - 3329053 _____ () C:\Program Files (x86)\IMG_8461.JPG
2014-11-19 15:34 - 2014-07-05 09:31 - 4642581 _____ () C:\Program Files (x86)\IMG_8462.JPG
2014-11-19 15:34 - 2014-07-05 09:31 - 2551431 _____ () C:\Program Files (x86)\IMG_8463.JPG
2014-11-19 15:34 - 2014-07-05 09:32 - 2166856 _____ () C:\Program Files (x86)\IMG_8464.JPG
2014-11-19 15:34 - 2014-07-05 09:32 - 4533776 _____ () C:\Program Files (x86)\IMG_8465.JPG
2014-11-19 15:34 - 2014-07-05 09:32 - 5242037 _____ () C:\Program Files (x86)\IMG_8466.JPG
2014-11-19 15:34 - 2014-07-05 09:32 - 3282613 _____ () C:\Program Files (x86)\IMG_8467.JPG
2014-11-19 15:34 - 2014-07-05 09:32 - 4268410 _____ () C:\Program Files (x86)\IMG_8468.JPG
2014-11-19 15:34 - 2014-07-05 09:32 - 4515657 _____ () C:\Program Files (x86)\IMG_8469.JPG
2014-11-19 15:34 - 2014-07-05 09:32 - 2292149 _____ () C:\Program Files (x86)\IMG_8470.JPG
2014-11-19 15:34 - 2014-07-05 09:32 - 4558417 _____ () C:\Program Files (x86)\IMG_8471.JPG
2014-11-19 15:34 - 2014-07-05 09:32 - 4014074 _____ () C:\Program Files (x86)\IMG_8472.JPG
2014-11-19 15:34 - 2014-07-05 09:32 - 3197679 _____ () C:\Program Files (x86)\IMG_8473.JPG
2014-11-19 15:34 - 2014-07-05 09:33 - 4198140 _____ () C:\Program Files (x86)\IMG_8474.JPG
2014-11-19 15:34 - 2014-07-05 09:33 - 2108453 _____ () C:\Program Files (x86)\IMG_8475.JPG
2014-11-19 15:34 - 2014-07-05 09:33 - 3836064 _____ () C:\Program Files (x86)\IMG_8476.JPG
2014-11-19 15:34 - 2014-07-05 09:33 - 3037576 _____ () C:\Program Files (x86)\IMG_8477.JPG
2014-11-19 15:34 - 2014-07-05 09:33 - 1744813 _____ () C:\Program Files (x86)\IMG_8478.JPG
2014-11-19 15:34 - 2014-07-05 09:33 - 2504042 _____ () C:\Program Files (x86)\IMG_8479.JPG
2014-11-19 15:34 - 2014-07-05 09:33 - 2995238 _____ () C:\Program Files (x86)\IMG_8480.JPG
2014-11-19 15:34 - 2014-07-05 09:33 - 1890936 _____ () C:\Program Files (x86)\IMG_8481.JPG
2014-11-19 15:34 - 2014-07-05 09:33 - 3219984 _____ () C:\Program Files (x86)\IMG_8482.JPG
2014-11-19 15:34 - 2014-07-05 09:33 - 3048992 _____ () C:\Program Files (x86)\IMG_8483.JPG
2014-11-19 15:34 - 2014-07-05 09:33 - 2704202 _____ () C:\Program Files (x86)\IMG_8484.JPG
2014-11-19 15:34 - 2014-07-05 09:34 - 3569400 _____ () C:\Program Files (x86)\IMG_8485.JPG
2014-11-19 15:34 - 2014-07-05 09:34 - 2924341 _____ () C:\Program Files (x86)\IMG_8486.JPG
2014-11-19 15:34 - 2014-07-05 09:34 - 2380421 _____ () C:\Program Files (x86)\IMG_8487.JPG
2014-11-19 15:34 - 2014-07-05 09:34 - 2546255 _____ () C:\Program Files (x86)\IMG_8488.JPG
2014-11-19 15:34 - 2014-07-05 09:34 - 3299138 _____ () C:\Program Files (x86)\IMG_8489.JPG
2014-11-19 15:34 - 2014-07-05 09:34 - 3381267 _____ () C:\Program Files (x86)\IMG_8490.JPG
2014-11-19 15:34 - 2014-07-05 09:34 - 4655672 _____ () C:\Program Files (x86)\IMG_8491.JPG
2014-11-19 15:34 - 2014-07-05 09:34 - 2573522 _____ () C:\Program Files (x86)\IMG_8492.JPG
2014-11-19 15:34 - 2014-07-05 09:34 - 3679816 _____ () C:\Program Files (x86)\IMG_8493.JPG
2014-11-19 15:34 - 2014-07-05 09:34 - 6050657 _____ () C:\Program Files (x86)\IMG_8494.JPG
2014-11-19 15:34 - 2014-07-05 09:35 - 3551986 _____ () C:\Program Files (x86)\IMG_8495.JPG
2014-11-19 15:34 - 2014-07-05 09:35 - 2500716 _____ () C:\Program Files (x86)\IMG_8496.JPG
2014-11-19 15:34 - 2014-07-05 09:35 - 4445584 _____ () C:\Program Files (x86)\IMG_8497.JPG
2014-11-19 15:34 - 2014-07-05 09:35 - 3004806 _____ () C:\Program Files (x86)\IMG_8498.JPG
2014-11-19 15:34 - 2014-07-05 09:35 - 2761041 _____ () C:\Program Files (x86)\IMG_8499.JPG
2014-11-19 15:34 - 2014-07-05 09:35 - 2475948 _____ () C:\Program Files (x86)\IMG_8500.JPG
2014-11-19 15:34 - 2014-07-05 09:35 - 4212656 _____ () C:\Program Files (x86)\IMG_8501.JPG
2014-11-19 15:34 - 2014-07-05 09:35 - 4350569 _____ () C:\Program Files (x86)\IMG_8502.JPG
2014-11-19 15:34 - 2014-07-05 09:36 - 4700902 _____ () C:\Program Files (x86)\IMG_8503.JPG
2014-11-19 15:34 - 2014-07-05 09:36 - 5916848 _____ () C:\Program Files (x86)\IMG_8504.JPG
2014-11-19 15:34 - 2014-07-05 09:36 - 4295705 _____ () C:\Program Files (x86)\IMG_8505.JPG
2014-11-19 15:34 - 2014-07-05 09:36 - 3878716 _____ () C:\Program Files (x86)\IMG_8507.JPG
2014-11-19 15:34 - 2014-07-05 09:36 - 5629900 _____ () C:\Program Files (x86)\IMG_8508.JPG
2014-11-19 15:34 - 2014-07-05 09:36 - 2976581 _____ () C:\Program Files (x86)\IMG_8509.JPG
2014-11-19 15:34 - 2014-07-05 09:36 - 3312648 _____ () C:\Program Files (x86)\IMG_8511.JPG
2014-11-19 15:34 - 2014-07-05 09:36 - 4341107 _____ () C:\Program Files (x86)\IMG_8512.JPG
2014-11-19 15:34 - 2014-07-05 09:37 - 3602404 _____ () C:\Program Files (x86)\IMG_8514.JPG
2014-11-19 15:34 - 2014-07-05 09:37 - 4588647 _____ () C:\Program Files (x86)\IMG_8515.JPG
2014-11-19 15:34 - 2014-07-05 09:37 - 6178806 _____ () C:\Program Files (x86)\IMG_8516.JPG
2014-11-19 15:34 - 2014-07-05 09:37 - 3458111 _____ () C:\Program Files (x86)\IMG_8517.JPG
2014-11-19 15:34 - 2014-07-05 09:37 - 2467334 _____ () C:\Program Files (x86)\IMG_8518.JPG
2014-11-19 15:34 - 2014-07-05 09:37 - 2816599 _____ () C:\Program Files (x86)\IMG_8519.JPG
2014-11-19 15:34 - 2014-07-05 09:37 - 4001670 _____ () C:\Program Files (x86)\IMG_8520.JPG
2014-11-19 15:34 - 2014-07-05 09:38 - 3217386 _____ () C:\Program Files (x86)\IMG_8521.JPG
2014-11-19 15:34 - 2014-07-05 09:38 - 2359089 _____ () C:\Program Files (x86)\IMG_8522.JPG
2014-11-19 15:34 - 2014-07-05 09:38 - 6968393 _____ () C:\Program Files (x86)\IMG_8523.JPG
2014-11-19 15:34 - 2014-07-05 09:38 - 3176610 _____ () C:\Program Files (x86)\IMG_8524.JPG
2014-11-19 15:34 - 2014-07-05 09:38 - 4399937 _____ () C:\Program Files (x86)\IMG_8525.JPG
2014-11-19 15:34 - 2014-07-05 09:38 - 5105904 _____ () C:\Program Files (x86)\IMG_8526.JPG
2014-11-19 15:34 - 2014-07-05 09:38 - 2554590 _____ () C:\Program Files (x86)\IMG_8527.JPG
2014-11-19 15:34 - 2014-07-05 09:38 - 3696547 _____ () C:\Program Files (x86)\IMG_8528.JPG
2014-11-19 15:34 - 2014-07-05 09:38 - 6386432 _____ () C:\Program Files (x86)\IMG_8529.JPG
2014-11-19 15:34 - 2014-07-05 09:39 - 4364087 _____ () C:\Program Files (x86)\IMG_8530.JPG
2014-11-19 15:34 - 2014-07-05 09:39 - 3144634 _____ () C:\Program Files (x86)\IMG_8531.JPG
2014-11-19 15:34 - 2014-07-05 09:39 - 4864443 _____ () C:\Program Files (x86)\IMG_8532.JPG
2014-11-19 15:34 - 2014-07-05 09:39 - 2513749 _____ () C:\Program Files (x86)\IMG_8533.JPG
2014-11-19 15:34 - 2014-07-05 09:39 - 2766203 _____ () C:\Program Files (x86)\IMG_8534.JPG
2014-11-19 15:34 - 2014-07-05 09:39 - 3702393 _____ () C:\Program Files (x86)\IMG_8535.JPG
2014-11-19 15:34 - 2014-07-05 09:39 - 5684520 _____ () C:\Program Files (x86)\IMG_8536.JPG
2014-11-19 15:34 - 2014-07-05 09:40 - 4204030 _____ () C:\Program Files (x86)\IMG_8537.JPG
2014-11-19 15:34 - 2014-07-05 09:40 - 4727065 _____ () C:\Program Files (x86)\IMG_8538.JPG
2014-11-19 15:34 - 2014-07-05 09:40 - 2760950 _____ () C:\Program Files (x86)\IMG_8539.JPG
2014-11-19 15:34 - 2014-07-05 09:40 - 4226017 _____ () C:\Program Files (x86)\IMG_8540.JPG
2014-11-19 15:34 - 2014-07-05 09:40 - 1923888 _____ () C:\Program Files (x86)\IMG_8541.JPG
2014-11-19 15:34 - 2014-07-05 09:40 - 3420876 _____ () C:\Program Files (x86)\IMG_8542.JPG
2014-11-19 15:34 - 2014-07-05 09:40 - 3742332 _____ () C:\Program Files (x86)\IMG_8543.JPG
2014-11-19 15:34 - 2014-07-05 09:40 - 1986066 _____ () C:\Program Files (x86)\IMG_8544.JPG
2014-11-19 15:34 - 2014-07-05 09:40 - 5260843 _____ () C:\Program Files (x86)\IMG_8545.JPG
2014-11-19 15:34 - 2014-07-05 09:41 - 4199988 _____ () C:\Program Files (x86)\IMG_8546.JPG
2014-11-19 15:34 - 2014-07-05 09:41 - 2969950 _____ () C:\Program Files (x86)\IMG_8547.JPG
2014-11-19 15:34 - 2014-07-05 09:41 - 3523534 _____ () C:\Program Files (x86)\IMG_8548.JPG
2014-11-19 15:34 - 2014-07-05 09:41 - 3357309 _____ () C:\Program Files (x86)\IMG_8549.JPG
2014-11-19 15:34 - 2014-07-05 09:41 - 3249905 _____ () C:\Program Files (x86)\IMG_8550.JPG
2014-11-19 15:34 - 2014-07-05 09:41 - 4466843 _____ () C:\Program Files (x86)\IMG_8551.JPG
2014-11-19 15:34 - 2014-07-05 09:41 - 3197169 _____ () C:\Program Files (x86)\IMG_8552.JPG
2014-11-19 15:34 - 2014-07-05 09:41 - 3015380 _____ () C:\Program Files (x86)\IMG_8553.JPG
2014-11-19 15:34 - 2014-07-05 09:41 - 2790919 _____ () C:\Program Files (x86)\IMG_8554.JPG
2014-11-19 15:34 - 2014-07-05 09:42 - 3293963 _____ () C:\Program Files (x86)\IMG_8555.JPG
2014-11-19 15:34 - 2014-07-05 09:42 - 2365619 _____ () C:\Program Files (x86)\IMG_8556.JPG
2014-11-19 15:34 - 2014-07-05 09:42 - 3379069 _____ () C:\Program Files (x86)\IMG_8557.JPG
2014-11-19 15:34 - 2014-07-05 09:42 - 3451869 _____ () C:\Program Files (x86)\IMG_8558.JPG
2014-11-19 15:34 - 2014-07-05 09:42 - 3033507 _____ () C:\Program Files (x86)\IMG_8559.JPG
2014-11-19 15:34 - 2014-07-05 09:42 - 2267074 _____ () C:\Program Files (x86)\IMG_8560.JPG
2014-11-19 15:34 - 2014-07-05 09:42 - 2429017 _____ () C:\Program Files (x86)\IMG_8561.JPG
2014-11-19 15:34 - 2014-07-05 09:42 - 5557497 _____ () C:\Program Files (x86)\IMG_8563.JPG
2014-11-19 15:34 - 2014-07-05 09:43 - 5215080 _____ () C:\Program Files (x86)\IMG_8566.JPG
2014-11-19 15:34 - 2014-07-05 09:43 - 5121731 _____ () C:\Program Files (x86)\IMG_8567.JPG
2014-11-19 15:34 - 2014-07-05 09:43 - 2881163 _____ () C:\Program Files (x86)\IMG_8568.JPG
2014-11-19 15:34 - 2014-07-05 09:43 - 4155761 _____ () C:\Program Files (x86)\IMG_8569.JPG
2014-11-19 15:34 - 2014-07-05 09:43 - 5528008 _____ () C:\Program Files (x86)\IMG_8570.JPG
2014-11-19 15:34 - 2014-07-05 09:43 - 2800970 _____ () C:\Program Files (x86)\IMG_8571.JPG
2014-11-19 15:34 - 2014-07-05 09:43 - 4112437 _____ () C:\Program Files (x86)\IMG_8572.JPG
2014-11-19 15:34 - 2014-07-05 09:43 - 3184210 _____ () C:\Program Files (x86)\IMG_8573.JPG
2014-11-19 15:34 - 2014-07-05 09:44 - 3608550 _____ () C:\Program Files (x86)\IMG_8574.JPG
2014-11-19 15:34 - 2014-07-05 09:44 - 2998368 _____ () C:\Program Files (x86)\IMG_8575.JPG
2014-11-19 15:34 - 2014-07-05 09:44 - 4283288 _____ () C:\Program Files (x86)\IMG_8576.JPG
2014-11-19 15:34 - 2014-07-05 09:44 - 9559223 _____ () C:\Program Files (x86)\IMG_8577.JPG
2014-11-19 15:34 - 2014-07-05 09:44 - 3725394 _____ () C:\Program Files (x86)\IMG_8578.JPG
2014-11-19 15:34 - 2014-07-05 09:44 - 3432233 _____ () C:\Program Files (x86)\IMG_8579.JPG
2014-11-19 15:34 - 2014-07-05 09:44 - 6459429 _____ () C:\Program Files (x86)\IMG_8581.JPG
2014-11-19 15:34 - 2014-07-05 09:44 - 8419970 _____ () C:\Program Files (x86)\IMG_8582.JPG
2014-11-19 15:34 - 2014-07-05 09:45 - 6897084 _____ () C:\Program Files (x86)\IMG_8583.JPG
2014-11-19 15:34 - 2014-07-05 09:45 - 7444241 _____ () C:\Program Files (x86)\IMG_8584.JPG
2014-11-19 15:34 - 2014-07-05 09:45 - 6989458 _____ () C:\Program Files (x86)\IMG_8585.JPG
2014-11-19 15:35 - 2014-11-18 23:44 - 4199833 _____ () C:\Program Files (x86)\IMG_8586.JPG
2014-11-19 15:35 - 2014-11-18 23:45 - 4414560 _____ () C:\Program Files (x86)\IMG_8587.JPG
2014-11-19 15:35 - 2014-11-18 23:45 - 4462047 _____ () C:\Program Files (x86)\IMG_8588.JPG
2014-11-19 15:35 - 2014-11-18 23:46 - 5031949 _____ () C:\Program Files (x86)\IMG_8589.JPG
2014-11-19 15:35 - 2014-11-18 23:46 - 5194666 _____ () C:\Program Files (x86)\IMG_8590.JPG
2014-11-19 15:35 - 2014-11-18 23:46 - 5043152 _____ () C:\Program Files (x86)\IMG_8591.JPG
2014-11-19 15:35 - 2014-11-18 23:46 - 4963542 _____ () C:\Program Files (x86)\IMG_8592.JPG
2014-11-19 15:35 - 2014-11-18 23:46 - 5049849 _____ () C:\Program Files (x86)\IMG_8593.JPG
2014-11-19 15:35 - 2014-11-18 23:46 - 5087077 _____ () C:\Program Files (x86)\IMG_8594.JPG
2014-11-19 15:35 - 2014-11-18 23:46 - 4957641 _____ () C:\Program Files (x86)\IMG_8595.JPG
2014-11-19 15:35 - 2014-11-18 23:46 - 4941978 _____ () C:\Program Files (x86)\IMG_8596.JPG
2014-11-19 15:35 - 2014-11-19 00:24 - 7254201 _____ () C:\Program Files (x86)\IMG_8597.JPG
2014-11-19 15:35 - 2014-11-19 00:24 - 6627111 _____ () C:\Program Files (x86)\IMG_8598.JPG
2014-11-19 15:35 - 2014-11-19 00:25 - 5708709 _____ () C:\Program Files (x86)\IMG_8599.JPG
2014-11-19 15:35 - 2014-11-19 00:25 - 5717836 _____ () C:\Program Files (x86)\IMG_8600.JPG
2014-11-19 15:35 - 2014-11-19 00:25 - 5789262 _____ () C:\Program Files (x86)\IMG_8601.JPG
2014-11-19 15:35 - 2014-11-19 00:26 - 4144514 _____ () C:\Program Files (x86)\IMG_8602.JPG
2014-11-19 15:35 - 2014-11-19 01:10 - 8035187 _____ () C:\Program Files (x86)\IMG_8603.JPG
2014-11-19 15:35 - 2014-11-19 01:11 - 7830893 _____ () C:\Program Files (x86)\IMG_8604.JPG
2014-11-19 15:35 - 2014-11-19 01:12 - 4809810 _____ () C:\Program Files (x86)\IMG_8605.JPG
2014-11-19 15:35 - 2014-11-19 01:12 - 4936477 _____ () C:\Program Files (x86)\IMG_8606.JPG
2014-11-19 15:35 - 2014-11-19 01:41 - 6538526 _____ () C:\Program Files (x86)\IMG_8607.JPG
2014-11-19 15:35 - 2014-11-19 01:41 - 5757433 _____ () C:\Program Files (x86)\IMG_8608.JPG
2014-11-19 15:35 - 2014-11-19 01:41 - 5778335 _____ () C:\Program Files (x86)\IMG_8609.JPG
2014-11-19 15:35 - 2014-11-19 02:25 - 7985641 _____ () C:\Program Files (x86)\IMG_8610.JPG
2014-11-19 15:35 - 2014-11-19 02:25 - 3877065 _____ () C:\Program Files (x86)\IMG_8611.JPG
2014-11-19 15:35 - 2014-11-19 02:25 - 4129417 _____ () C:\Program Files (x86)\IMG_8612.JPG
2014-11-19 15:35 - 2014-11-19 02:25 - 6415060 _____ () C:\Program Files (x86)\IMG_8613.JPG
2014-11-19 15:35 - 2014-11-19 02:25 - 5962703 _____ () C:\Program Files (x86)\IMG_8614.JPG
2014-11-19 15:35 - 2014-11-19 02:31 - 8324097 _____ () C:\Program Files (x86)\IMG_8615.JPG
2014-11-19 15:35 - 2014-11-19 02:31 - 8299477 _____ () C:\Program Files (x86)\IMG_8616.JPG
2014-11-19 15:35 - 2014-11-19 02:31 - 7861082 _____ () C:\Program Files (x86)\IMG_8617.JPG
2014-11-19 15:35 - 2014-11-19 02:31 - 7717652 _____ () C:\Program Files (x86)\IMG_8618.JPG
2014-11-19 15:35 - 2014-11-19 02:31 - 8107205 _____ () C:\Program Files (x86)\IMG_8619.JPG
2014-11-19 15:35 - 2014-11-19 02:31 - 5864686 _____ () C:\Program Files (x86)\IMG_8620.JPG
2014-11-19 15:35 - 2014-11-19 02:31 - 5774968 _____ () C:\Program Files (x86)\IMG_8621.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 7209885 _____ () C:\Program Files (x86)\IMG_8622.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 7086515 _____ () C:\Program Files (x86)\IMG_8623.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 7295034 _____ () C:\Program Files (x86)\IMG_8624.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 7373700 _____ () C:\Program Files (x86)\IMG_8625.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 7345672 _____ () C:\Program Files (x86)\IMG_8626.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 7470157 _____ () C:\Program Files (x86)\IMG_8627.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 7057916 _____ () C:\Program Files (x86)\IMG_8628.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 7160674 _____ () C:\Program Files (x86)\IMG_8629.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 7043978 _____ () C:\Program Files (x86)\IMG_8630.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 7043741 _____ () C:\Program Files (x86)\IMG_8631.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 6837209 _____ () C:\Program Files (x86)\IMG_8632.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 6836362 _____ () C:\Program Files (x86)\IMG_8633.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 6488937 _____ () C:\Program Files (x86)\IMG_8634.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 6500111 _____ () C:\Program Files (x86)\IMG_8635.JPG
2014-11-19 15:35 - 2014-11-19 03:36 - 6831376 _____ () C:\Program Files (x86)\IMG_8636.JPG
2014-11-19 15:35 - 2014-11-19 03:37 - 5633293 _____ () C:\Program Files (x86)\IMG_8637.JPG
2014-11-19 15:35 - 2014-11-19 03:37 - 5661844 _____ () C:\Program Files (x86)\IMG_8638.JPG
2014-11-19 15:35 - 2014-11-19 03:41 - 5071339 _____ () C:\Program Files (x86)\IMG_8639.JPG
2014-11-19 15:35 - 2014-11-19 03:41 - 5077389 _____ () C:\Program Files (x86)\IMG_8640.JPG
2014-11-19 15:35 - 2014-11-19 03:41 - 5412853 _____ () C:\Program Files (x86)\IMG_8641.JPG
2014-11-19 15:35 - 2014-11-19 03:41 - 5341982 _____ () C:\Program Files (x86)\IMG_8642.JPG
2014-11-19 15:35 - 2014-11-19 03:41 - 5190737 _____ () C:\Program Files (x86)\IMG_8643.JPG
2014-11-19 15:35 - 2014-11-19 03:41 - 5361132 _____ () C:\Program Files (x86)\IMG_8644.JPG
2014-11-19 15:35 - 2014-11-19 03:41 - 5408649 _____ () C:\Program Files (x86)\IMG_8645.JPG
2014-11-19 15:35 - 2014-11-19 03:42 - 5459802 _____ () C:\Program Files (x86)\IMG_8646.JPG
2014-11-19 15:35 - 2014-11-19 03:42 - 4974651 _____ () C:\Program Files (x86)\IMG_8647.JPG
2014-11-19 15:35 - 2014-11-19 03:42 - 5554955 _____ () C:\Program Files (x86)\IMG_8648.JPG
2014-11-19 15:35 - 2014-11-19 03:42 - 5654791 _____ () C:\Program Files (x86)\IMG_8649.JPG
2014-11-19 15:35 - 2014-11-19 03:42 - 5459729 _____ () C:\Program Files (x86)\IMG_8650.JPG
2014-11-19 15:35 - 2014-11-19 03:42 - 5330317 _____ () C:\Program Files (x86)\IMG_8651.JPG
2014-11-19 15:35 - 2014-11-19 03:42 - 5357402 _____ () C:\Program Files (x86)\IMG_8652.JPG
2014-11-19 15:35 - 2014-11-19 03:42 - 5401659 _____ () C:\Program Files (x86)\IMG_8653.JPG
2014-11-19 15:35 - 2014-11-19 03:42 - 5285546 _____ () C:\Program Files (x86)\IMG_8654.JPG
2014-11-19 15:35 - 2014-11-19 03:43 - 5098298 _____ () C:\Program Files (x86)\IMG_8655.JPG
2014-11-19 15:35 - 2014-11-19 03:43 - 5036462 _____ () C:\Program Files (x86)\IMG_8656.JPG
2014-11-19 15:35 - 2014-11-19 03:43 - 5063280 _____ () C:\Program Files (x86)\IMG_8657.JPG
2014-11-19 15:35 - 2014-11-19 03:43 - 5408620 _____ () C:\Program Files (x86)\IMG_8658.JPG
2014-11-19 15:35 - 2014-11-19 03:43 - 5356410 _____ () C:\Program Files (x86)\IMG_8659.JPG
2014-11-19 15:35 - 2014-11-19 03:43 - 5253085 _____ () C:\Program Files (x86)\IMG_8660.JPG
2014-11-19 15:35 - 2014-11-19 03:43 - 5368969 _____ () C:\Program Files (x86)\IMG_8661.JPG
2014-11-19 15:35 - 2014-11-19 03:43 - 5220950 _____ () C:\Program Files (x86)\IMG_8662.JPG
2014-11-19 15:35 - 2014-11-19 03:47 - 4824337 _____ () C:\Program Files (x86)\IMG_8663.JPG
2014-11-19 15:35 - 2014-11-19 03:48 - 5722168 _____ () C:\Program Files (x86)\IMG_8665.JPG
2014-11-19 15:35 - 2014-11-19 03:48 - 5249342 _____ () C:\Program Files (x86)\IMG_8666.JPG
2014-11-19 15:35 - 2014-11-19 03:48 - 5315952 _____ () C:\Program Files (x86)\IMG_8667.JPG
2014-11-19 15:35 - 2014-11-19 03:48 - 5373812 _____ () C:\Program Files (x86)\IMG_8668.JPG
2014-11-19 15:35 - 2014-11-19 03:49 - 5157834 _____ () C:\Program Files (x86)\IMG_8669.JPG
2014-11-19 15:35 - 2014-11-19 03:49 - 5151049 _____ () C:\Program Files (x86)\IMG_8670.JPG
2014-11-19 15:35 - 2014-11-19 03:49 - 5245050 _____ () C:\Program Files (x86)\IMG_8671.JPG
2014-11-19 15:35 - 2014-11-19 03:49 - 5792479 _____ () C:\Program Files (x86)\IMG_8672.JPG
2014-11-19 15:35 - 2014-11-19 03:49 - 5766997 _____ () C:\Program Files (x86)\IMG_8673.JPG
2014-11-19 15:35 - 2014-11-19 03:49 - 5744097 _____ () C:\Program Files (x86)\IMG_8674.JPG
2014-11-19 15:35 - 2014-11-19 03:49 - 5396536 _____ () C:\Program Files (x86)\IMG_8675.JPG
2014-11-19 15:35 - 2014-11-19 03:49 - 5203001 _____ () C:\Program Files (x86)\IMG_8676.JPG
2014-11-19 15:35 - 2014-11-19 03:49 - 5205491 _____ () C:\Program Files (x86)\IMG_8677.JPG
2014-11-19 15:35 - 2014-11-19 03:49 - 5692691 _____ () C:\Program Files (x86)\IMG_8678.JPG
2014-11-19 15:35 - 2014-11-19 03:50 - 5431695 _____ () C:\Program Files (x86)\IMG_8679.JPG
2014-11-19 15:35 - 2014-11-19 03:50 - 5959701 _____ () C:\Program Files (x86)\IMG_8680.JPG
2014-11-19 15:35 - 2014-11-19 03:50 - 5787520 _____ () C:\Program Files (x86)\IMG_8681.JPG
2014-11-19 15:35 - 2014-11-19 03:50 - 5759315 _____ () C:\Program Files (x86)\IMG_8682.JPG
2014-11-19 15:35 - 2014-11-19 03:50 - 4798101 _____ () C:\Program Files (x86)\IMG_8683.JPG
2014-11-19 15:35 - 2014-11-19 03:50 - 4760475 _____ () C:\Program Files (x86)\IMG_8684.JPG
2014-11-19 15:35 - 2014-11-19 03:50 - 5686328 _____ () C:\Program Files (x86)\IMG_8685.JPG
2014-11-19 15:35 - 2014-11-19 03:50 - 5332049 _____ () C:\Program Files (x86)\IMG_8686.JPG
2014-11-19 15:35 - 2014-11-19 03:50 - 5463959 _____ () C:\Program Files (x86)\IMG_8687.JPG
2014-11-19 15:35 - 2014-11-19 03:50 - 5531721 _____ () C:\Program Files (x86)\IMG_8688.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5940373 _____ () C:\Program Files (x86)\IMG_8689.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5943429 _____ () C:\Program Files (x86)\IMG_8690.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5240041 _____ () C:\Program Files (x86)\IMG_8691.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5510876 _____ () C:\Program Files (x86)\IMG_8692.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5258016 _____ () C:\Program Files (x86)\IMG_8693.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5534516 _____ () C:\Program Files (x86)\IMG_8694.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5490957 _____ () C:\Program Files (x86)\IMG_8695.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5517114 _____ () C:\Program Files (x86)\IMG_8696.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5665373 _____ () C:\Program Files (x86)\IMG_8697.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5822813 _____ () C:\Program Files (x86)\IMG_8698.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5981013 _____ () C:\Program Files (x86)\IMG_8699.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5843751 _____ () C:\Program Files (x86)\IMG_8700.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5599175 _____ () C:\Program Files (x86)\IMG_8701.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5730267 _____ () C:\Program Files (x86)\IMG_8702.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5502624 _____ () C:\Program Files (x86)\IMG_8703.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5905151 _____ () C:\Program Files (x86)\IMG_8704.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5189541 _____ () C:\Program Files (x86)\IMG_8705.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5474755 _____ () C:\Program Files (x86)\IMG_8706.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5943701 _____ () C:\Program Files (x86)\IMG_8707.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5811013 _____ () C:\Program Files (x86)\IMG_8708.JPG
2014-11-19 15:35 - 2014-11-19 03:51 - 5996380 _____ () C:\Program Files (x86)\IMG_8709.JPG
2014-11-19 15:35 - 2014-11-19 03:52 - 6035523 _____ () C:\Program Files (x86)\IMG_8710.JPG
2014-11-19 15:35 - 2014-11-19 03:52 - 5879062 _____ () C:\Program Files (x86)\IMG_8711.JPG
2014-11-19 15:35 - 2014-11-19 03:52 - 6117845 _____ () C:\Program Files (x86)\IMG_8712.JPG
2014-11-19 15:35 - 2014-11-19 03:52 - 6442495 _____ () C:\Program Files (x86)\IMG_8713.JPG
2014-11-19 15:35 - 2014-11-19 03:52 - 5619396 _____ () C:\Program Files (x86)\IMG_8714.JPG
2014-11-19 15:35 - 2014-11-19 03:52 - 5529935 _____ () C:\Program Files (x86)\IMG_8715.JPG
2014-11-19 15:35 - 2014-11-19 03:53 - 7211009 _____ () C:\Program Files (x86)\IMG_8716.JPG
2014-11-19 15:35 - 2014-11-19 03:53 - 7014987 _____ () C:\Program Files (x86)\IMG_8717.JPG
2014-11-19 15:35 - 2014-11-19 03:54 - 7348109 _____ () C:\Program Files (x86)\IMG_8718.JPG
2014-11-19 15:35 - 2014-11-19 03:54 - 7044264 _____ () C:\Program Files (x86)\IMG_8719.JPG
2014-11-19 15:35 - 2014-11-19 03:54 - 7304824 _____ () C:\Program Files (x86)\IMG_8720.JPG
2014-11-19 15:35 - 2014-11-19 03:54 - 7359235 _____ () C:\Program Files (x86)\IMG_8721.JPG
2014-11-19 15:35 - 2014-11-19 03:54 - 6883686 _____ () C:\Program Files (x86)\IMG_8722.JPG
2014-11-19 15:35 - 2014-11-19 03:54 - 6870302 _____ () C:\Program Files (x86)\IMG_8723.JPG
2014-11-19 15:35 - 2014-11-19 03:54 - 6882254 _____ () C:\Program Files (x86)\IMG_8724.JPG
2014-11-19 15:35 - 2014-11-19 03:54 - 7316858 _____ () C:\Program Files (x86)\IMG_8725.JPG
2014-11-19 15:35 - 2014-11-19 03:54 - 7405893 _____ () C:\Program Files (x86)\IMG_8726.JPG
2014-11-19 15:35 - 2014-11-19 03:54 - 7168577 _____ () C:\Program Files (x86)\IMG_8727.JPG
2014-11-19 15:35 - 2014-11-19 04:25 - 7132032 _____ () C:\Program Files (x86)\IMG_8728.JPG
2014-11-19 15:35 - 2014-11-19 04:25 - 7106489 _____ () C:\Program Files (x86)\IMG_8729.JPG
2014-11-19 15:35 - 2014-11-19 04:26 - 5628121 _____ () C:\Program Files (x86)\IMG_8730.JPG
2014-11-19 15:35 - 2014-11-19 04:26 - 5715580 _____ () C:\Program Files (x86)\IMG_8731.JPG
2014-11-19 15:35 - 2014-11-19 04:26 - 6011187 _____ () C:\Program Files (x86)\IMG_8732.JPG
2014-11-19 15:35 - 2014-11-19 04:26 - 6808341 _____ () C:\Program Files (x86)\IMG_8733.JPG
2014-11-19 15:35 - 2014-11-19 04:26 - 5883264 _____ () C:\Program Files (x86)\IMG_8734.JPG
2014-11-19 15:35 - 2014-11-19 04:26 - 7024221 _____ () C:\Program Files (x86)\IMG_8735.JPG
2014-11-19 15:35 - 2014-11-19 04:52 - 4518157 _____ () C:\Program Files (x86)\IMG_8736.JPG
2014-11-19 15:35 - 2014-11-19 04:52 - 5471938 _____ () C:\Program Files (x86)\IMG_8737.JPG
2014-11-19 15:35 - 2014-11-19 05:01 - 7473205 _____ () C:\Program Files (x86)\IMG_8738.JPG
2014-11-19 15:35 - 2014-11-19 05:01 - 7542653 _____ () C:\Program Files (x86)\IMG_8739.JPG
2014-11-19 15:35 - 2014-11-19 05:02 - 7676707 _____ () C:\Program Files (x86)\IMG_8740.JPG
2014-11-19 15:35 - 2014-11-19 05:02 - 7570922 _____ () C:\Program Files (x86)\IMG_8741.JPG
2014-11-19 15:35 - 2014-11-19 05:02 - 7652085 _____ () C:\Program Files (x86)\IMG_8742.JPG
2014-11-19 15:35 - 2014-11-19 05:02 - 7308460 _____ () C:\Program Files (x86)\IMG_8743.JPG
2014-11-19 15:35 - 2014-11-19 05:02 - 7074457 _____ () C:\Program Files (x86)\IMG_8744.JPG
2014-10-29 17:21 - 2015-12-21 20:05 - 0000446 _____ () C:\Users\Sidney\AppData\Roaming\WB.CFG
2014-10-31 08:21 - 2014-12-17 08:21 - 0000001 _____ () C:\Users\Sidney\AppData\Local\DSI.DAT
2014-11-19 08:21 - 2014-11-19 08:21 - 0000008 _____ () C:\Users\Sidney\AppData\Local\ext2.dat
2014-07-03 22:08 - 2014-07-03 22:08 - 0000000 _____ () C:\Users\Sidney\AppData\Local\{700DDCE0-579B-43ED-BC92-49DD688AB73E}

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-29 09:04

==================== End of FRST.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:10 AM

Posted 30 December 2015 - 11:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold Via the Control Panel > Programs and Features applet.
VideoDownloadConverter Toolbar Chrome Extension (HKLM-x32\...\VideoDownloadConverter_4z Chrome Extension Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version: - WSE_Astromenda) <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Fesulok] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sidney\AppData\Local\29d7106b1506c019\Dufaku.dat"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-1747975209-1935908775-2939679204-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [No File]
CHR NewTab: Default -> "chrome-extension://fhndhalcfnmpglbelaejgmjlialaopij/components/supertab/html/supertab.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Extension: (avast! Online Security) - C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-01]
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Sidney\AppData\Local\29d7106b1506c019

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
===

Please post the logs and let me know what problem persists.

#3 pilgrim56

pilgrim56
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wyoming
  • Local time:12:10 AM

Posted 30 December 2015 - 12:41 PM

Hello nasdaq and thank you for your help with this issue.

I was not able to accomplish the first item on your list:

 

(Remove these programs in bold Via the Control Panel > Programs and Features applet.
VideoDownloadConverter Toolbar Chrome Extension (HKLM-x32\...\VideoDownloadConverter_4z Chrome Extension Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version: - WSE_Astromenda) <==== ATTENTION)

 

do to the explanation on the following image:

https://www.dropbox.com/s/epvl2vpj4jjy63m/unInstall.jpg?dl=0

Should I then skip your first item and move directly onto #2 (fixlist.txt)?

 

Scott


Edited by pilgrim56, 30 December 2015 - 01:40 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:10 AM

Posted 30 December 2015 - 02:12 PM

The entry is only in the Program list.
Delete it when ask to do it or just forget about it.

Continue with the fix.

#5 pilgrim56

pilgrim56
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wyoming
  • Local time:12:10 AM

Posted 30 December 2015 - 02:48 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by Sidney (2015-12-30 11:38:54) Run:1
Running from C:\Users\Sidney\Desktop
Loaded Profiles: Sidney (Available Profiles: Sidney)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Fesulok] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sidney\AppData\Local\29d7106b1506c019\Dufaku.dat"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-1747975209-1935908775-2939679204-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [No File]
CHR NewTab: Default -> "chrome-extension://fhndhalcfnmpglbelaejgmjlialaopij/components/supertab/html/supertab.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Extension: (avast! Online Security) - C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-01]
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Sidney\AppData\Local\29d7106b1506c019

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Fesulok => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
"HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1b31c9d2-7135-442b-bb93-7c002172adc6}" => key removed successfully
HKCR\CLSID\{1b31c9d2-7135-442b-bb93-7c002172adc6} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => key removed successfully
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKU\S-1-5-21-1747975209-1935908775-2939679204-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin" => key removed successfully
Chrome NewTab => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => not found.
C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
BCM42RLY => service removed successfully
catchme => service removed successfully
C:\Users\Sidney\AppData\Local\29d7106b1506c019 => moved successfully
EmptyTemp: => 1.9 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 11:40:03 ====



#6 pilgrim56

pilgrim56
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wyoming
  • Local time:12:10 AM

Posted 30 December 2015 - 03:15 PM

# AdwCleaner v5.027 - Logfile created 30/12/2015 at 12:07:23
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Sidney - SIDNEY-PC
# Running from : C:\Data\adwcleaner_5.027.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : swdumon

***** [ Folders ] *****

Folder Found : C:\Birds
Folder Found : C:\Program Files (x86)\VideoDownloadConverter
Folder Found : C:\ProgramData\BorderlineInit
Folder Found : C:\ProgramData\BoostSoftware

***** [ Files ] *****

File Found : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_pfkfdlcdbajamklbneflfbcmfgddmpae_0.localstorage
File Found : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_inboxace.dl.tb.ask.com_0.localstorage
File Found : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_inboxace.dl.tb.ask.com_0.localstorage-journal
File Found : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage
File Found : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage-journal
File Found : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_videodownloadconverter.dl.tb.ask.com_0.localstorage
File Found : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal
File Found : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\windows\SysNative\drivers\swdumon.sys

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\20ec4591-96e7-7bfc-7368-802cc210da66
Key Found : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Key Found : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Key Found : HKCU\Software\BRS
Key Found : HKCU\Software\UpdaterEX
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\yahooprovidedsearch
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found : HKLM\SOFTWARE\VideoDownloadConverter
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CDC0E5FC-C178-47CB-8356-F7628A1112CA} [NameServer] - 199.203.131.150,82.163.143.168
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{CDC0E5FC-C178-47CB-8356-F7628A1112CA} [NameServer] - 199.203.131.150,82.163.143.168
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{CDC0E5FC-C178-47CB-8356-F7628A1112CA} [NameServer] - 199.203.131.150,82.163.143.168
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markit.co
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markit00.re-markit.co

***** [ Web browsers ] *****

[C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : askws
[C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : Astromenda.com
[C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : adldappccjhelkmbkpiibilgnnjakieg
[C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pfkfdlcdbajamklbneflfbcmfgddmpae

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4611 bytes] ##########



#7 pilgrim56

pilgrim56
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wyoming
  • Local time:12:10 AM

Posted 30 December 2015 - 04:04 PM

# AdwCleaner v5.027 - Logfile created 30/12/2015 at 12:54:52
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Sidney - SIDNEY-PC
# Running from : C:\Data\adwcleaner_5.027.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Birds
[-] Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter
[-] Folder Deleted : C:\ProgramData\BorderlineInit
[-] Folder Deleted : C:\ProgramData\BoostSoftware

***** [ Files ] *****

[-] File Deleted : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_pfkfdlcdbajamklbneflfbcmfgddmpae_0.localstorage
[-] File Deleted : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_inboxace.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_inboxace.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_videodownloadconverter.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Sidney\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\windows\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\20ec4591-96e7-7bfc-7368-802cc210da66
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
[-] Key Deleted : HKCU\Software\BRS
[-] Key Deleted : HKCU\Software\UpdaterEX
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\yahooprovidedsearch
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\VideoDownloadConverter
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CDC0E5FC-C178-47CB-8356-F7628A1112CA} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{CDC0E5FC-C178-47CB-8356-F7628A1112CA} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{CDC0E5FC-C178-47CB-8356-F7628A1112CA} [NameServer]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markit.co
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markit00.re-markit.co

***** [ Web browsers ] *****

[-] [C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : askws
[-] [C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Astromenda.com
[-] [C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : adldappccjhelkmbkpiibilgnnjakieg
[-] [C:\Users\Sidney\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pfkfdlcdbajamklbneflfbcmfgddmpae

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4857 bytes] ##########



#8 pilgrim56

pilgrim56
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wyoming
  • Local time:12:10 AM

Posted 30 December 2015 - 04:39 PM

Finished the rest of your instructions and Voilà!

The computer is fixed!

Thank you so much nasdaq for you expertise and excellent help :clapping:



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:10 AM

Posted 31 December 2015 - 08:20 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:10 AM

Posted 06 January 2016 - 09:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users