Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected to flash update window


  • This topic is locked This topic is locked
12 replies to this topic

#1 smedula

smedula

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 02 January 2016 - 04:19 PM

I am occasionally redirected to a window which suggests I update the flash player. I have run numerous tools to correct this to no avail: MalwareBytes, JRT, Ad-Aware, Adware cleaner, Emsisoft.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Mayo (administrator) on PLIK (02-01-2016 15:59:25)
Running from C:\Users\Mayo\Desktop\Downloads
Loaded Profiles: Mayo (Available Profiles: Mayo)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-23] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [528384 2015-11-10] (Greenshot)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe [9574112 2015-12-09] ()
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] => C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [Kinetic Books] => C:\Program Files (x86)\Kinetic Books\KineticBooksWebserver.exe [80016 2007-07-10] (hxxp://launch4j.sourceforge.net)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-01-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-08-31] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\runonceex: [ContentMerger] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2010-03-19] (Sonic Solutions)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3195663335-1097582549-249040865-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3195663335-1097582549-249040865-1000\...\Run: [Google Update] => C:\Users\Mayo\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-03] (Google Inc.)
HKU\S-1-5-21-3195663335-1097582549-249040865-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3195663335-1097582549-249040865-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3195663335-1097582549-249040865-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3195663335-1097582549-249040865-1000\...\MountPoints2: {2bcd6d99-d248-11e3-a5bb-d48564b2fa9a} - F:\win\setup.exe -phs
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3195663335-1097582549-249040865-1000] => hxxp://stoppblock.me/wpad.dat?ba4ff3b9c594811c340173c8b5ac16153447142
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{44B083A4-74AD-4408-9086-664B49AC7851}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E37057BC-612C-4827-9F9C-98EF642C9761}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E37057BC-612C-4827-9F9C-98EF642C9761}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3195663335-1097582549-249040865-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3195663335-1097582549-249040865-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-3195663335-1097582549-249040865-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll [2012-01-10] (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-01-19] (RealPlayer)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-29] (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-3195663335-1097582549-249040865-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-3195663335-1097582549-249040865-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

FireFox:
========
FF ProfilePath: C:\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\je6i5w0l.default-1451700146982
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://news.google.com 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @java.com/JavaPlugin,version=10.3.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll [2012-01-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-12-07] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corp)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-12-07] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corp)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2012-02-16] (Amnis Technology Ltd)
FF Plugin-x32: @real.com/nppl3260;version=15.0.1.13 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-01-19] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-01-19] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-01-19] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-01-19] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll [2012-01-19] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2077975\npmathplugin.dll [2011-03-01] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195663335-1097582549-249040865-1000: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2012-02-16] (Amnis Technology Ltd)
FF Plugin HKU\S-1-5-21-3195663335-1097582549-249040865-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mayo\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3195663335-1097582549-249040865-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mayo\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3195663335-1097582549-249040865-1000: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-02-29] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-01-19] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012-01-19] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2012-01-19] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll [2010-04-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()
FF Extension: Dictionnaires français - C:\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\je6i5w0l.default-1451700146982\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2016-01-02]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\E9258B3A8284B7DDA2745A6F2CBD5C18E925 [2015-11-24] <==== ATTENTION

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Users\Mayo\AppData\Local\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Mayo\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Mayo\AppData\Local\Google\Chrome\Application\47.0.2526.106\gears.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\Mayo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mayo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mayo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-20]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-18]
StartMenuInternet: Google Chrome - C:\Users\Mayo\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [10768560 2015-11-25] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S4 AxiomAudioDevMon; C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe [1632776 2010-02-19] (M-Audio)
S4 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-11-30] (Broadcom Corporation) [File not signed]
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-12-27] (SurfRight B.V.)
S4 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124472 2010-03-03] (Hewlett-Packard)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 Kinetic Books License Service; C:\Program Files (x86)\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe [79360 2011-02-15] (Kinetic Books) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe [712432 2015-12-09] ()
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed]
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2010-12-09] (Macromedia) [File not signed]
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6237800 2010-04-30] ()
S4 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [157544 2011-06-23] (Sony Corporation)
S4 Rdprcsrwppor; C:\Windows\system32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
S4 Rdprcsrwppor; C:\Windows\SysWOW64\drivers\wimmount.sys [19008 2009-07-13] (Microsoft Corporation)
S4 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.) [File not signed]
S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 FileZilla Server; "C:\Users\Mayo\Documents\Adams Piano Studio\xampp\FileZillaFTP\FileZilla server.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AXIOM; C:\Windows\System32\DRIVERS\MAudioAxiom.sys [137736 2010-02-19] (M-Audio)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1267200 2010-10-28] (C-Media Inc)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-11-25] (Emsisoft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-11-17] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-08-16] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S4 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
S4 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sdfhgdf; C:\Windows\System32\DRIVERS\sdfhgdf.sys [23712 2015-12-28] (Corporation)
S3 swHSnet00; C:\Windows\System32\DRIVERS\swHSnet00.sys [376264 2012-12-19] (Sierra Wireless Incorporated)
S3 swHSser00; C:\Windows\System32\DRIVERS\swHSser00.sys [269512 2012-12-19] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx.sys [114424 2012-12-19] (Sierra Wireless Inc.)
S3 swiwdmbxhs; C:\Windows\System32\DRIVERS\swiwdmbxhs.sys [114424 2012-12-19] (Sierra Wireless Inc.)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2010-09-17] (Steinberg Media Technologies GmbH)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S2 regi; \??\C:\Windows\system32\drivers\regi.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 15:59 - 2016-01-02 15:59 - 00000000 ____D C:\FRST
2016-01-01 21:08 - 2016-01-01 21:08 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-01 21:00 - 2016-01-01 21:00 - 00000873 _____ C:\Users\Mayo\Desktop\JRT.txt
2016-01-01 20:56 - 2016-01-01 20:56 - 01599336 _____ (Malwarebytes) C:\Users\Mayo\Desktop\JRT.exe
2016-01-01 19:07 - 2016-01-01 19:07 - 00000750 _____ C:\Users\Mayo\Desktop\Start Emsisoft Emergency Kit.lnk
2016-01-01 19:05 - 2016-01-01 19:07 - 00000000 ____D C:\EEK
2016-01-01 19:05 - 2016-01-01 19:05 - 199722360 _____ C:\Users\Mayo\Desktop\EmsisoftEmergencyKit.exe
2016-01-01 14:49 - 2016-01-01 18:52 - 00048640 ____H C:\Users\Mayo\Documents\~WRL2878.tmp
2016-01-01 14:49 - 2016-01-01 18:48 - 00047616 ____H C:\Users\Mayo\Documents\~WRL1463.tmp
2016-01-01 14:49 - 2016-01-01 18:39 - 00046592 ____H C:\Users\Mayo\Documents\~WRL1560.tmp
2016-01-01 14:49 - 2016-01-01 18:38 - 00046592 ____H C:\Users\Mayo\Documents\~WRL1508.tmp
2016-01-01 14:49 - 2016-01-01 18:36 - 00046592 ____H C:\Users\Mayo\Documents\~WRL4093.tmp
2016-01-01 14:49 - 2016-01-01 18:35 - 00046592 ____H C:\Users\Mayo\Documents\~WRL0478.tmp
2016-01-01 14:49 - 2016-01-01 18:31 - 00045568 ____H C:\Users\Mayo\Documents\~WRL3947.tmp
2016-01-01 14:49 - 2016-01-01 18:06 - 00045056 ____H C:\Users\Mayo\Documents\~WRL3066.tmp
2016-01-01 14:49 - 2016-01-01 17:58 - 00044544 ____H C:\Users\Mayo\Documents\~WRL2406.tmp
2016-01-01 14:49 - 2016-01-01 17:38 - 00044032 ____H C:\Users\Mayo\Documents\~WRL0861.tmp
2016-01-01 14:49 - 2016-01-01 17:33 - 00044032 ____H C:\Users\Mayo\Documents\~WRL0139.tmp
2016-01-01 14:49 - 2016-01-01 17:32 - 00043520 ____H C:\Users\Mayo\Documents\~WRL1988.tmp
2016-01-01 14:49 - 2016-01-01 17:28 - 00043520 ____H C:\Users\Mayo\Documents\~WRL2630.tmp
2016-01-01 14:49 - 2016-01-01 17:09 - 00036864 ____H C:\Users\Mayo\Documents\~WRL1133.tmp
2016-01-01 14:49 - 2016-01-01 17:03 - 00035328 ____H C:\Users\Mayo\Documents\~WRL1113.tmp
2016-01-01 14:49 - 2016-01-01 16:53 - 00033280 ____H C:\Users\Mayo\Documents\~WRL1724.tmp
2016-01-01 14:49 - 2016-01-01 16:26 - 00030720 ____H C:\Users\Mayo\Documents\~WRL1510.tmp
2016-01-01 14:49 - 2016-01-01 16:19 - 00030208 ____H C:\Users\Mayo\Documents\~WRL3732.tmp
2016-01-01 14:49 - 2016-01-01 16:02 - 00030208 ____H C:\Users\Mayo\Documents\~WRL0041.tmp
2016-01-01 14:49 - 2016-01-01 15:57 - 00029696 ____H C:\Users\Mayo\Documents\~WRL0360.tmp
2016-01-01 14:49 - 2016-01-01 15:37 - 00026112 ____H C:\Users\Mayo\Documents\~WRL2132.tmp
2016-01-01 14:49 - 2016-01-01 14:56 - 00024576 ____H C:\Users\Mayo\Documents\~WRL2175.tmp
2016-01-01 14:49 - 2016-01-01 14:49 - 00024064 ____H C:\Users\Mayo\Documents\~WRL1802.tmp
2015-12-31 04:15 - 2015-12-31 04:15 - 00010606 _____ C:\Users\Mayo\Desktop\Ad-Aware_Report_Full_Manual_2015-12-31T04-12-54.201423.xml
2015-12-31 00:25 - 2015-12-31 00:25 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\Lavasoft
2015-12-31 00:04 - 2016-01-02 15:51 - 00002353 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-12-31 00:04 - 2015-12-31 00:04 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\LavasoftStatistics
2015-12-31 00:04 - 2015-12-31 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-12-31 00:04 - 2015-12-31 00:04 - 00000000 ____D C:\Program Files\Lavasoft
2015-12-31 00:03 - 2015-12-31 00:03 - 00000000 ____D C:\ProgramData\Lavasoft
2015-12-31 00:03 - 2015-12-31 00:03 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-12-30 23:35 - 2015-12-30 23:35 - 00001240 _____ C:\Users\Mayo\Desktop\results.txt
2015-12-30 20:41 - 2015-12-30 20:42 - 00000000 ____D C:\Users\Mayo\Desktop\backups
2015-12-30 20:24 - 2015-12-30 20:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mayo\Desktop\HijackThis.exe
2015-12-29 19:39 - 2015-12-29 19:39 - 00045662 _____ C:\Users\Mayo\Desktop\Create, format, or delete a hyperlink - Word.htm
2015-12-29 19:39 - 2015-12-29 19:39 - 00000000 ____D C:\Users\Mayo\Desktop\Create, format, or delete a hyperlink - Word_files
2015-12-29 15:55 - 2015-12-29 15:55 - 00000000 _____ C:\Windows\system32\Drivers\etc\New Text Document.txt
2015-12-29 15:36 - 2015-12-29 15:36 - 00000000 ___RD C:\Users\Mayo\Virtual Machines
2015-12-29 15:36 - 2015-12-29 15:36 - 00000000 ____D C:\Users\Mayo\TruePianos Settings
2015-12-29 14:39 - 2015-12-29 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SpringFiles
2015-12-29 14:36 - 2015-12-28 18:06 - 00023712 _____ (Corporation) C:\Windows\system32\Drivers\sdfhgdf.sys
2015-12-28 14:19 - 2015-12-28 18:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-27 11:04 - 2015-12-27 11:04 - 00000485 _____ C:\Users\Mayo\Desktop\E.lnk
2015-12-26 02:34 - 2015-12-26 02:35 - 26041900 _____ (MPSOFTWARE ) C:\Users\Mayo\Desktop\phpdesigner_8_1_2_setup.exe
2015-12-26 02:12 - 2015-12-26 02:12 - 00584288 _____ (Oracle Corporation) C:\Users\Mayo\Desktop\jxpiinstall.exe
2015-12-24 14:02 - 2015-12-27 00:46 - 00000874 _____ C:\Users\Mayo\Desktop\Shakespeare.lnk
2015-12-24 11:52 - 2015-12-24 11:52 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2015-12-24 11:22 - 2015-12-27 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-24 11:22 - 2015-12-27 00:47 - 00001876 _____ C:\Users\Mayo\Desktop\iTunes.lnk
2015-12-24 11:21 - 2015-12-24 11:22 - 00000000 ____D C:\Program Files\iTunes
2015-12-24 11:21 - 2015-12-24 11:21 - 00000000 ____D C:\Program Files\iPod
2015-12-24 11:21 - 2015-12-24 11:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-24 11:20 - 2015-12-24 11:20 - 00000000 ____D C:\Program Files\Bonjour
2015-12-24 11:20 - 2015-12-24 11:20 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-12-24 11:19 - 2015-12-24 11:19 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-12-24 11:19 - 2015-12-24 11:19 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-12-23 20:35 - 2015-12-27 00:47 - 00002132 _____ C:\Users\Public\Desktop\UltraEdit.lnk
2015-12-23 20:35 - 2015-12-23 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
2015-12-23 19:40 - 2015-12-23 20:38 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\IDMComp
2015-12-23 19:40 - 2015-12-23 19:40 - 00000000 ____D C:\ProgramData\IDMComp
2015-12-23 19:39 - 2015-12-23 19:39 - 00000000 ____D C:\Program Files\IDM Computer Solutions
2015-12-23 19:37 - 2015-12-23 19:37 - 00000000 ____D C:\SMARTD~1
2015-12-23 19:36 - 2015-12-23 19:36 - 00259144 _____ C:\Users\Mayo\Desktop\sd_uninstaller.exe
2015-12-23 19:18 - 2015-12-23 19:19 - 55042488 _____ (IDM Computer Solutions, Inc.) C:\Users\Mayo\Desktop\ue_english_64.exe
2015-12-23 18:20 - 2015-12-23 18:20 - 00000420 _____ C:\Users\Mayo\Desktop\SimpleDemo.c
2015-12-23 15:17 - 2015-12-23 15:17 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\Greenshot
2015-12-23 15:17 - 2015-12-23 15:17 - 00000000 ____D C:\Users\Mayo\AppData\Local\Greenshot
2015-12-23 15:16 - 2015-12-23 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2015-12-23 15:16 - 2015-12-23 15:16 - 00000000 ____D C:\Program Files\Greenshot
2015-12-23 15:15 - 2015-12-23 15:16 - 01374661 _____ (Greenshot ) C:\Users\Mayo\Desktop\Greenshot-INSTALLER-1.2.8.12-RELEASE.exe
2015-12-23 11:59 - 2015-12-23 12:18 - 00001641 _____ C:\Users\Mayo\Desktop\Untitled-1.html
2015-12-23 09:44 - 2015-12-23 09:44 - 00000536 _____ C:\Users\Mayo\Desktop\C _Users_Mayo_AppData_Local_Temp_fla1920.tmp.html
2015-12-22 15:06 - 2015-12-27 13:30 - 00000000 ____D C:\Users\Mayo\Documents\My Kindle Content
2015-12-22 15:06 - 2015-12-27 00:46 - 00002026 _____ C:\Users\Mayo\Desktop\Kindle.lnk
2015-12-22 15:06 - 2015-12-22 15:06 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-12-22 14:57 - 2015-12-22 15:06 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-12-21 18:30 - 2015-12-21 18:30 - 00104617 _____ C:\Users\Mayo\Desktop\Database connections for PHP developers in Dreamweaver.htm
2015-12-21 15:17 - 2015-12-21 16:21 - 00000000 ____D C:\Program Files\paint.net
2015-12-21 15:17 - 2015-12-21 15:19 - 00000000 ____D C:\Users\Mayo\AppData\Local\paint.net
2015-12-20 18:20 - 2015-12-20 18:22 - 00000000 ____D C:\Users\Mayo\AdobeLicensingFilesBackup
2015-12-20 18:19 - 2015-12-20 18:19 - 00000000 ____D C:\Users\Mayo\Desktop\LicenseRecovery109
2015-12-20 18:17 - 2015-12-20 18:17 - 04604138 _____ C:\Users\Mayo\Desktop\LicenseRecovery109.zip
2015-12-20 05:36 - 2015-12-20 05:36 - 00001559 _____ C:\Users\Mayo\AppData\Local\recently-used.xbel
2015-12-20 03:24 - 2015-12-27 00:21 - 00000000 ____D C:\Users\Mayo\Desktop\Icons
2015-12-20 02:42 - 2015-12-27 00:46 - 00000965 _____ C:\Users\Mayo\Desktop\Xammp Control Panel.lnk
2015-12-20 02:20 - 2015-12-20 02:31 - 00000000 ____D C:\Users\Mayo\Desktop\old_htdocs
2015-12-20 02:13 - 2015-12-20 02:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2015-12-20 02:08 - 2015-12-27 00:41 - 00000000 ____D C:\xampp
2015-12-19 23:55 - 2015-12-19 23:55 - 00424103 _____ C:\Users\Mayo\Desktop\Amazon.com  thepunisher08's review of Adobe Dreamweaver CS5 Classroom in a Book.htm
2015-12-19 23:55 - 2015-12-19 23:55 - 00000000 ____D C:\Users\Mayo\Desktop\Amazon.com  thepunisher08's review of Adobe Dreamweaver CS5 Classroom in a Book_files
2015-12-19 17:22 - 2015-12-19 17:35 - 00000000 ____D C:\Users\Mayo\.dia
2015-12-19 17:22 - 2015-12-19 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia
2015-12-19 17:21 - 2015-12-19 17:22 - 00000000 ____D C:\Program Files (x86)\Dia
2015-12-19 17:07 - 2015-12-19 17:07 - 00003630 _____ C:\Windows\System32\Tasks\SDMsgUpdate (Local)
2015-12-19 17:07 - 2015-12-19 17:07 - 00003622 _____ C:\Windows\System32\Tasks\SDMsgUpdate (TE)
2015-12-19 17:07 - 2015-12-19 17:07 - 00000000 ____D C:\Users\Mayo\AppData\System
2015-12-19 17:07 - 2015-12-19 17:07 - 00000000 ____D C:\Users\Mayo\AppData\Local\SmartDraw
2015-12-19 17:07 - 2015-12-19 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw CI
2015-12-17 09:52 - 2015-12-27 00:46 - 00002057 _____ C:\Users\Mayo\Desktop\WYSIWYG Web Builder 10.lnk
2015-12-17 09:52 - 2015-12-17 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WYSIWYG Web Builder 10
2015-12-17 09:51 - 2015-12-17 10:45 - 00000000 ____D C:\Program Files (x86)\WYSIWYG Web Builder 10
2015-12-17 09:49 - 2015-12-17 09:49 - 08143672 _____ C:\Users\Mayo\Desktop\webbuilder10.zip
2015-12-14 17:24 - 2015-12-14 17:24 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\Sublime Text 2
2015-12-14 16:08 - 2015-12-27 00:45 - 00001497 _____ C:\Users\Mayo\Desktop\atomt.lnk
2015-12-14 15:22 - 2015-12-22 13:20 - 00000000 ___RD C:\Users\Mayo\Creative Cloud Files
2015-12-14 15:19 - 2015-12-14 15:19 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-14 03:36 - 2015-12-27 00:47 - 00000984 _____ C:\Users\Public\Desktop\ODT Viewer.lnk
2015-12-14 03:36 - 2015-12-14 03:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODT Viewer
2015-12-14 03:36 - 2015-12-14 03:36 - 00000000 ____D C:\Program Files (x86)\ODT Viewer
2015-12-12 23:17 - 2015-12-14 15:00 - 00030208 ___SH C:\Users\Mayo\AppData\Roaming\Thumbs.db
2015-12-12 18:35 - 2015-12-27 00:46 - 00001188 _____ C:\Users\Mayo\Desktop\My Library.lnk
2015-12-12 17:10 - 2015-12-29 15:57 - 00000854 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2015-12-11 16:08 - 2015-12-11 16:08 - 00007320 _____ C:\Users\Mayo\Documents\sine
2015-12-11 11:54 - 2015-12-11 11:56 - 00000000 ____D C:\Program Files\Unlocker
2015-12-11 11:54 - 2015-12-11 11:54 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-12-11 11:44 - 2015-12-11 11:44 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\com.adobe.amp
2015-12-10 19:47 - 2015-12-10 19:47 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\PeerNetworking
2015-12-10 19:46 - 2015-12-10 19:47 - 00000000 ____D C:\Users\Mayo\AppData\Local\BACS
2015-12-09 19:01 - 2015-12-09 19:01 - 00028236 _____ C:\Users\Mayo\Desktop\whatsnew.txt
2015-12-09 11:04 - 2015-12-09 11:04 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\Trufos.sys
2015-12-09 08:17 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 08:17 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 08:17 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 08:17 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 08:17 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 08:17 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 08:17 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 08:17 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 08:17 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 08:17 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 08:17 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 08:17 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 08:17 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 08:17 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 08:17 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 08:17 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 08:17 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-09 08:17 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-09 08:17 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 08:17 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 08:17 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-09 08:17 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 08:17 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 08:17 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 08:17 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 08:17 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 08:17 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 08:17 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-09 08:17 - 2015-10-08 14:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 08:17 - 2015-10-08 13:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-09 08:16 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 08:16 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 08:16 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 08:16 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 08:16 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 08:16 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 08:16 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 08:16 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 08:16 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 08:16 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 08:16 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 08:16 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 08:16 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 08:16 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 08:16 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 08:16 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 08:16 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 08:16 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 08:16 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 08:16 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 08:16 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 08:16 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 08:16 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 08:16 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 08:16 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 08:16 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 08:16 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 08:16 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 08:16 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 08:16 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 08:16 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 08:16 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 08:16 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 08:16 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 08:16 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 08:16 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 08:16 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 08:16 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 08:16 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 08:16 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 08:16 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 08:16 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 08:16 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 08:16 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 08:16 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 08:16 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 08:16 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 08:16 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 08:16 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 08:16 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 08:16 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 08:16 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 08:16 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 08:16 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 08:16 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 08:16 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 08:16 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 08:16 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 08:16 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 08:16 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 08:16 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 08:16 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 08:16 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 08:16 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 08:16 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 08:16 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 08:16 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 08:16 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 08:16 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 08:16 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 08:16 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 08:16 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 08:16 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 08:16 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 08:16 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 08:16 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 08:16 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 08:16 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 08:16 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-09 04:43 - 2015-12-09 04:43 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 16:00 - 2010-12-06 21:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-02 15:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-02 15:51 - 2014-05-02 13:44 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{940D2C47-A66E-4040-B9DA-F440AE04F357}
2016-01-02 15:49 - 2009-07-13 23:45 - 05183296 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-02 15:48 - 2011-02-02 14:17 - 00000000 ____D C:\Program Files (x86)\Kinetic Books
2016-01-02 15:47 - 2010-12-06 21:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-02 15:47 - 2010-12-06 11:58 - 00157328 _____ C:\Users\Mayo\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-02 15:46 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-02 15:29 - 2011-01-02 11:52 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195663335-1097582549-249040865-1000UA.job
2016-01-02 15:24 - 2015-11-16 22:55 - 00208144 _____ C:\Users\Mayo\Desktop\Untitled1.pdf
2016-01-02 15:22 - 2010-12-06 21:13 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\Adobe
2016-01-02 15:19 - 2015-11-24 18:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-02 14:43 - 2012-05-25 13:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-02 13:31 - 2015-11-14 22:23 - 00402432 ___SH C:\Users\Mayo\Desktop\Thumbs.db
2016-01-02 13:29 - 2011-01-02 11:52 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195663335-1097582549-249040865-1000Core.job
2016-01-02 03:17 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-02 03:17 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-02 02:00 - 2011-02-16 10:41 - 00000000 ____D C:\Users\Mayo\AppData\Local\Adobe
2016-01-01 22:21 - 2010-12-27 14:51 - 00000000 ____D C:\Users\Mayo\Documents\OLD Adams Piano Studio
2016-01-01 21:08 - 2015-11-25 06:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-01 21:08 - 2012-04-13 09:52 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\XnView
2016-01-01 21:08 - 2011-01-08 21:53 - 00000854 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-01 21:08 - 2011-01-08 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-01 21:08 - 2010-12-14 09:22 - 00000000 ____D C:\Users\Mayo\AppData\Local\CrashDumps
2016-01-01 21:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-01 21:02 - 2015-11-24 16:51 - 00000000 ____D C:\Users\Mayo\Desktop\Old Firefox Data
2015-12-31 17:51 - 2010-12-20 09:16 - 01720832 ____H C:\Users\Mayo\Documents\~WRL1390.tmp
2015-12-31 15:01 - 2011-01-21 10:08 - 00000000 ____D C:\Users\Mayo\Documents\My Library
2015-12-31 12:02 - 2015-11-25 06:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-12-31 00:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2015-12-30 23:37 - 2015-11-24 18:25 - 00000000 ____D C:\AdwCleaner
2015-12-29 20:10 - 2011-10-13 11:16 - 00000535 _____ C:\Windows\demdata.txt
2015-12-29 20:09 - 2012-05-12 13:07 - 00002028 _____ C:\Users\Mayo\Desktop\My Web Site.lnk
2015-12-29 16:13 - 2013-03-04 14:33 - 00001081 _____ C:\Users\Mayo\Desktop\Mozilla Firefox.lnk
2015-12-29 16:13 - 2012-04-13 15:34 - 00000000 ____D C:\Users\Mayo\Desktop\New folder
2015-12-29 16:13 - 2012-02-20 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale NotePad 2012
2015-12-29 16:13 - 2011-03-23 09:50 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-29 16:13 - 2011-01-02 11:53 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-29 16:13 - 2010-12-24 13:02 - 00001102 _____ C:\Users\Mayo\Desktop\iexplore - Shortcut.lnk
2015-12-29 16:13 - 2010-12-06 11:04 - 00001019 _____ C:\Users\Mayo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-29 15:36 - 2010-12-06 11:03 - 00000000 ____D C:\Users\Mayo
2015-12-29 15:36 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-29 15:34 - 2012-05-02 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-29 15:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2015-12-27 02:13 - 2010-12-14 10:11 - 00000000 ____D C:\Users\Mayo\AppData\Local\ElevatedDiagnostics
2015-12-27 00:47 - 2015-11-25 05:51 - 00001919 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-12-27 00:47 - 2015-11-25 01:40 - 00001117 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-12-27 00:47 - 2015-11-24 18:50 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-27 00:47 - 2015-11-19 22:13 - 00000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 2.lnk
2015-12-27 00:47 - 2015-11-19 21:54 - 00000708 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brackets.lnk
2015-12-27 00:47 - 2015-11-15 07:49 - 00002079 _____ C:\Users\Public\Desktop\Java Web Start.lnk
2015-12-27 00:47 - 2015-11-14 23:30 - 00000986 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-12-27 00:47 - 2015-11-09 17:55 - 00001092 _____ C:\Users\Public\Desktop\dupeGuru.lnk
2015-12-27 00:47 - 2015-11-08 20:48 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-12-27 00:47 - 2013-04-13 19:37 - 00001981 _____ C:\Users\Public\Desktop\H&R Block 2012.lnk
2015-12-27 00:47 - 2012-06-22 16:16 - 00001970 _____ C:\Users\Public\Desktop\Komodo Edit 7.lnk
2015-12-27 00:47 - 2012-06-18 21:09 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
2015-12-27 00:47 - 2012-06-18 21:09 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
2015-12-27 00:47 - 2012-06-18 21:09 - 00002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
2015-12-27 00:47 - 2012-06-18 21:09 - 00002017 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
2015-12-27 00:47 - 2012-06-18 19:17 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2015-12-27 00:47 - 2012-06-18 19:17 - 00001081 _____ C:\Users\Public\Desktop\Adobe Widget Browser.lnk
2015-12-27 00:47 - 2012-04-13 15:29 - 00001150 _____ C:\Users\Public\Desktop\Practica Musica.lnk
2015-12-27 00:47 - 2012-04-13 13:04 - 00001855 _____ C:\Users\Public\Desktop\PDFlite.lnk
2015-12-27 00:47 - 2012-04-10 10:35 - 00001390 _____ C:\Users\Public\Desktop\Counterpointer.lnk
2015-12-27 00:47 - 2012-04-05 08:55 - 00001779 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-27 00:47 - 2012-04-05 08:51 - 00001871 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-12-27 00:47 - 2012-03-10 14:17 - 00001815 _____ C:\Users\Public\Desktop\BlueJ.lnk
2015-12-27 00:47 - 2012-02-20 11:48 - 00001110 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk
2015-12-27 00:47 - 2012-02-07 16:24 - 00001039 _____ C:\Users\Public\Desktop\SysTools Outlook PST Viewer.lnk
2015-12-27 00:47 - 2012-01-30 15:13 - 00002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2015-12-27 00:47 - 2012-01-19 09:03 - 00001004 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2015-12-27 00:47 - 2012-01-10 13:25 - 00000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-12-27 00:47 - 2012-01-10 12:46 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2015-12-27 00:47 - 2011-11-28 16:24 - 00001021 _____ C:\Users\Public\Desktop\Sound Organizer.lnk
2015-12-27 00:47 - 2011-11-21 22:50 - 00002208 _____ C:\Users\Public\Desktop\Google Earth.lnk
2015-12-27 00:47 - 2011-11-03 11:53 - 00001820 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python(x,y).lnk
2015-12-27 00:47 - 2011-11-03 11:53 - 00001802 _____ C:\Users\Public\Desktop\Python(x,y).lnk
2015-12-27 00:47 - 2011-10-13 09:11 - 00001012 _____ C:\Users\Public\Desktop\Finale 2012.lnk
2015-12-27 00:47 - 2011-08-13 19:33 - 00002021 _____ C:\Users\Public\Desktop\Google SketchUp 8.lnk
2015-12-27 00:47 - 2011-07-02 10:44 - 00001990 _____ C:\Users\Public\Desktop\ The Complete New Yorker.lnk
2015-12-27 00:47 - 2011-06-16 12:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-12-27 00:47 - 2011-06-16 12:35 - 00002015 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-12-27 00:47 - 2011-03-18 11:57 - 00001055 _____ C:\Users\Public\Desktop\Service Center.lnk
2015-12-27 00:47 - 2011-01-26 13:54 - 00001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZ Vinyl Tape Converter.lnk
2015-12-27 00:47 - 2011-01-14 16:55 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
2015-12-27 00:47 - 2011-01-13 16:22 - 00000966 _____ C:\Users\Public\Desktop\Digital Voice Editor 3.lnk
2015-12-27 00:47 - 2010-12-21 11:38 - 00001810 _____ C:\Users\Public\Desktop\Quicken Deluxe 2010.lnk
2015-12-27 00:47 - 2010-12-15 14:54 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-27 00:47 - 2010-12-06 11:34 - 00002226 _____ C:\Users\Public\Desktop\Creator Business v10 DVD.lnk
2015-12-27 00:47 - 2010-12-01 04:55 - 00001360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
2015-12-27 00:47 - 2010-12-01 04:54 - 00001338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2015-12-27 00:47 - 2009-07-24 14:18 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-12-27 00:47 - 2009-07-24 14:17 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-12-27 00:47 - 2009-07-13 23:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-12-27 00:47 - 2009-07-13 23:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-12-27 00:47 - 2009-07-13 23:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-12-27 00:47 - 2009-07-13 23:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-12-27 00:47 - 2005-04-04 00:01 - 00001703 _____ C:\Users\Public\Desktop\HP Cool Tools.lnk
2015-12-27 00:46 - 2015-11-30 18:53 - 00000888 _____ C:\Users\Mayo\Desktop\TeraCopy.lnk
2015-12-27 00:46 - 2015-11-25 06:20 - 00001290 _____ C:\Users\Mayo\Desktop\Spybot - Search & Destroy.lnk
2015-12-27 00:46 - 2015-11-03 17:16 - 00001033 _____ C:\Users\Mayo\Desktop\WinDirStat.lnk
2015-12-27 00:46 - 2012-06-24 07:18 - 00001025 _____ C:\Users\Mayo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ENIGMA.LNK
2015-12-27 00:46 - 2012-04-13 09:47 - 00000921 _____ C:\Users\Mayo\Desktop\XnView.lnk
2015-12-27 00:46 - 2011-11-16 11:40 - 00001083 _____ C:\Users\Mayo\Desktop\Notepad++.lnk
2015-12-27 00:46 - 2011-04-26 10:16 - 00002088 _____ C:\Users\Mayo\Desktop\Cubase 6 64bit.lnk
2015-12-27 00:46 - 2011-04-12 17:15 - 00001249 _____ C:\Users\Mayo\Desktop\Transfer.lnk
2015-12-27 00:46 - 2011-02-02 14:36 - 00001186 _____ C:\Users\Mayo\Desktop\Physics for Scientists and Engineers.lnk
2015-12-27 00:46 - 2011-02-02 14:36 - 00001106 _____ C:\Users\Mayo\Desktop\Install Verification.lnk
2015-12-27 00:46 - 2011-01-04 09:28 - 00002018 _____ C:\Users\Mayo\Desktop\WYSIWYG Web Builder 7.lnk
2015-12-27 00:46 - 2011-01-02 11:53 - 00002388 _____ C:\Users\Mayo\Desktop\Uninstall Google Chrome.lnk
2015-12-27 00:46 - 2010-12-28 19:22 - 00001199 _____ C:\Users\Mayo\Desktop\My Documents - Shortcut.lnk
2015-12-27 00:46 - 2010-12-13 08:33 - 00001807 _____ C:\Users\Mayo\Desktop\TuneLab 97.lnk
2015-12-27 00:46 - 2010-12-08 11:57 - 00001108 _____ C:\Users\Mayo\Desktop\Macromedia Director MX 2004.lnk
2015-12-27 00:46 - 2010-12-07 16:20 - 00001016 _____ C:\Users\Mayo\Desktop\GraphCalc.lnk
2015-12-27 00:46 - 2010-12-06 17:06 - 00002659 _____ C:\Users\Mayo\Desktop\Microsoft Office Excel 2003.lnk
2015-12-27 00:46 - 2010-12-06 16:04 - 00002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-12-27 00:46 - 2010-12-01 04:50 - 00001594 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP User Manuals.lnk
2015-12-27 00:46 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-12-27 00:46 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-12-27 00:45 - 2015-11-17 06:53 - 00001357 _____ C:\Users\Mayo\Desktop\Auslogics Registry Defrag.lnk
2015-12-27 00:45 - 2011-10-27 12:20 - 00001070 _____ C:\Users\Mayo\Desktop\cmd - Shortcut.lnk
2015-12-26 04:39 - 2011-04-17 17:08 - 00000187 _____ C:\Users\Mayo\AppData\Local\msmathematics.qat.Mayo
2015-12-26 02:32 - 2010-12-07 16:13 - 00000000 ____D C:\Users\Public\Documents\LogiShrd
2015-12-26 01:41 - 2010-12-07 16:20 - 00000000 ____D C:\Program Files (x86)\GraphCalc
2015-12-24 15:24 - 2011-11-16 11:40 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-12-24 12:01 - 2011-11-10 17:43 - 00000000 ____D C:\tmp
2015-12-24 11:53 - 2010-12-31 15:13 - 00000000 ____D C:\Users\Mayo\.thumbnails
2015-12-24 11:31 - 2011-07-17 13:00 - 00000000 ____D C:\Users\Mayo\Documents\Director Examples
2015-12-24 11:29 - 2010-12-15 14:56 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\Apple Computer
2015-12-24 11:21 - 2010-12-15 14:54 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-24 11:21 - 2010-12-15 14:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-24 11:18 - 2010-12-15 14:54 - 00000000 ____D C:\ProgramData\Apple
2015-12-24 10:44 - 2011-03-05 14:32 - 00000000 ____D C:\Users\Mayo\Documents\Cubase Projects
2015-12-23 22:00 - 2007-05-10 07:58 - 01750958 _____ C:\Users\Mayo\Documents\Slideshow-Timer.dir
2015-12-22 14:57 - 2015-11-08 21:18 - 00000000 ____D C:\Users\Mayo\AppData\Local\Amazon
2015-12-22 13:22 - 2011-02-16 10:41 - 00000000 ____D C:\ProgramData\Adobe
2015-12-22 13:22 - 2011-02-16 10:41 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-21 14:55 - 2015-11-14 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-12-21 14:55 - 2015-11-14 23:29 - 00000000 ____D C:\Program Files (x86)\Calibre2
2015-12-21 14:43 - 2011-12-31 12:42 - 00000000 ____D C:\Users\Mayo\Calibre Library
2015-12-20 18:22 - 2011-08-10 11:24 - 00000000 ____D C:\ProgramData\FLEXnet
2015-12-20 00:08 - 2011-11-07 10:38 - 00000213 _____ C:\Users\Mayo\SciTE.session
2015-12-20 00:02 - 2012-06-20 09:00 - 00000000 ____D C:\Program Files (x86)\WinMerge
2015-12-20 00:01 - 2012-06-20 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2015-12-18 23:58 - 2012-02-29 12:19 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\vlc
2015-12-18 16:03 - 2012-02-29 12:20 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\dvdcss
2015-12-18 15:53 - 2011-12-15 03:25 - 00003330 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3195663335-1097582549-249040865-1000
2015-12-18 15:53 - 2011-12-10 19:49 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3195663335-1097582549-249040865-1000
2015-12-17 09:51 - 2011-01-04 09:28 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe
2015-12-16 16:53 - 2011-01-04 09:27 - 00000000 ____D C:\Program Files (x86)\WYSIWYG Web Builder 7
2015-12-16 03:00 - 2015-11-09 03:43 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-16 03:00 - 2015-11-09 03:43 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-14 17:46 - 2011-11-16 11:40 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\Notepad++
2015-12-14 17:24 - 2015-11-19 22:13 - 00000000 ____D C:\Program Files\Sublime Text 2
2015-12-14 03:46 - 2015-11-15 02:38 - 00104960 ___SH C:\Users\Mayo\Thumbs.db
2015-12-12 18:47 - 2011-09-26 09:18 - 00000000 ____D C:\Users\Mayo\Documents\My Finances
2015-12-12 17:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-12-11 16:25 - 2011-07-02 10:44 - 00000000 ____D C:\Users\Mayo\AppData\Local\ApplicationHistory
2015-12-11 14:13 - 2008-10-02 06:45 - 00000000 ____D C:\Users\Mayo\Documents\img
2015-12-11 12:18 - 2011-11-03 12:06 - 00000000 ____D C:\Users\Mayo\.matplotlib
2015-12-11 12:16 - 2011-11-03 12:07 - 00000000 ____D C:\Users\Mayo\_ipython
2015-12-11 12:06 - 2015-11-15 01:02 - 00000000 ___RD C:\Users\Mayo\Documents\Scanned Documents
2015-12-11 12:05 - 2015-11-19 22:33 - 00000000 ____D C:\Users\Mayo\Documents\images
2015-12-11 11:55 - 2010-12-14 11:27 - 00000000 ____D C:\Users\Mayo\Documents\Visual Studio 2010
2015-12-11 11:39 - 2010-12-06 16:50 - 00000864 _____ C:\Windows\system\Cmicnfgp.ini
2015-12-11 11:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system
2015-12-11 07:51 - 2015-11-30 18:53 - 00000000 ____D C:\Users\Mayo\AppData\Roaming\TeraCopy
2015-12-10 20:18 - 2015-11-25 01:22 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-12-10 19:38 - 2010-12-08 11:56 - 00000000 ____D C:\Program Files (x86)\Macromedia
2015-12-10 15:56 - 2015-11-09 08:26 - 00000000 ____D C:\Windows\rescache
2015-12-10 04:45 - 2013-03-13 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 04:43 - 2013-03-13 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 04:43 - 2013-03-13 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 04:43 - 2012-05-25 13:46 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 04:43 - 2012-05-25 13:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 04:43 - 2011-06-17 14:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 22:39 - 2010-12-06 14:54 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-06 03:06 - 2015-11-09 17:44 - 00000000 ____D C:\Program Files (x86)\Gmail Notifier Pro
2015-12-06 02:26 - 2015-11-24 22:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-03 22:23 - 2015-11-24 13:52 - 00000000 ____D C:\Users\Mayo\Documents\Html course

==================== Files in the root of some directories =======

2010-12-31 09:23 - 2010-12-31 09:23 - 19166188 _____ () C:\Program Files\magictune409.zip
2000-01-22 17:48 - 2000-01-22 17:48 - 0007828 _____ () C:\Program Files (x86)\COPYRGHT.TXT
2011-10-10 09:52 - 2011-10-10 09:52 - 0000115 _____ () C:\Program Files (x86)\doc_002dallow_005fnoninteger_005frange_005fas_005findex.html
2011-10-10 09:52 - 2011-10-10 09:52 - 0000136 _____ () C:\Program Files (x86)\doc_002ddo_005fbraindead_005fshortcircuit_005fevaluation.html
2011-10-10 09:52 - 2011-10-10 09:52 - 0002461 _____ () C:\Program Files (x86)\Function-Handles-Inline-Functions-and-Anonymous-Functions.html
2009-06-08 20:33 - 2009-06-08 20:33 - 0662523 _____ (ProletSoft - free software) C:\Program Files (x86)\GoMinimal!25.exe
2009-06-08 20:41 - 2009-06-08 20:41 - 0011285 _____ () C:\Program Files (x86)\gominimal25.gif
2009-06-08 20:43 - 2009-06-08 20:43 - 0025632 _____ () C:\Program Files (x86)\help.html
2001-04-13 17:18 - 2001-04-13 17:18 - 0029015 _____ () C:\Program Files (x86)\MIDI2TXT.CPP
2001-04-13 17:14 - 2001-04-13 17:14 - 0009697 _____ () C:\Program Files (x86)\MIDI2TXT.DOC
2001-04-14 20:58 - 2001-04-14 20:58 - 0044339 _____ () C:\Program Files (x86)\MIDI2TXT.EXE
2009-06-08 20:46 - 2009-06-08 20:46 - 0002096 _____ () C:\Program Files (x86)\readme.txt
2011-10-10 09:52 - 2011-10-10 09:52 - 0003520 _____ () C:\Program Files (x86)\The-_003ccode_003econtinue_003c_002fcode_003e-Statement.html
2011-10-10 09:52 - 2011-10-10 09:52 - 0003651 _____ () C:\Program Files (x86)\The-_003ccode_003edo_002duntil_003c_002fcode_003e-Statement.html
2011-10-10 09:52 - 2011-10-10 09:52 - 0003834 _____ () C:\Program Files (x86)\The-_003ccode_003eunwind_005fprotect_003c_002fcode_003e-Statement.html
2011-01-17 09:28 - 2011-01-17 09:28 - 3059003 _____ () C:\Program Files (x86)\xdk85_win.zip
2011-09-29 13:46 - 2011-09-29 13:46 - 0022451 _____ () C:\Program Files (x86)\_003cspan-class_003d_0022sc_0022_003eMatlab_003c_002fspan_003e-compatibility.html
2012-07-15 12:30 - 2012-07-15 12:30 - 0000132 _____ () C:\Users\Mayo\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-11-03 17:00 - 2011-11-03 17:00 - 0000159 _____ () C:\Users\Mayo\AppData\Roaming\gnuplot_history
2015-11-30 18:06 - 2015-11-30 18:11 - 0000115 _____ () C:\Users\Mayo\AppData\Roaming\LogFile.txt
2015-12-12 23:17 - 2015-12-14 15:00 - 0030208 ___SH () C:\Users\Mayo\AppData\Roaming\Thumbs.db
2015-12-10 19:47 - 2015-12-10 19:47 - 0026131 _____ () C:\Users\Mayo\AppData\Roaming\UserTile.png
2015-11-16 21:48 - 2015-11-16 21:48 - 0001456 _____ () C:\Users\Mayo\AppData\Local\Adobe Save for Web 12.0 Prefs
2010-12-13 12:15 - 2012-01-31 16:54 - 0009216 _____ () C:\Users\Mayo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-02 10:45 - 2011-07-02 10:45 - 0000092 _____ () C:\Users\Mayo\AppData\Local\fusioncache.dat
2011-04-17 17:08 - 2015-12-26 04:39 - 0000187 _____ () C:\Users\Mayo\AppData\Local\msmathematics.qat.Mayo
2015-12-20 05:36 - 2015-12-20 05:36 - 0001559 _____ () C:\Users\Mayo\AppData\Local\recently-used.xbel
2011-02-01 14:14 - 2012-04-26 17:23 - 0007610 _____ () C:\Users\Mayo\AppData\Local\Resmon.ResmonCfg
2015-11-24 23:24 - 2015-11-24 23:24 - 0000000 _____ () C:\Users\Mayo\AppData\Local\{90B329B2-E617-4276-BB08-CF685DE86638}
2011-01-04 16:56 - 2011-01-09 13:16 - 0001940 _____ () C:\Users\Mayo\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-12-07 12:27 - 2012-02-29 12:04 - 0000088 __RSH () C:\ProgramData\C97BCFC682.sys
2010-12-23 21:39 - 2010-12-23 21:39 - 0000008 __RSH () C:\ProgramData\F8DCB33918.sys
2010-12-07 12:27 - 2012-02-29 12:04 - 0002672 ___SH () C:\ProgramData\KGyGaAvL.sys
2012-01-25 11:08 - 2012-01-25 11:35 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-05-21 07:39 - 2012-06-25 10:05 - 10094945 _____ (Ars Nova Software, LLC                                      ) C:\ProgramData\updatecounterpointer2.exe
2012-06-05 09:21 - 2012-06-24 09:17 - 12029787 _____ (Ars Nova Software, LLC                                      ) C:\ProgramData\updatestandard6.exe
2011-02-14 14:54 - 2011-02-14 14:54 - 0008168 _____ () C:\ProgramData\xmlA533.tmp
2011-02-14 14:54 - 2011-02-14 14:54 - 0014452 _____ () C:\ProgramData\xmlAA72.tmp
2011-02-14 14:54 - 2011-02-14 14:54 - 0002263 _____ () C:\ProgramData\xmlAB6D.tmp

Files to move or delete:
====================
C:\ProgramData\updatecounterpointer2.exe
C:\ProgramData\updatestandard6.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-30 01:24

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:24 AM

Posted 03 January 2016 - 05:52 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    FoxTab Video Converter
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and attach the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 smedula

smedula
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 03 January 2016 - 10:14 AM

Thank you for your response. The ADWare Cleaner file contents:

 

# AdwCleaner v5.027 - Logfile created 03/01/2016 at 09:42:43
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Mayo - PLIK
# Running from : C:\Users\Mayo\Desktop\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [741 bytes] ##########



#4 smedula

smedula
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 03 January 2016 - 10:16 AM

This forum reply thing is confusing: I see no way to attach a file without doubling the reply...

 

Anyway attached is the FRST file.

Attached Files

  • Attached File  FRST.txt   79.43KB   1 downloads


#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:24 AM

Posted 03 January 2016 - 11:35 AM

attachlogs.png

:)

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 smedula

smedula
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 04 January 2016 - 05:29 PM

The log file from the ESET scan:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8fb4ab194da01b4eb7c2dc62fa9a740c
# end=init
# utc_time=2016-01-03 09:20:08
# local_time=2016-01-03 04:20:08 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27474
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8fb4ab194da01b4eb7c2dc62fa9a740c
# end=updated
# utc_time=2016-01-03 09:23:47
# local_time=2016-01-03 04:23:47 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8fb4ab194da01b4eb7c2dc62fa9a740c
# engine=27474
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-01-04 12:19:58
# local_time=2016-01-03 07:19:58 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3915082 74739192 0 0
# scanned=650066
# found=56
# cleaned=55
# scan_time=10571
sh=21ECE50E242CD2014C3A73262BFAD894267BE7E3 ft=1 fh=745906623ff06dd1 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\All Users\YouTube Downloader\ytd_installer.exe"
sh=049797E553A7766F5BD167C2E7F2A3DAAFACED74 ft=1 fh=679e1c3a68e117d1 vn="Win32/Adware.ConvertAd.AEY application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\B99504FD-1448402479-11DF-BBDA-64B2FA9AD485\Uninstall.exe.vir"
sh=99F29887D65EBDEBC6F8CEFCF2397676710DB184 ft=1 fh=4c9914509a0660b8 vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\blekkotb\blekkoDx.dll.vir"
sh=793E4A85357DC0DC9101971F156156BFCD7B625C ft=1 fh=e8c5002f0d1d40bd vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\blekkotb\blekkotb.dll.vir"
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="a variant of Win32/SweetIM.B potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\foxtabvideoconverter\VideoConverter.exe.vir"
sh=08976B0143D7A77694D2B3014053542C42F4774E ft=1 fh=67450ef68c8fc670 vn="Win32/AlteredSoftware.H potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateBroker.exe.vir"
sh=FE3BD67B77BB38A3110091D17DE69012FAAD4FA6 ft=1 fh=67450ef6f68fd149 vn="Win32/AlteredSoftware.H potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateOnDemand.exe.vir"
sh=3C0D9D3A966B1954FEAEAD3BE6358A2AB42385C4 ft=1 fh=c71c001178de99b1 vn="a variant of Win32/AlteredSoftware.A potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir"
sh=BD08E733D803A193E4FA4118A6D52BCD0FC98F81 ft=1 fh=c71c0011371aa7ff vn="a variant of Win32/AlteredSoftware.G potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir"
sh=9AE1636DE7E3CB630B3A2C11E41C76BF0B716CCD ft=1 fh=c71c0011864645d3 vn="a variant of Win32/AlteredSoftware.G potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir"
sh=9434D1A5D56479988254608D5289E1E9D488DC54 ft=1 fh=c2a767356ec8b23d vn="a variant of Win64/BubbleSound.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro\Spacesoundpro.exe.vir"
sh=58AF0E357673E85E9FE2ADF694E98BA259B55D57 ft=1 fh=5c2b1e330cf668b9 vn="a variant of Win32/Adware.MaxDriver.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.9652\SpaceSondPro_Service.exe.vir"
sh=A9E474965ED06D4607E3DF44ED00E7B523C3274E ft=1 fh=ccf3d0f11f87dbac vn="a variant of Win32/Adware.ConvertAd.AER.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\B99504FD-1448384553-11DF-BBDA-64B2FA9AD485\pnsv21BE.exe.vir"
sh=43A205985790C47A7E611FA2D3CAB9B4EB59121F ft=1 fh=5bd497922ffc5928 vn="a variant of Win32/Toolbar.Babylon.C potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Babylon\Setup\BExternal.dll.vir"
sh=1B2801DD02E9D9B7F27789ED161BC1761943E921 ft=1 fh=8073091e54552e56 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Babylon\Setup\IECookieLow.dll.vir"
sh=3A9D7D4639B5EB8BEC42DF972C44493690EAADFC ft=1 fh=b8a59cf28e1dc165 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=E69D12882082EF89EEC46D71388C7CD25099F5AA ft=1 fh=c6d71e31ee7a5ef3 vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\Araponga.dll.vir"
sh=E86590F72C354675D7B37AAF71D5F118501DBD38 ft=1 fh=c79ae9ee87ca64b2 vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\BlackSwan.dll.vir"
sh=43382D699A3AD0C9131EAD01614DA7A292E1A06B ft=1 fh=fcc9d8a905987844 vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\GoldenEagle.dll.vir"
sh=150DCDDAB8F22FBF0A289841DB4A7F128999D6B7 ft=1 fh=73bd49de2dca7af8 vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\GrayPartridge.dll.vir"
sh=F4262BD8A1A093534FCC7143491CC5B354EAA25D ft=1 fh=c71c0011aa8191ee vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\LocalLow\blekkotb\blekkotb.dll.vir"
sh=DA03B4A5B82EDF67AE6067663595D78C5D75B2C6 ft=1 fh=c71c00114d73177a vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\LocalLow\blekkotb\dtuser.exe.vir"
sh=A49421BC025099AA2C7D6FE32ACD7E1942940CD0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\a59cc2161738cf1c75861e3744adddeb.js.vir"
sh=F4868E75E21D37FCBC9A5871B6B120EB3E4600DF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\14.js.vir"
sh=4198553BD16F5172607C3E1B68BD3B8E16FDF018 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\180.js.vir"
sh=4BCC541E7A14BF89B1633A1BC794E6848B831E80 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\200.js.vir"
sh=38127B297C16E3C01D59135893A6145C502DBFD2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\211.js.vir"
sh=81093FDBF2F59E6D00BA4DACA51E6D37F185678F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\220.js.vir"
sh=ECFA5CA5F49B77A8A30BFEF14AF08218E56431D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\226.js.vir"
sh=F37EC8311BD02ECE1EEDDCF64735876812CF4BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\230.js.vir"
sh=8C6502A9C44CC9F92F94B3841EB8945FED4BBEFA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\233.js.vir"
sh=BEB05642C41381F387B0C8BE3BD0E336A89DB84E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.Q potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\246.js.vir"
sh=3CA5653E6B858F15992AC689F06C8456A94B0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\253.js.vir"
sh=5443843013D026E8A114EDEC837671DAC84F4AEA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\281.js.vir"
sh=397EC598B400D3A2111C9C0EEA7D85464774BBD7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\288.js.vir"
sh=0541A86A131E600878AEF652943D0D2569411AB0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\306.js.vir"
sh=F8801F7B5F1A2C68EEE91424D184B91646441A66 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.L potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\376.js.vir"
sh=46785AF9F3FDFD7BA7E68C918CA9B2BFD5FE81CE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\385.js.vir"
sh=E09BDEE66594192511CE81A0841BB11D294BFCBD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\47.js.vir"
sh=BDCFA8379825B1BC17A13BDF73B7384DE46E7C3B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\64.js.vir"
sh=96AE4C1B3D18D0D9D4313E89434110C48E094037 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Roaming\Mozilla\Firefox\Profiles\2ycfewvm.default-1448401893312\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\91.js.vir"
sh=21ECE50E242CD2014C3A73262BFAD894267BE7E3 ft=1 fh=745906623ff06dd1 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application (deleted - quarantined)" ac=C fn="C:\ProgramData\YouTube Downloader\ytd_installer.exe"
sh=6241408992F2C40958945CAD8BF52F54E0123166 ft=1 fh=3c755e6ef13e4922 vn="a variant of Win32/SWInformer.D potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mayo\Desktop\Downloads\allbuttons_downloader.exe"
sh=3B38ECE8A1605F66D7FC38CC9BCC5FF325A2ED55 ft=1 fh=bc0c24e3a63c61a6 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Mayo\Desktop\Downloads\ccsetup313.exe"
sh=3FC75D7EC85B4B4766AE1195896F0C2C5FB3E6FE ft=1 fh=f3111313b4ad1f30 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Mayo\Desktop\Downloads\ccsetup314.exe"
sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Mayo\Desktop\Downloads\ccsetup318.exe"
sh=2C16CF7AF335A0943C5973070050474E2565691B ft=1 fh=dbab1590fe63551b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Mayo\Desktop\Downloads\ccsetup319.exe"
sh=7EF1CA17E9835CBBA989D1F2CFEF4B794D928D13 ft=1 fh=c7fc25b20d8e6134 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Mayo\Desktop\Downloads\ccsetup320.exe"
sh=B7C20CA5F3D03CA0B47FE84EA238FF4F69E5183B ft=1 fh=075c4223825eb116 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Mayo\Desktop\Downloads\ccsetup513.exe"
sh=2A966BF4BCA088FEE8AB61BD5EB3847DBB96B2BD ft=1 fh=15fc05a6dc8e69d6 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Mayo\Desktop\Downloads\YouTubeDownloaderSetup32.exe"
sh=773E5C4BCE62D84CC785C7D4777874516818EBC3 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mayo\Desktop\Downloads\mboard13\mboard.php"
sh=A5175D15B1A731159980B8183030665BD3795384 ft=1 fh=12be2dcd6971d5fd vn="Win32/Bifrose.NCQ trojan (cleaned by deleting - quarantined)" ac=C fn="E:\New Encyclopedia\Computers\Software\Programming Books\Programming Windows\Chap11\Colors2\Release\Colors2.exe"
sh=92B9756036856944B2FA22B301C903C7051A64C4 ft=1 fh=af6345f7a0e4d5c7 vn="a variant of Win32/Kryptik.EDMU trojan (cleaned by deleting - quarantined)" ac=C fn="E:\New Encyclopedia\Computers\Software\Programming Books\Programming Windows\Chap17\ChosFont\Release\ChosFont.exe"
sh=F88E0EEDE699560B79D2DC609DB7880A7F66E6F0 ft=1 fh=8c78429ef98a7dcf vn="a variant of Win32/Kryptik.BGSN trojan (cleaned by deleting - quarantined)" ac=C fn="E:\New Encyclopedia\Computers\Software\Programming Books\Programming Windows\Chap18\Emf1\Release\Emf1.exe"
sh=72E9BFEF6A25FFCA15B4F59E4E2145C195A0EC91 ft=1 fh=4dcf996e61882a9c vn="a variant of X97M/GenericPoly virus (deleted - quarantined)" ac=C fn="E:\New Encyclopedia\Computers\Software\VBA\VBA Developers Handbook\Chapter Project.exe"
sh=E4C4023C7F2004B1EDD76E2694E3A1CB583CD4F9 ft=0 fh=0000000000000000 vn="a variant of X97M/GenericPoly virus (cleaned - quarantined)" ac=C fn="E:\New Encyclopedia\Computers\Software\VBA\VBA Developers Handbook\Ch15 -- IDE Add-ins\VBAIDE.XLS"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8fb4ab194da01b4eb7c2dc62fa9a740c
# end=init
# utc_time=2016-01-04 04:50:19
# local_time=2016-01-04 11:50:19 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27486
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8fb4ab194da01b4eb7c2dc62fa9a740c
# end=updated
# utc_time=2016-01-04 04:51:05
# local_time=2016-01-04 11:51:05 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8fb4ab194da01b4eb7c2dc62fa9a740c
# engine=27486
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-01-04 10:11:40
# local_time=2016-01-04 05:11:40 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3993784 74817894 0 0
# scanned=669926
# found=15
# cleaned=15
# scan_time=19234
sh=1A06F443D6AAC1397AC92D9582B7A5D24868D10E ft=1 fh=d4c6ef5d8353facb vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\AshyStormPetrl.dll.vir"
sh=8A882C10D2F0129619E9B05A0C8981935989C71D ft=1 fh=c71c00117c6a2903 vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\Birds.dll.vir"
sh=9167F4468539D941F64946065BCB7895B185B8BE ft=1 fh=16c47d751dd158e7 vn="MSIL/Adware.OffersWizard.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\BrownKiwi.bird.vir"
sh=54CC79ECACD4D0245C75EF6DDB4886FD5E4E6E12 ft=1 fh=c71c001146f5f20a vn="Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\Cassowary.dll.vir"
sh=A1080240455A259B460CC8406146EC4CAB822168 ft=1 fh=34bbac56d9aeb1bc vn="Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\ChatteringLory.exe.vir"
sh=C1DA0966518A61B35275D5B5F9A6594DC17F96C0 ft=1 fh=242041951602760e vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\Emu.dll.vir"
sh=6BC38AD3A4684FF8B38F22AB58CDC0D5C1754A8F ft=1 fh=c71c0011b6fc3bab vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\Greateradjutant.dll.vir"
sh=A725141D9A3BBED366265F830D687EB1F4ECBE7C ft=1 fh=db0888a3e0fd6845 vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\Kagu.dll.vir"
sh=DE7FB0B1A74BB8280EED20F1D3D21E34B5DE8860 ft=1 fh=7a55d9d7a616115e vn="Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\MagpieGoose.dll.vir"
sh=FF17CF8350C5D996DCA6F2D4E7ED3CF206356516 ft=1 fh=c71c0011b195634b vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\RosyStarling.dll.vir"
sh=60FADCF4D6A7E8060F798E4E24F7C889BB7A2109 ft=1 fh=b479ebc389440f05 vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds\RuppellsVulture.dll.vir"
sh=8A882C10D2F0129619E9B05A0C8981935989C71D ft=1 fh=c71c00117c6a2903 vn="a variant of Win32/Adware.OffersWizard.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Mayo\AppData\Local\Birds365\Birds.dll.vir"
sh=9E4138C80F3E4C6EF19D4E1B6E3ED4263640F333 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Mayo\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_data\askrt_en.cab"
sh=137E9CF817D4D2E1F82B3BB9C38896C02B043592 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Mayo\Desktop\Downloads\mboard13.zip"
sh=CD0CE954975528C51CD1C6370F909B214A077F86 ft=0 fh=0000000000000000 vn="a variant of X97M/GenericPoly virus (deleted - quarantined)" ac=C fn="E:\New Encyclopedia\Computers\Software\VBA\VBA Developers Handbook\VBADH2ndEdExcel2000.zip"
 



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:24 AM

Posted 04 January 2016 - 05:32 PM


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 smedula

smedula
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 04 January 2016 - 05:42 PM

Thank you. I havent seen anything yet, but then I just ran the last scan/removal. Previous malware removal programs havent worked yet, though: I still will click on a link, and a window will still either tell me to update flash, or update Firefox. Both windows are crude enough to be clearly adware and not genuine. , and there is a redirect domain in the title bar of the browser which usually says something suspicious, too: I will write the redirect address down, if that helps.



#9 smedula

smedula
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 04 January 2016 - 05:56 PM

One of the pop-up sites is feedbackexplorer.com...



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:24 AM

Posted 05 January 2016 - 06:18 AM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please attach these logs in your next reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 smedula

smedula
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 05 January 2016 - 08:54 AM

FRST files are attached. Vielen Dank.

Attached Files



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:24 AM

Posted 05 January 2016 - 03:26 PM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3195663335-1097582549-249040865-1000\...\Run: [AdobeBridge] => [X]
    GroupPolicyScripts: Restriction 
    AutoConfigURL: [S-1-5-21-3195663335-1097582549-249040865-1000] => hxxp://stoppblock.me/wpad.dat?ba4ff3b9c594811c340173c8b5ac16153447142
    Hosts:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    Toolbar: HKU\S-1-5-21-3195663335-1097582549-249040865-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\E9258B3A8284B7DDA2745A6F2CBD5C18E925 [2015-11-24] 
    Task: {38B8FCEE-6BED-40C2-A9F9-609D2239D122} - \RSPro -> No File 
    Task: {B5068358-1ACC-4965-AD8D-6D416FCB23D7} - System32\Tasks\{3ADDC25F-E8C1-4573-9725-13DCE7FCF268} => 
    Task: {C0DC540A-FCB4-4F7C-8A44-6866985F7F7D} - \IBUpd2 -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Microsoft:7hvpnKffrCgP8nF8RngCNv
    AlternateDataStreams: C:\ProgramData\Microsoft:QzBQooZTLAZujCuc9Ud3wnp0
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
    AlternateDataStreams: C:\ProgramData\TEMP:74A3BBA1
    AlternateDataStreams: C:\Users\Mayo\AppData\Local\xr5R2Ydalgv:opCh7vDAd9pYaGckDJadZIL
    EmptyTemp:
    
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:24 AM

Posted 11 January 2016 - 06:13 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users