Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win 32 malware on my mbr help i can not remove it


  • This topic is locked This topic is locked
5 replies to this topic

#1 ryanuts

ryanuts

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:san diego
  • Local time:07:59 PM

Posted 11 January 2016 - 09:19 PM

I have some kind of malware that has hijacked every security/antivirus program i install. I need some professional help please.

 

StartupList report, 1/5/2016, 12:31:04 PM
StartupList version: 1.52.2
Started from : C:\Users\User\Downloads\HijackThis.EXE
Detected: Unknown Windows (WinNT 6.02.1008)
Detected: Internet Explorer v10.0 (10.00.9200.16384)
* Using default options
==================================================
 
Running processes:
 
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\User\Downloads\HijackThis.exe
 
--------------------------------------------------
 
Listing of startup folders:
 
Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
TP-LINK Wireless Configuration Utility.lnk = C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
Virtual Router Manager.lnk = ?
 
--------------------------------------------------
 
Checking Windows NT UserInit:
 
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe,
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 
BtTray = "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
CLVirtualDrive = "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
RemoteControl10 = "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
HP Quick Launch = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
HP CoolSense = C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
 
GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
FreeAC = C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
Steam = "C:\Program Files (x86)\Steam\steam.exe" -silent
Itibiti.exe = C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
 
--------------------------------------------------
 
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
 
(Default) = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*
 
--------------------------------------------------
 
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
 
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
 
Shell & screensaver key from Registry:
 
Shell=explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\Bubbles.scr
drivers=*Registry value not found*
 
Policies Shell key:
 
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
 
--------------------------------------------------
 
 
Enumerating Browser Helper Objects:
 
ScriptInjectionPluginBrowserHelperObject - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll - {C66D064F-82FE-4E1A-B06A-B2490BA48B18}
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
 
--------------------------------------------------
 
Enumerating Task Scheduler jobs:
 
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
HPCeeScheduleForUser.job
 
--------------------------------------------------
 
Enumerating Winsock LSP files:
 
NameSpace #1: C:\WINDOWS\system32\napinsp.dll
NameSpace #2: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #3: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #4: C:\WINDOWS\system32\NLAapi.dll
NameSpace #7: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
NameSpace #8: C:\WINDOWS\system32\wshbth.dll
 
--------------------------------------------------
 
Enumerating ShellServiceObjectDelayLoad items:
 
WebCheck: *Registry key not found*
 
--------------------------------------------------
End of report, 5,356 bytes
Report generated in 0.046 seconds
 
Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only
 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by User (administrator) on HPG7 (11-01-2016 17:41:08)
Running from C:\Users\User\Downloads
Loaded Profiles: User & Administrator (Available Profiles: User & Administrator)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\New folder\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\User\AppData\Local\Temp\PROCEXP64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Stellar Smart ] => C:\Program Files (x86)\Stellar Smart (Early Disk Warning System)\smrt.exe [1056768 2005-12-30] (Stellar Information Systems Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-86464355-335068722-2241913787-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
HKU\S-1-5-21-86464355-335068722-2241913787-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-86464355-335068722-2241913787-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-86464355-335068722-2241913787-500\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1708560 2012-07-26] (CyberLink Corp.)
IFEO\taskmgr.exe: [Debugger] "C:\USERS\USER\DESKTOP\NEW FOLDER\PROCEXP.EXE"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-01-04]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2016-01-04]
ShortcutTarget: Virtual Router Manager.lnk -> C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{3D63C480-D7DC-4324-83C8-53D694928179}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{CA64FD34-F7A5-4208-84A4-E4692AAF48EF}: [DhcpNameServer] 192.168.88.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-86464355-335068722-2241913787-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {2A448562-CF69-40B0-9148-C05BEB24514C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2A448562-CF69-40B0-9148-C05BEB24514C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-86464355-335068722-2241913787-1001 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-86464355-335068722-2241913787-1001 -> {2A448562-CF69-40B0-9148-C05BEB24514C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-86464355-335068722-2241913787-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-86464355-335068722-2241913787-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-86464355-335068722-2241913787-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-05] (AO Kaspersky Lab)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-01-05] (AO Kaspersky Lab)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-05] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-01-05] (AO Kaspersky Lab)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-07-10] (Skype Technologies)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-01-05]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G14zamobl10924,63d398d6-462d-4a92-b9cb-4d69da38e839,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G14zamobl10924,63d398d6-462d-4a92-b9cb-4d69da38e839,&vp=ch&prd=set_ch"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-12]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-12]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-01-05]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Marauders Map) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mliofombcghaamgjkmmmmlepkiacdhkh [2016-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-12]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-12]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2016-01-05] (Kaspersky Lab ZAO)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com)) [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [X]
S4 LavasoftAdAwareService11; "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2016-01-04] (The OpenVPN Project)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3295984 2012-07-25] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-05] ()
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [75448 2016-01-05] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-01-05] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2016-01-05] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2016-01-05] (AO Kaspersky Lab)
U1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-01-05] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2016-01-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-11] (Malwarebytes)
U3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1578128 2012-12-05] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1578128 2012-12-05] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
U4 avc3; system32\DRIVERS\avc3.sys [X]
R3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
U4 BdfNdisf; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [X]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R4 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U3 pxloipod; \??\C:\Users\User\AppData\Local\Temp\pxloipod.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-11 17:41 - 2016-01-11 17:41 - 00024067 _____ C:\Users\User\Downloads\FRST.txt
2016-01-11 17:41 - 2016-01-11 17:41 - 00000000 ____D C:\FRST
2016-01-11 17:40 - 2016-01-11 17:40 - 02370560 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-01-11 17:32 - 2016-01-11 17:32 - 00000181 _____ C:\WINDOWS\system32\netcfg-12263796.txt
2016-01-11 17:32 - 2016-01-11 17:32 - 00000017 _____ C:\ProgramData\adaware-installer-reboot-required.tmp
2016-01-11 16:41 - 2016-01-11 16:41 - 00249856 ____N (Microsoft Corporation) C:\WINDOWS\Setup1.exe
2016-01-11 16:41 - 2016-01-11 16:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
2016-01-11 16:41 - 2016-01-11 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
2016-01-11 16:41 - 2016-01-11 16:41 - 00000000 ____D C:\Program Files (x86)\WinWatch
2016-01-11 16:40 - 2016-01-11 16:40 - 01165824 _____ C:\Users\User\Downloads\ptwinwatch-setup.exe
2016-01-11 16:40 - 2016-01-11 16:40 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\ST6UNST.EXE
2016-01-11 15:19 - 2016-01-11 15:19 - 00380416 _____ C:\Users\User\Downloads\nxgglobt.exe
2016-01-11 14:24 - 2016-01-11 14:24 - 01250844 _____ C:\Users\User\Downloads\ProcessExplorer (1).zip
2016-01-11 14:23 - 2016-01-11 14:15 - 00196608 _____ C:\Users\User\Downloads\AAF0ECBA-40CF-45D9-A4D5-E05236F7E5D6.Repair.1.etl
2016-01-11 14:19 - 2016-01-11 14:15 - 00006764 _____ C:\Users\User\ipconfig.all.txt
2016-01-11 14:19 - 2016-01-11 14:15 - 00006764 _____ C:\Users\User\Desktop\ipconfig.all.txt
2016-01-11 14:19 - 2016-01-11 14:15 - 00004574 _____ C:\Users\User\Desktop\route.print.txt
2016-01-11 14:15 - 2016-01-11 14:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-479531.txt
2016-01-11 14:15 - 2016-01-11 14:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-476359.txt
2016-01-11 14:13 - 2016-01-11 14:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-356296.txt
2016-01-11 14:13 - 2016-01-11 14:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-356046.txt
2016-01-11 14:08 - 2016-01-11 14:08 - 00309392 _____ C:\WINDOWS\Minidump\011116-45078-01.dmp
2016-01-11 14:07 - 2016-01-11 14:07 - 00000000 __SHD C:\found.000
2016-01-11 13:57 - 2016-01-11 13:57 - 00008703 _____ C:\Users\User\Desktop\wininit.exe.txt
2016-01-11 13:07 - 2016-01-11 13:07 - 00000000 ____D C:\Users\User\Documents\New folder
2016-01-11 13:07 - 2016-01-11 13:07 - 00000000 ____D C:\Users\User\Desktop\New folder (3)
2016-01-11 13:03 - 2016-01-11 13:03 - 00001161 _____ C:\Users\Public\Desktop\eSupport UndeletePlus.lnk
2016-01-11 13:03 - 2016-01-11 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
2016-01-11 13:03 - 2016-01-11 13:03 - 00000000 ____D C:\Program Files (x86)\eSupport.com
2016-01-11 13:02 - 2016-01-11 13:03 - 02623920 _____ (Copyright © 2015 eSupport.com • All Rights Reserved ) C:\Users\User\Downloads\undeleteplus_setup_a.exe
2016-01-11 12:53 - 2016-01-11 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-11 12:52 - 2016-01-11 12:52 - 13171424 _____ (Microsoft Corporation) C:\Users\User\Downloads\Silverlight_x64.exe
2016-01-11 12:52 - 2016-01-11 12:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-11 12:52 - 2016-01-11 12:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-11 12:01 - 2016-01-11 12:01 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-01-11 11:59 - 2016-01-11 12:01 - 31318016 _____ C:\Users\User\Downloads\wdfcoinstaller.msi
2016-01-11 11:59 - 2016-01-11 12:00 - 00978552 _____ (Microsoft Corporation) C:\Users\User\Downloads\wdksetup.exe
2016-01-11 11:38 - 2016-01-11 11:39 - 03855576 _____ (Reason Software Company Inc.) C:\Users\User\Downloads\reason-core-security-setup_1.1.1.0.exe
2016-01-11 11:21 - 2016-01-11 11:21 - 01250844 _____ C:\Users\User\Downloads\ProcessExplorer.zip
2016-01-11 11:16 - 2016-01-11 11:16 - 00001080 _____ C:\Users\User\Desktop\Stellar Smart (Early Disk Warning System).lnk
2016-01-11 11:16 - 2016-01-11 11:16 - 00001080 _____ C:\Users\Administrator\Desktop\Stellar Smart (Early Disk Warning System).lnk
2016-01-11 11:16 - 2016-01-11 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Smart (Early Disk Warning System)
2016-01-11 11:16 - 2016-01-11 11:16 - 00000000 ____D C:\Program Files (x86)\Stellar Smart (Early Disk Warning System)
2016-01-11 11:15 - 2016-01-11 11:15 - 01843448 _____ (Stellar Information Systems Ltd. ) C:\Users\User\Downloads\smrt.exe
2016-01-11 11:07 - 2016-01-11 11:07 - 00301168 _____ C:\WINDOWS\Minidump\011116-32265-01.dmp
2016-01-11 11:04 - 2016-01-11 11:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-89468.txt
2016-01-10 00:19 - 2016-01-09 15:01 - 25877264 _____ (Hewlett-Packard ) C:\Users\User\Desktop\sp56675.exe
2016-01-10 00:19 - 2016-01-09 15:00 - 02628592 _____ (Hewlett-Packard ) C:\Users\User\Desktop\sp56670.exe
2016-01-09 14:11 - 2016-01-09 14:11 - 00301056 _____ C:\WINDOWS\Minidump\010916-37812-01.dmp
2016-01-09 14:10 - 2016-01-09 14:10 - 00000000 _____ C:\Users\User\AppData\Local\{5E05D0E9-DF48-4582-9182-CA4529A6A959}
2016-01-08 22:34 - 2015-09-30 22:45 - 02471102 ____R C:\Users\User\Downloads\Steelheart - Brandon Sanderson - Copy.epub
2016-01-08 17:21 - 2016-01-08 17:21 - 00001078 _____ C:\Users\Public\Desktop\KeyFinder.lnk
2016-01-08 17:21 - 2016-01-08 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2016-01-08 17:21 - 2016-01-08 17:21 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2016-01-08 17:19 - 2016-01-08 17:14 - 01178272 ____N (Magical Jelly Bean ) C:\Users\User\Desktop\KeyFinderInstaller.exe
2016-01-08 03:46 - 2016-01-08 03:46 - 00000000 ____D C:\Users\User\AppData\Roaming\WildTangent
2016-01-08 02:38 - 2016-01-11 17:27 - 00000000 ____D C:\Users\User\AppData\Roaming\Solvusoft
2016-01-08 02:36 - 2016-01-08 02:17 - 03901768 ____N (solvusoft Corporation ) C:\Users\User\Desktop\WinThruster_Setup_2016.exe
2016-01-06 16:40 - 2016-01-06 16:40 - 00000386 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB DISK (F).lnk
2016-01-06 13:33 - 2016-01-06 13:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-32790187.txt
2016-01-06 10:05 - 2016-01-06 10:06 - 00000000 ____D C:\Users\User\Desktop\bogus certs
2016-01-06 08:38 - 2016-01-08 22:40 - 00000000 ____D C:\Users\User\AppData\Roaming\IDMComp
2016-01-06 08:38 - 2016-01-08 22:40 - 00000000 ____D C:\ProgramData\IDMComp
2016-01-06 08:35 - 2016-01-06 08:35 - 00002144 _____ C:\Users\Public\Desktop\UltraCompare.lnk
2016-01-06 08:35 - 2016-01-06 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraCompare
2016-01-06 08:35 - 2016-01-06 08:35 - 00000000 ____D C:\Program Files (x86)\IDM Computer Solutions
2016-01-06 08:33 - 2016-01-06 08:33 - 00002102 _____ C:\Users\Public\Desktop\UltraEdit.lnk
2016-01-06 08:33 - 2016-01-06 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
2016-01-06 08:33 - 2016-01-06 08:33 - 00000000 ____D C:\Program Files\IDM Computer Solutions
2016-01-06 08:32 - 2016-01-06 08:34 - 55042488 _____ (IDM Computer Solutions, Inc.) C:\Users\User\Downloads\ue_english_64 (1).exe
2016-01-06 08:23 - 2016-01-06 08:23 - 01072852 _____ C:\Users\User\Documents\wierd.html
2016-01-06 08:22 - 2016-01-06 08:24 - 55042488 _____ (IDM Computer Solutions, Inc.) C:\Users\User\Downloads\ue_english_64.exe
2016-01-06 07:44 - 2016-01-06 07:44 - 01072804 _____ C:\Users\User\Documents\view-source_chrome___settings-frame.html
2016-01-06 06:15 - 2016-01-06 06:15 - 02870984 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu (1).exe
2016-01-06 06:15 - 2016-01-06 06:15 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-06 06:14 - 2016-01-06 06:15 - 02870984 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2016-01-06 06:07 - 2016-01-06 06:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-6059187.txt
2016-01-06 03:19 - 2016-01-06 03:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-41457671.txt
2016-01-06 03:19 - 2016-01-06 03:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-41455187.txt
2016-01-06 02:49 - 2016-01-06 02:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-39655187.txt
2016-01-06 02:49 - 2016-01-06 02:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-39655000.txt
2016-01-06 02:19 - 2016-01-06 02:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-37852562.txt
2016-01-06 02:19 - 2016-01-06 02:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-37852250.txt
2016-01-06 01:49 - 2016-01-06 01:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-36056718.txt
2016-01-06 01:49 - 2016-01-06 01:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-36052828.txt
2016-01-06 01:02 - 2016-01-06 01:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-33239625.txt
2016-01-06 01:02 - 2016-01-06 01:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-33239453.txt
2016-01-06 00:26 - 2016-01-06 00:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-31054234.txt
2016-01-06 00:26 - 2016-01-06 00:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-31050968.txt
2016-01-05 19:45 - 2016-01-05 19:45 - 00000117 _____ C:\WINDOWS\system32\netcfg-14180203.txt
2016-01-05 19:45 - 2016-01-05 19:45 - 00000117 _____ C:\WINDOWS\system32\netcfg-14178000.txt
2016-01-05 18:58 - 2016-01-05 18:58 - 00000117 _____ C:\WINDOWS\system32\netcfg-11353453.txt
2016-01-05 18:58 - 2016-01-05 18:58 - 00000117 _____ C:\WINDOWS\system32\netcfg-11352781.txt
2016-01-05 18:11 - 2016-01-05 18:15 - 132197648 _____ (Microsoft Corporation) C:\Users\User\Downloads\mpam-feX64.exe
2016-01-05 18:00 - 2016-01-05 18:29 - 00000000 ____D C:\Users\User\Desktop\New folder (2)
2016-01-05 17:58 - 2016-01-05 17:58 - 00510799 _____ C:\Users\User\Desktop\details.htm
2016-01-05 17:22 - 2016-01-05 19:05 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2016-01-05 17:09 - 2016-01-05 17:09 - 14243008 _____ (Microsoft Corporation) C:\Users\User\Downloads\MSEInstall.exe
2016-01-05 16:57 - 2016-01-05 16:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-4135562.txt
2016-01-05 16:57 - 2016-01-05 16:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-4130734.txt
2016-01-05 15:51 - 2016-01-05 15:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-158687.txt
2016-01-05 15:47 - 2016-01-05 15:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-3377531.txt
2016-01-05 15:46 - 2016-01-05 15:46 - 00000279 _____ C:\WINDOWS\system32\netcfg-3322437.txt
2016-01-05 15:43 - 2016-01-05 15:43 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-01-05 15:41 - 2016-01-05 15:41 - 00000000 ____D C:\Program Files\Lavasoft
2016-01-05 15:35 - 2016-01-05 15:35 - 02012464 _____ C:\Users\User\Downloads\Adaware_Installer.exe
2016-01-05 15:00 - 2016-01-11 14:25 - 00000000 ____D C:\Users\User\Desktop\New folder
2016-01-05 14:52 - 2016-01-05 14:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-81234.txt
2016-01-05 14:50 - 2016-01-05 14:50 - 00000117 _____ C:\WINDOWS\system32\netcfg-1425671.txt
2016-01-05 14:49 - 2016-01-05 14:49 - 00953019 _____ C:\Users\User\Downloads\test.wmv
2016-01-05 14:47 - 2016-01-05 14:47 - 00000363 _____ C:\Users\User\Desktop\Control Panel - Shortcut.lnk
2016-01-05 14:47 - 2016-01-05 14:47 - 00000303 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Control Panel.lnk
2016-01-05 14:26 - 2016-01-05 14:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-7485984.txt
2016-01-05 14:20 - 2016-01-05 14:20 - 00000000 ____D C:\Users\User\Downloads\mbam-chameleon-3.1.28.0
2016-01-05 14:17 - 2016-01-05 14:18 - 06392130 _____ C:\Users\User\Downloads\mbam-chameleon-3.1.28.0.zip
2016-01-05 14:17 - 2016-01-05 14:17 - 16563352 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.09.3.1001.exe
2016-01-05 13:50 - 2016-01-05 13:50 - 05200384 _____ (AVAST Software) C:\Users\User\Downloads\aswmbr (1).exe
2016-01-05 13:36 - 2016-01-05 13:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3231613D.sys
2016-01-05 12:37 - 2016-01-05 12:37 - 00000117 _____ C:\WINDOWS\system32\netcfg-973515.txt
2016-01-05 12:37 - 2016-01-05 12:37 - 00000117 _____ C:\WINDOWS\system32\netcfg-973203.txt
2016-01-05 12:37 - 2016-01-05 12:37 - 00000000 _____ C:\autoexec.bat
2016-01-05 12:35 - 2016-01-05 12:35 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-01-05 12:34 - 2016-01-05 12:34 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer.exe
2016-01-05 12:22 - 2016-01-05 12:22 - 00301664 _____ C:\WINDOWS\Minidump\010516-28859-01.dmp
2016-01-05 12:20 - 2016-01-05 12:31 - 00005201 _____ C:\Users\User\Downloads\startuplist.txt
2016-01-05 12:20 - 2016-01-05 12:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HijackThis.exe
2016-01-05 12:14 - 2016-01-05 12:17 - 00463870 _____ C:\TDSSKiller.3.1.0.9_05.01.2016_12.14.18_log.txt
2016-01-05 12:11 - 2016-01-05 12:11 - 01749504 _____ C:\Users\User\Downloads\AdwCleaner.exe
2016-01-05 12:10 - 2016-01-05 12:11 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller (1).exe
2016-01-05 12:10 - 2016-01-05 12:10 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2016-01-05 12:09 - 2016-01-05 12:10 - 05198336 _____ (AVAST Software) C:\Users\User\Downloads\aswMBR.exe
2016-01-05 12:02 - 2016-01-11 15:21 - 00000000 ____D C:\Users\User\Desktop\virus
2016-01-05 12:02 - 2016-01-05 12:02 - 00000512 _____ C:\Users\User\Downloads\MBR.dat
2016-01-05 11:55 - 2016-01-05 11:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-98125.txt
2016-01-05 11:53 - 2016-01-05 11:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-13078296.txt
2016-01-05 11:33 - 2016-01-05 11:33 - 00147456 _____ C:\Users\User\Downloads\catchme.exe
2016-01-05 11:24 - 2016-01-05 11:24 - 00380416 _____ C:\Users\User\Downloads\4oq1bgrf.exe
2016-01-05 11:23 - 2016-01-05 11:23 - 00380416 _____ C:\Users\User\Downloads\8w02tkkf.exe
2016-01-05 10:04 - 2016-01-05 10:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-6537687.txt
2016-01-05 10:04 - 2016-01-05 10:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-6537406.txt
2016-01-05 08:16 - 2016-01-05 08:16 - 00305848 _____ C:\WINDOWS\Minidump\010516-37796-01.dmp
2016-01-05 08:02 - 2016-01-05 08:02 - 00000000 ____D C:\Users\User\AppData\Roaming\EurekaLog
2016-01-05 07:29 - 2016-01-05 07:29 - 00002390 _____ C:\Users\User\Desktop\Safe Money.lnk
2016-01-05 07:25 - 2016-01-05 07:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-01-05 07:25 - 2016-01-05 07:24 - 00002132 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-01-05 07:24 - 2016-01-05 07:24 - 00000167 _____ C:\WINDOWS\system32\netcfg-742781.txt
2016-01-05 07:24 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-01-05 07:22 - 2016-01-11 17:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-05 07:22 - 2016-01-05 07:22 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-01-05 07:21 - 2016-01-05 07:37 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-01-05 07:21 - 2016-01-05 07:37 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-01-05 07:14 - 2016-01-05 07:19 - 00989938 _____ C:\TDSSKiller.3.1.0.9_05.01.2016_07.14.58_log.txt
2016-01-05 07:13 - 2016-01-11 14:08 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-05 07:12 - 2016-01-11 14:08 - 742565301 _____ C:\WINDOWS\MEMORY.DMP
2016-01-05 06:54 - 2016-01-05 06:54 - 11427128 _____ (Bitdefender LLC) C:\Users\User\Downloads\64.exe
2016-01-05 06:52 - 2016-01-05 06:52 - 07269656 _____ (Bitdefender LLC) C:\Users\User\Downloads\888.exe
2016-01-05 06:43 - 2016-01-05 06:43 - 02172800 _____ (Kaspersky Lab) C:\Users\User\Downloads\kss15.0.0.740en_es_fr_pt_8648.exe
2016-01-05 06:42 - 2016-01-05 06:42 - 00380416 _____ C:\Users\User\Downloads\khejppv8.exe
2016-01-05 06:41 - 2016-01-05 06:41 - 00380416 _____ C:\Users\User\Downloads\7b25ro8m.exe
2016-01-05 06:37 - 2016-01-05 06:37 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-01-05 06:34 - 2016-01-05 06:37 - 00457570 _____ C:\TDSSKiller.3.1.0.9_05.01.2016_06.34.22_log.txt
2016-01-05 06:26 - 2016-01-05 06:26 - 00075448 _____ C:\WINDOWS\system32\Drivers\fsbts.sys
2016-01-05 06:25 - 2016-01-05 06:25 - 00000000 ____D C:\Users\User\AppData\Local\FSDART
2016-01-05 06:24 - 2016-01-05 06:26 - 00000000 ____D C:\ProgramData\F-Secure
2016-01-05 06:24 - 2016-01-05 06:24 - 00000000 ____D C:\Users\User\AppData\Local\F-Secure
2016-01-05 06:15 - 2016-01-05 06:15 - 00000170 _____ C:\WINDOWS\system32\netcfg-76268796.txt
2016-01-05 06:15 - 2016-01-05 06:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-76255156.txt
2016-01-05 06:15 - 2016-01-05 06:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-76254953.txt
2016-01-05 06:15 - 2016-01-05 06:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-76254671.txt
2016-01-05 06:15 - 2016-01-05 06:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-76253937.txt
2016-01-05 06:09 - 2016-01-04 08:39 - 00886256 ____N (Microsoft Corporation) C:\Users\User\Desktop\mssstool32.exe
2016-01-05 06:04 - 2016-01-05 06:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-75551421.txt
2016-01-05 02:59 - 2016-01-05 02:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-64463640.txt
2016-01-04 12:10 - 2016-01-04 12:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-11130062.txt
2016-01-04 11:22 - 2016-01-04 11:22 - 00000117 _____ C:\WINDOWS\system32\netcfg-8242546.txt
2016-01-04 11:22 - 2016-01-04 11:22 - 00000117 _____ C:\WINDOWS\system32\netcfg-8241812.txt
2016-01-04 11:21 - 2016-01-04 11:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-8179859.txt
2016-01-04 11:19 - 2016-01-04 11:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-8081437.txt
2016-01-04 11:00 - 2016-01-04 11:00 - 00000117 _____ C:\WINDOWS\system32\netcfg-6953890.txt
2016-01-04 11:00 - 2016-01-04 11:00 - 00000117 _____ C:\WINDOWS\system32\netcfg-6941281.txt
2016-01-04 10:49 - 2016-01-04 10:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-6259828.txt
2016-01-04 10:47 - 2016-01-04 10:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-6143906.txt
2016-01-04 10:35 - 2016-01-04 10:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-5442515.txt
2016-01-04 09:04 - 2016-01-04 09:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-17110937.txt
2016-01-04 09:02 - 2016-01-04 09:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-17020140.txt
2016-01-04 07:26 - 2016-01-04 07:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-11211125.txt
2016-01-04 06:57 - 2016-01-04 06:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-9470312.txt
2016-01-04 06:57 - 2016-01-04 06:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-9469875.txt
2016-01-04 06:56 - 2016-01-04 06:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-9466406.txt
2016-01-04 06:38 - 2016-01-04 06:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-8367390.txt
2016-01-04 06:28 - 2016-01-04 06:28 - 00006785 _____ C:\Users\User\Downloads\focus_manager.js
2016-01-04 05:41 - 2016-01-04 05:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-4937203.txt
2016-01-04 04:18 - 2016-01-04 04:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-9431140.txt
2016-01-04 04:17 - 2016-01-11 17:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-04 04:16 - 2016-01-04 10:36 - 00001098 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-04 04:16 - 2016-01-04 04:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-04 04:15 - 2016-01-04 04:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-04 04:15 - 2016-01-04 04:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-04 04:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-04 04:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-04 04:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-04 04:12 - 2016-01-04 04:13 - 22908888 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-04 03:53 - 2016-01-04 03:53 - 00001164 _____ C:\WINDOWS\system32\netcfg-7895875.txt
2016-01-04 03:53 - 2016-01-04 03:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-7902390.txt
2016-01-04 03:53 - 2016-01-04 03:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-7896828.txt
2016-01-04 03:47 - 2016-01-04 04:00 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-01-04 03:28 - 2016-01-04 10:39 - 00000105 _____ C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2016-01-04 03:27 - 2016-01-04 03:27 - 00044640 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\aswTap.sys
2016-01-04 03:27 - 2016-01-04 03:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2016-01-04 03:23 - 2016-01-05 07:12 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-04 03:02 - 2016-01-04 03:02 - 05066096 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online.exe
2016-01-04 03:02 - 2016-01-04 03:02 - 05066096 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2016-01-04 03:01 - 2016-01-05 07:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-01-04 03:01 - 2016-01-04 03:01 - 02622792 _____ (Kaspersky Lab) C:\Users\User\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-01-04 02:08 - 2016-01-04 02:08 - 00000000 ____D C:\Users\User\Downloads\New folder (2)
2016-01-04 02:08 - 2016-01-04 02:08 - 00000000 ____D C:\Users\User\Downloads\New folder
2016-01-04 02:02 - 2016-01-04 02:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-1260578.txt
2016-01-04 02:02 - 2016-01-04 02:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-1249671.txt
2016-01-04 02:01 - 2016-01-04 02:01 - 00010240 ___SH C:\Users\User\Documents\Thumbs.db
2016-01-04 01:44 - 2016-01-04 01:44 - 00924160 _____ C:\Users\User\Documents\boatcamvid.avi
2016-01-04 01:42 - 2016-01-04 01:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-58890.txt
2016-01-04 01:41 - 2016-01-04 01:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-2306156.txt
2016-01-04 01:34 - 2016-01-04 01:34 - 00000008 _____ C:\END
2016-01-04 01:30 - 2016-01-04 06:52 - 00000000 ____D C:\Program Files\Faster Web
2016-01-04 01:30 - 2016-01-04 01:30 - 00002560 _____ C:\Users\User\AppData\Local\uninstall.exe
2016-01-04 01:29 - 2016-01-04 01:29 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA Corporation
2016-01-04 01:20 - 2016-01-04 01:21 - 09830400 _____ C:\Users\User\Downloads\TWRP_ms01lte-beta2.tar
2016-01-04 01:16 - 2016-01-04 01:16 - 04254181 _____ C:\Users\User\Downloads\BETA-SuperSU-v2.65.zip
2016-01-04 01:13 - 2016-01-04 01:13 - 00003198 _____ C:\WINDOWS\System32\Tasks\{F912026E-DED0-426E-9330-96BE19FA86A0}
2016-01-04 01:03 - 2016-01-04 01:03 - 00000117 _____ C:\WINDOWS\system32\netcfg-63468.txt
2016-01-04 01:02 - 2016-01-04 01:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-170521562.txt
2016-01-04 01:02 - 2016-01-04 01:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-170521093.txt
2016-01-04 01:00 - 2016-01-04 01:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2016-01-04 00:56 - 2014-06-15 22:01 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2016-01-04 00:56 - 2014-06-15 22:01 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2016-01-04 00:56 - 2014-06-15 22:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-01-04 00:56 - 2014-06-15 22:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-01-04 00:55 - 2016-01-04 00:55 - 00000000 ____D C:\ProgramData\Samsung
2016-01-04 00:55 - 2016-01-04 00:55 - 00000000 ____D C:\Program Files\SAMSUNG
2016-01-04 00:53 - 2016-01-04 00:55 - 16007072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0 (1).exe
2016-01-04 00:53 - 2016-01-04 00:54 - 16007072 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0.exe
2016-01-04 00:48 - 2016-01-04 00:48 - 00000000 ____D C:\Program Files\DIFX
2016-01-04 00:48 - 2016-01-04 00:48 - 00000000 ____D C:\adb
2016-01-04 00:46 - 2016-01-04 00:47 - 09620767 _____ (Snoop05) C:\Users\User\Downloads\adb-setup-1.4.2.exe
2016-01-03 23:28 - 2016-01-03 23:28 - 00000000 ____D C:\Users\User\AppData\Local\Chris_Pietschmann_(http__
2016-01-03 22:42 - 2016-01-03 22:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-162132578.txt
2016-01-03 22:42 - 2016-01-03 22:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-162125421.txt
2016-01-03 22:39 - 2016-01-03 22:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-161974500.txt
2016-01-03 22:39 - 2016-01-03 22:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-161971750.txt
2016-01-03 21:51 - 2016-01-03 21:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-159087203.txt
2016-01-03 21:51 - 2016-01-03 21:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-159086390.txt
2016-01-03 21:51 - 2016-01-03 21:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-159073484.txt
2016-01-03 21:49 - 2016-01-03 21:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-158969562.txt
2016-01-03 20:32 - 2016-01-03 20:33 - 00000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-01-03 20:30 - 2016-01-03 20:32 - 00000156 _____ C:\WINDOWS\system32\netcfg-154215234.txt
2016-01-03 20:08 - 2016-01-04 01:41 - 00000000 ____D C:\Program Files (x86)\Virtual Router
2016-01-03 20:08 - 2016-01-03 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
2016-01-03 20:06 - 2016-01-03 20:07 - 01373696 _____ C:\Users\User\Downloads\VirtualRouterInstaller.msi
2016-01-03 19:31 - 2016-01-03 19:31 - 00001240 _____ C:\Users\User\Downloads\CopyofUntitleddocument.zip
2016-01-03 10:20 - 2016-01-03 10:20 - 00000117 _____ C:\WINDOWS\system32\netcfg-117620578.txt
2016-01-03 10:20 - 2016-01-03 10:20 - 00000117 _____ C:\WINDOWS\system32\netcfg-117615562.txt
2016-01-02 18:53 - 2016-01-02 18:53 - 00030666 _____ C:\Users\User\Documents\Ramsell Pharmacy Locator - Pharmacy Search Results.html
2016-01-02 18:53 - 2016-01-02 18:53 - 00000000 ____D C:\Users\User\Documents\Ramsell Pharmacy Locator - Pharmacy Search Results_files
2016-01-02 18:50 - 2016-01-02 18:50 - 00001139 _____ C:\WINDOWS\system32\netcfg-61825500.txt
2016-01-02 18:50 - 2016-01-02 18:50 - 00000117 _____ C:\WINDOWS\system32\netcfg-61826187.txt
2016-01-02 08:09 - 2016-01-02 08:49 - 1017136867 _____ C:\Users\User\Downloads\TrustedCommunityContributions_2.12_201512091813.zip
2016-01-02 06:43 - 2016-01-02 06:43 - 00037597 _____ C:\Users\User\Documents\osintstalker.htm
2016-01-02 06:30 - 2016-01-03 20:43 - 00000985 _____ C:\Users\User\Desktop\null.txt
2016-01-02 06:30 - 2016-01-02 06:30 - 00000000 _____ C:\Users\User\Desktop\New Text Document.txt
2016-01-02 04:53 - 2016-01-02 04:53 - 00147602 _____ C:\Users\User\Downloads\Earnest Money Guidelines  05 12 14_30425153.pdf
2016-01-02 03:48 - 2016-01-02 03:48 - 00016658 _____ C:\Users\User\Downloads\052814_NW.xlsx
2016-01-02 03:46 - 2016-01-02 03:46 - 00032357 _____ C:\Users\User\Downloads\091014_CA.xlsx
2016-01-02 03:46 - 2016-01-02 03:46 - 00018108 _____ C:\Users\User\Downloads\052114_CA.xlsx
2016-01-02 03:45 - 2016-01-02 03:45 - 00016659 _____ C:\Users\User\Downloads\1-14-15 General vehicle.xlsx
2016-01-02 03:44 - 2016-01-02 03:44 - 00020854 _____ C:\Users\User\Downloads\1-28-15- Riverside, CA.xlsx
2016-01-02 03:44 - 2016-01-02 03:44 - 00012795 _____ C:\Users\User\Downloads\031715SpecialtyAuction.xlsx
2016-01-02 03:44 - 2016-01-02 03:44 - 00011720 _____ C:\Users\User\Downloads\031315SpecialtyAuction.xlsx
2016-01-02 03:44 - 2016-01-02 03:44 - 00010516 _____ C:\Users\User\Downloads\030615SpecialtyAuction.xlsx
2016-01-02 03:42 - 2016-01-02 03:42 - 00015568 _____ C:\Users\User\Downloads\7.22.15RiversideCA.xlsx
2016-01-02 03:42 - 2016-01-02 03:42 - 00012800 _____ C:\Users\User\Downloads\7.15.15SpecialtyAuctionBoats.xlsx
2016-01-02 03:41 - 2016-01-02 03:41 - 00012004 _____ C:\Users\User\Downloads\8.18.15SpecialtyAuction.xlsx
2016-01-02 03:39 - 2016-01-02 03:39 - 00015669 _____ C:\Users\User\Downloads\92215_Vessels.xlsx
2016-01-02 03:38 - 2016-01-02 03:38 - 00015545 _____ C:\Users\User\Downloads\102815_Vessels (2).xlsx
2016-01-02 03:37 - 2016-01-04 10:37 - 00002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
2016-01-02 03:36 - 2016-01-02 03:36 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-01-02 03:35 - 2016-01-02 03:35 - 00012488 _____ C:\Users\User\Downloads\11-24-2014 Specialty Auction.xlsx
2016-01-02 03:33 - 2016-01-02 03:36 - 77738888 _____ (Microsoft Corporation) C:\Users\User\Downloads\ExcelViewer.exe
2016-01-02 03:22 - 2016-01-02 03:22 - 00015545 _____ C:\Users\User\Downloads\102815_Vessels.xlsx
2016-01-02 03:22 - 2016-01-02 03:22 - 00015545 _____ C:\Users\User\Downloads\102815_Vessels (1).xlsx
2016-01-02 01:51 - 2016-01-04 10:36 - 00000589 _____ C:\Users\User\Desktop\WampServer64.lnk
2016-01-02 01:51 - 2016-01-02 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
2016-01-02 01:47 - 2016-01-02 01:53 - 00000000 ____D C:\wamp
2016-01-02 01:39 - 2016-01-02 01:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-787928093.txt
2016-01-02 01:39 - 2016-01-02 01:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-787927421.txt
2016-01-02 01:38 - 2016-01-02 01:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-787900671.txt
2016-01-02 01:38 - 2016-01-02 01:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-787900625.txt
2016-01-02 01:23 - 2016-01-02 01:25 - 43507845 _____ (Hervé Leclerc (HeL) ) C:\Users\User\Downloads\wampserver2.5-Apache-2.4.9-Mysql-5.6.17-php5.5.12-64b.exe
2016-01-02 01:07 - 2016-01-02 01:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-786030093.txt
2016-01-02 01:07 - 2016-01-02 01:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-786030031.txt
2016-01-02 00:10 - 2016-01-04 01:17 - 00000000 ____D C:\solar
2016-01-02 00:08 - 2016-01-11 11:22 - 00000000 ___RD C:\Users\User\Downloads\AFF540DC.Unpacker_v7353qx4kg3sa!App
2016-01-02 00:01 - 2016-01-02 00:06 - 136315036 _____ C:\Users\User\Downloads\solr-5.4.0.tgz
2016-01-01 22:55 - 2016-01-01 22:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-778086265.txt
2016-01-01 22:55 - 2016-01-01 22:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-778085937.txt
2016-01-01 21:40 - 2016-01-01 21:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-773606093.txt
2016-01-01 21:40 - 2016-01-01 21:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-773605750.txt
2016-01-01 19:46 - 2016-01-01 19:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-766733468.txt
2016-01-01 19:46 - 2016-01-01 19:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-766733093.txt
2016-01-01 14:47 - 2016-01-01 14:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-748795796.txt
2016-01-01 14:47 - 2016-01-01 14:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-748795750.txt
2016-01-01 13:59 - 2016-01-01 13:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-745938093.txt
2016-01-01 13:59 - 2016-01-01 13:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-745937875.txt
2016-01-01 13:07 - 2016-01-01 13:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-742792906.txt
2016-01-01 13:07 - 2016-01-01 13:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-742792859.txt
2016-01-01 12:29 - 2016-01-01 12:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-740561296.txt
2016-01-01 12:29 - 2016-01-01 12:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-740561093.txt
2016-01-01 10:48 - 2016-01-01 10:48 - 00000117 _____ C:\WINDOWS\system32\netcfg-734496109.txt
2016-01-01 10:48 - 2016-01-01 10:48 - 00000117 _____ C:\WINDOWS\system32\netcfg-734496015.txt
2016-01-01 09:15 - 2016-01-01 09:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-728920531.txt
2016-01-01 09:15 - 2016-01-01 09:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-728920468.txt
2016-01-01 08:17 - 2016-01-01 08:19 - 37376231 _____ C:\Users\User\Downloads\nearbyfriendsbroll-mp4.zip
2016-01-01 02:49 - 2016-01-01 02:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-705744500.txt
2016-01-01 02:49 - 2016-01-01 02:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-705744421.txt
2015-12-31 21:06 - 2015-12-31 21:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-685127578.txt
2015-12-31 21:06 - 2015-12-31 21:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-685126859.txt
2015-12-31 09:19 - 2015-12-31 09:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-642740734.txt
2015-12-31 09:19 - 2015-12-31 09:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-642740000.txt
2015-12-31 05:58 - 2015-12-31 05:58 - 00000117 _____ C:\WINDOWS\system32\netcfg-630658593.txt
2015-12-31 05:58 - 2015-12-31 05:58 - 00000117 _____ C:\WINDOWS\system32\netcfg-630658359.txt
2015-12-31 05:07 - 2015-12-31 05:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-627640109.txt
2015-12-31 05:07 - 2015-12-31 05:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-627639984.txt
2015-12-31 00:40 - 2015-12-31 00:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-611624953.txt
2015-12-31 00:40 - 2015-12-31 00:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-611624156.txt
2015-12-31 00:38 - 2015-12-31 00:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-611503656.txt
2015-12-31 00:38 - 2015-12-31 00:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-611503609.txt
2015-12-30 21:32 - 2015-12-30 21:32 - 00000117 _____ C:\WINDOWS\system32\netcfg-600314984.txt
2015-12-30 21:32 - 2015-12-30 21:32 - 00000117 _____ C:\WINDOWS\system32\netcfg-600314937.txt
2015-12-30 20:56 - 2015-12-30 20:56 - 00030395 _____ C:\Users\User\Desktop\Online Notepad _ Note 192091.html
2015-12-30 20:56 - 2015-12-30 20:56 - 00000000 ____D C:\Users\User\Desktop\Online Notepad _ Note 192091_files
2015-12-30 20:53 - 2015-12-30 20:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-597970265.txt
2015-12-30 20:53 - 2015-12-30 20:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-597968312.txt
2015-12-30 12:24 - 2015-12-30 12:24 - 00000117 _____ C:\WINDOWS\system32\netcfg-567418140.txt
2015-12-30 12:23 - 2015-12-30 12:24 - 00000117 _____ C:\WINDOWS\system32\netcfg-567416796.txt
2015-12-30 08:41 - 2015-12-30 08:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-554067593.txt
2015-12-30 08:41 - 2015-12-30 08:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-554067156.txt
2015-12-30 07:47 - 2015-12-30 07:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-550857015.txt
2015-12-30 07:47 - 2015-12-30 07:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-550851171.txt
2015-12-30 00:59 - 2015-12-30 00:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-526382171.txt
2015-12-30 00:59 - 2015-12-30 00:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-526381765.txt
2015-12-29 14:21 - 2015-12-29 14:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-488080875.txt
2015-12-29 14:21 - 2015-12-29 14:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-488080843.txt
2015-12-29 12:35 - 2015-12-29 12:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-481692296.txt
2015-12-29 12:35 - 2015-12-29 12:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-481692234.txt
2015-12-29 06:05 - 2015-12-29 06:05 - 00014952 _____ C:\Users\User\Desktop\HAIHANG INDUSTRY CO.,LTD..html
2015-12-29 06:05 - 2015-12-29 06:05 - 00000000 ____D C:\Users\User\Desktop\HAIHANG INDUSTRY CO.,LTD._files
2015-12-29 04:25 - 2015-12-29 04:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-452328843.txt
2015-12-29 04:25 - 2015-12-29 04:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-452328468.txt
2015-12-29 02:05 - 2015-12-29 02:05 - 00028580 _____ C:\Users\User\Desktop\product_info.htm
2015-12-28 23:31 - 2015-12-28 23:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-434699656.txt
2015-12-28 23:31 - 2015-12-28 23:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-434699578.txt
2015-12-28 17:35 - 2015-12-28 17:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-413297640.txt
2015-12-28 17:35 - 2015-12-28 17:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-413295328.txt
2015-12-28 14:29 - 2015-12-28 14:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-402180140.txt
2015-12-28 14:29 - 2015-12-28 14:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-402179296.txt
2015-12-28 13:12 - 2015-12-28 13:12 - 00000117 _____ C:\WINDOWS\system32\netcfg-397534531.txt
2015-12-28 13:12 - 2015-12-28 13:12 - 00000117 _____ C:\WINDOWS\system32\netcfg-397533593.txt
2015-12-28 11:28 - 2015-12-28 11:28 - 00000117 _____ C:\WINDOWS\system32\netcfg-391275593.txt
2015-12-28 11:28 - 2015-12-28 11:28 - 00000117 _____ C:\WINDOWS\system32\netcfg-391275093.txt
2015-12-27 23:38 - 2015-12-27 23:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-348686593.txt
2015-12-27 23:38 - 2015-12-27 23:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-348686109.txt
2015-12-27 21:26 - 2015-12-27 21:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-340750093.txt
2015-12-27 21:26 - 2015-12-27 21:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-340749093.txt
2015-12-27 20:07 - 2015-12-27 20:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-336049593.txt
2015-12-27 20:07 - 2015-12-27 20:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-336049468.txt
2015-12-27 19:30 - 2015-12-27 19:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-333802375.txt
2015-12-27 19:30 - 2015-12-27 19:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-333802234.txt
2015-12-27 10:59 - 2015-12-27 10:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-303181593.txt
2015-12-27 10:59 - 2015-12-27 10:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-303181015.txt
2015-12-27 10:29 - 2015-12-27 10:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-301381265.txt
2015-12-27 10:29 - 2015-12-27 10:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-301381109.txt
2015-12-25 16:10 - 2015-12-25 16:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-148984500.txt
2015-12-25 16:10 - 2015-12-25 16:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-148984437.txt
2015-12-25 10:29 - 2015-12-25 10:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-128581593.txt
2015-12-25 10:29 - 2015-12-25 10:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-128580796.txt
2015-12-25 02:23 - 2015-12-02 13:18 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-24 20:25 - 2015-12-24 20:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-77913359.txt
2015-12-24 20:25 - 2015-12-24 20:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-77913203.txt
2015-12-24 17:05 - 2015-12-24 17:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-65931156.txt
2015-12-24 17:05 - 2015-12-24 17:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-65930453.txt
2015-12-24 13:11 - 2015-12-24 13:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-51874015.txt
2015-12-24 11:30 - 2015-12-24 11:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-45796781.txt
2015-12-24 11:29 - 2015-12-24 11:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-45775781.txt
2015-12-24 11:29 - 2015-12-24 11:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-45766296.txt
2015-12-24 11:27 - 2015-12-24 11:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-45634312.txt
2015-12-24 11:27 - 2015-12-24 11:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-45633500.txt
2015-12-23 22:47 - 2015-12-23 22:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-45875.txt
2015-12-23 22:46 - 2015-12-23 22:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-6777375.txt
2015-12-23 20:54 - 2015-12-23 20:54 - 00000117 _____ C:\WINDOWS\system32\netcfg-59750.txt
2015-12-23 20:52 - 2015-12-23 20:52 - 00000117 _____ C:\WINDOWS\system32\netcfg--1111340406.txt
2015-12-18 13:02 - 2015-12-18 13:02 - 00000117 _____ C:\WINDOWS\system32\netcfg--1571552234.txt
2015-12-18 13:02 - 2015-12-18 13:02 - 00000117 _____ C:\WINDOWS\system32\netcfg--1571552187.txt
2015-12-18 11:16 - 2015-12-18 11:16 - 00000117 _____ C:\WINDOWS\system32\netcfg--1577907250.txt
2015-12-18 11:16 - 2015-12-18 11:16 - 00000117 _____ C:\WINDOWS\system32\netcfg--1577906515.txt
2015-12-17 23:50 - 2015-12-17 23:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--1619096843.txt
2015-12-17 23:50 - 2015-12-17 23:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--1619082000.txt
2015-12-17 23:50 - 2015-12-17 23:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--1619076859.txt
2015-12-17 23:50 - 2015-12-17 23:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--1619073781.txt
2015-12-17 13:54 - 2015-12-17 13:54 - 00000117 _____ C:\WINDOWS\system32\netcfg--1654807687.txt
2015-12-17 13:54 - 2015-12-17 13:54 - 00000117 _____ C:\WINDOWS\system32\netcfg--1654807640.txt
2015-12-17 13:54 - 2015-12-17 13:54 - 00000117 _____ C:\WINDOWS\system32\netcfg--1654807593.txt
2015-12-17 11:01 - 2015-12-17 11:01 - 00000117 _____ C:\WINDOWS\system32\netcfg--1665179921.txt
2015-12-17 10:58 - 2015-12-17 10:58 - 00000117 _____ C:\WINDOWS\system32\netcfg--1665395921.txt
2015-12-17 10:58 - 2015-12-17 10:58 - 00000117 _____ C:\WINDOWS\system32\netcfg--1665395875.txt
2015-12-17 10:13 - 2016-01-06 08:39 - 00000000 ____D C:\Program Files (x86)\Dorgem
2015-12-17 10:13 - 2016-01-04 10:36 - 00000915 _____ C:\Users\User\Desktop\Dorgem.lnk
2015-12-17 10:13 - 2015-12-17 10:13 - 00000915 _____ C:\Users\Administrator\Desktop\Dorgem.lnk
2015-12-17 10:13 - 2015-12-17 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dorgem
2015-12-17 10:00 - 2016-01-05 16:03 - 00000000 ____D C:\Program Files\Gramblr
2015-12-17 10:00 - 2016-01-05 15:47 - 00000000 ____D C:\ProgramData\Gramblr
2015-12-17 10:00 - 2016-01-04 10:37 - 00000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gramblr.lnk
2015-12-17 09:50 - 2015-12-17 09:59 - 03251713 _____ C:\Users\User\Downloads\gramblr2_win64.zip
2015-12-17 02:44 - 2015-12-17 02:44 - 00000117 _____ C:\WINDOWS\system32\netcfg--1695008765.txt
2015-12-17 02:44 - 2015-12-17 02:44 - 00000117 _____ C:\WINDOWS\system32\netcfg--1695007812.txt
2015-12-15 04:13 - 2015-12-15 04:13 - 00000117 _____ C:\WINDOWS\system32\netcfg--1862512546.txt
2015-12-15 04:12 - 2015-12-15 04:13 - 00000117 _____ C:\WINDOWS\system32\netcfg--1862515796.txt
2015-12-14 17:03 - 2015-12-14 17:03 - 00000117 _____ C:\WINDOWS\system32\netcfg--1902664296.txt
2015-12-14 17:03 - 2015-12-14 17:03 - 00000117 _____ C:\WINDOWS\system32\netcfg--1902663890.txt
2015-12-14 09:42 - 2015-12-14 09:42 - 00000117 _____ C:\WINDOWS\system32\netcfg--1929132718.txt
2015-12-14 09:42 - 2015-12-14 09:42 - 00000117 _____ C:\WINDOWS\system32\netcfg--1929129906.txt
2015-12-14 09:40 - 2015-12-14 09:41 - 00000117 _____ C:\WINDOWS\system32\netcfg--1929235187.txt
2015-12-14 09:40 - 2015-12-14 09:40 - 00000117 _____ C:\WINDOWS\system32\netcfg--1929237890.txt
2015-12-13 04:50 - 2015-12-13 04:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--2033064015.txt
2015-12-13 04:50 - 2015-12-13 04:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--2033062187.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-11 17:41 - 2012-07-25 21:37 - 00000000 ____D C:\Windows
2016-01-11 17:32 - 2015-10-11 22:22 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-11 17:31 - 2012-07-25 21:37 - 00000000 ____D C:\WINDOWS\Inf
2016-01-11 14:39 - 2015-10-07 01:56 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-86464355-335068722-2241913787-1001
2016-01-11 14:32 - 2015-10-11 22:21 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-11 14:18 - 2012-07-25 23:28 - 00941050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-11 14:15 - 2012-08-10 17:45 - 00000821 _____ C:\WINDOWS\SysWOW64\bscs.ini
2016-01-11 14:15 - 2012-07-26 00:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-11 14:12 - 2015-11-12 13:32 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-11 14:12 - 2012-12-28 17:54 - 00004524 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2016-01-11 14:12 - 2012-12-28 17:54 - 00000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2016-01-11 14:11 - 2015-10-07 01:46 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2016-01-11 14:08 - 2012-07-25 23:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-11 11:17 - 2012-07-26 00:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2016-01-11 11:16 - 2012-07-26 00:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-11 11:15 - 2015-10-07 01:50 - 00003906 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B60F0A5F-23DE-4F51-9E3F-188A9B43980E}
2016-01-10 00:24 - 2012-08-03 16:02 - 00000000 ____D C:\SWSetup
2016-01-09 14:07 - 2012-07-25 21:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-08 03:46 - 2012-09-11 18:18 - 00000000 ____D C:\ProgramData\WildTangent
2016-01-05 08:15 - 2012-12-28 17:52 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2016-01-05 07:37 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2016-01-05 07:37 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2016-01-05 07:35 - 2015-07-04 02:18 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-01-05 07:24 - 2012-07-25 21:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-05 07:23 - 2012-07-26 00:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-04 10:37 - 2015-10-07 01:50 - 00001402 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-04 10:37 - 2012-09-11 18:14 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk
2016-01-04 10:37 - 2012-09-11 18:11 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-01-04 10:37 - 2012-09-11 18:10 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-01-04 10:37 - 2012-09-11 18:07 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-01-04 10:36 - 2015-11-12 16:32 - 00000959 _____ C:\Users\Public\Desktop\Steam.lnk
2016-01-04 10:36 - 2015-11-06 02:58 - 00001075 _____ C:\Users\User\Desktop\Free Alarm Clock.lnk
2016-01-04 10:36 - 2015-10-12 16:04 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-04 10:36 - 2015-10-07 01:53 - 00002263 _____ C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
2016-01-04 10:36 - 2015-04-04 16:27 - 00002094 _____ C:\Users\Public\Desktop\Snapfish.lnk
2016-01-04 10:36 - 2015-04-04 16:27 - 00002076 _____ C:\Users\Public\Desktop\eBay.lnk
2016-01-04 10:36 - 2015-04-04 16:27 - 00002028 _____ C:\Users\Public\Desktop\HP Games.lnk
2016-01-04 10:36 - 2012-12-28 18:05 - 00001361 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk
2016-01-04 10:36 - 2012-12-28 18:02 - 00002036 _____ C:\Users\Public\Desktop\CyberLink Media Suite.lnk
2016-01-04 10:36 - 2012-09-11 18:14 - 00001103 _____ C:\Users\Public\Desktop\Connected Music powered by Meridian.lnk
2016-01-04 09:04 - 2012-07-26 00:12 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-01-04 03:27 - 2015-10-12 23:35 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-04 01:29 - 2015-10-11 22:21 - 00000000 ____D C:\Users\User\AppData\Local\Google
2016-01-02 03:37 - 2012-09-11 18:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-02 01:40 - 2012-12-28 18:19 - 00000000 ____D C:\ProgramData\Norton
2016-01-02 00:07 - 2015-10-07 01:46 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2015-12-25 08:19 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-25 02:19 - 2015-10-12 23:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2015-12-23 20:54 - 2015-11-26 20:17 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForUser.job
2015-12-22 09:22 - 2015-11-26 20:17 - 00003150 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForUser
 
==================== Files in the root of some directories =======
 
2016-01-04 01:30 - 2016-01-04 01:30 - 0002560 _____ () C:\Users\User\AppData\Local\uninstall.exe
2016-01-09 14:10 - 2016-01-09 14:10 - 0000000 _____ () C:\Users\User\AppData\Local\{5E05D0E9-DF48-4582-9182-CA4529A6A959}
2016-01-11 17:32 - 2016-01-11 17:32 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2012-12-28 18:10 - 2012-12-28 18:10 - 0000595 _____ () C:\ProgramData\CyberlinkOutput.txt
 
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\catchme.dll
C:\Users\User\AppData\Local\Temp\kis_setup.exe
C:\Users\User\AppData\Local\Temp\PROCEXP64.exe
C:\Users\User\AppData\Local\Temp\uc_english.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-07 03:58
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 ryanuts

ryanuts
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:san diego
  • Local time:07:59 PM

Posted 13 January 2016 - 04:46 AM

Bump

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 PM

Posted 13 January 2016 - 11:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I'm not aware of what is causing the creation of all the files C:\WINDOWS\system32\netcfg-xxxxxx.txt files but will start by deleting them.

I did find this artilce and I hope you can find a solution to stop the creation of these files that are consuming a lot of disk space.
http://www.msfn.org/board/topic/158189-netcfg-log-files-in-system32/

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Sysinternals - www.sysinternals.com) C:\Users\User\AppData\Local\Temp\PROCEXP64.exe
IFEO\taskmgr.exe: [Debugger] "C:\USERS\USER\DESKTOP\NEW FOLDER\PROCEXP.EXE"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-86464355-335068722-2241913787-1001 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-86464355-335068722-2241913787-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-86464355-335068722-2241913787-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G14zamobl10924,63d398d6-462d-4a92-b9cb-4d69da38e839,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G14zamobl10924,63d398d6-462d-4a92-b9cb-4d69da38e839,&vp=ch&prd=set_ch"
S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [X]
S4 LavasoftAdAwareService11; "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe" [X]
U4 avc3; system32\DRIVERS\avc3.sys [X]
R3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
U4 BdfNdisf; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [X]
R4 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U3 pxloipod; \??\C:\Users\User\AppData\Local\Temp\pxloipod.sys [X]
2016-01-11 17:32 - 2016-01-11 17:32 - 00000181 _____ C:\WINDOWS\system32\netcfg-12263796.txt
2016-01-11 17:32 - 2016-01-11 17:32 - 00000017 _____ C:\ProgramData\adaware-installer-reboot-required.tmp
2016-01-11 14:15 - 2016-01-11 14:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-479531.txt
2016-01-11 14:15 - 2016-01-11 14:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-476359.txt
2016-01-11 14:13 - 2016-01-11 14:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-356296.txt
2016-01-11 14:13 - 2016-01-11 14:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-356046.txt
2016-01-11 14:08 - 2016-01-11 14:08 - 00309392 _____ C:\WINDOWS\Minidump\011116-45078-01.dmp
2016-01-11 14:07 - 2016-01-11 14:07 - 00000000 __SHD C:\found.000
2016-01-11 11:07 - 2016-01-11 11:07 - 00301168 _____ C:\WINDOWS\Minidump\011116-32265-01.dmp
2016-01-11 11:04 - 2016-01-11 11:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-89468.txt
2016-01-09 14:11 - 2016-01-09 14:11 - 00301056 _____ C:\WINDOWS\Minidump\010916-37812-01.dmp
2016-01-06 13:33 - 2016-01-06 13:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-32790187.txt
2016-01-06 06:07 - 2016-01-06 06:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-6059187.txt
2016-01-06 03:19 - 2016-01-06 03:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-41457671.txt
2016-01-06 03:19 - 2016-01-06 03:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-41455187.txt
2016-01-06 02:49 - 2016-01-06 02:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-39655187.txt
2016-01-06 02:49 - 2016-01-06 02:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-39655000.txt
2016-01-06 02:19 - 2016-01-06 02:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-37852562.txt
2016-01-06 02:19 - 2016-01-06 02:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-37852250.txt
2016-01-06 01:49 - 2016-01-06 01:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-36056718.txt
2016-01-06 01:49 - 2016-01-06 01:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-36052828.txt
2016-01-06 01:02 - 2016-01-06 01:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-33239625.txt
2016-01-06 01:02 - 2016-01-06 01:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-33239453.txt
2016-01-06 00:26 - 2016-01-06 00:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-31054234.txt
2016-01-06 00:26 - 2016-01-06 00:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-31050968.txt
2016-01-05 19:45 - 2016-01-05 19:45 - 00000117 _____ C:\WINDOWS\system32\netcfg-14180203.txt
2016-01-05 19:45 - 2016-01-05 19:45 - 00000117 _____ C:\WINDOWS\system32\netcfg-14178000.txt
2016-01-05 18:58 - 2016-01-05 18:58 - 00000117 _____ C:\WINDOWS\system32\netcfg-11353453.txt
2016-01-05 18:58 - 2016-01-05 18:58 - 00000117 _____ C:\WINDOWS\system32\netcfg-11352781.txt
2016-01-05 16:57 - 2016-01-05 16:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-4135562.txt
2016-01-05 16:57 - 2016-01-05 16:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-4130734.txt
2016-01-05 15:51 - 2016-01-05 15:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-158687.txt
2016-01-05 15:47 - 2016-01-05 15:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-3377531.txt
2016-01-05 15:46 - 2016-01-05 15:46 - 00000279 _____ C:\WINDOWS\system32\netcfg-3322437.txt
2016-01-05 14:52 - 2016-01-05 14:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-81234.txt
2016-01-05 14:50 - 2016-01-05 14:50 - 00000117 _____ C:\WINDOWS\system32\netcfg-1425671.txt
2016-01-05 12:37 - 2016-01-05 12:37 - 00000117 _____ C:\WINDOWS\system32\netcfg-973515.txt
2016-01-05 12:37 - 2016-01-05 12:37 - 00000117 _____ C:\WINDOWS\system32\netcfg-973203.txt
2016-01-05 12:22 - 2016-01-05 12:22 - 00301664 _____ C:\WINDOWS\Minidump\010516-28859-01.dmp
2016-01-05 12:20 - 2016-01-05 12:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HijackThis.exe
2016-01-05 11:55 - 2016-01-05 11:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-98125.txt
2016-01-05 11:53 - 2016-01-05 11:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-13078296.txt
2016-01-05 11:24 - 2016-01-05 11:24 - 00380416 _____ C:\Users\User\Downloads\4oq1bgrf.exe
2016-01-05 11:23 - 2016-01-05 11:23 - 00380416 _____ C:\Users\User\Downloads\8w02tkkf.exe
2016-01-05 10:04 - 2016-01-05 10:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-6537687.txt
2016-01-05 10:04 - 2016-01-05 10:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-6537406.txt
2016-01-05 08:16 - 2016-01-05 08:16 - 00305848 _____ C:\WINDOWS\Minidump\010516-37796-01.dmp
2016-01-05 07:24 - 2016-01-05 07:24 - 00000167 _____ C:\WINDOWS\system32\netcfg-742781.txt
2016-01-05 07:13 - 2016-01-11 14:08 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-05 07:12 - 2016-01-11 14:08 - 742565301 _____ C:\WINDOWS\MEMORY.DMP
2016-01-05 06:42 - 2016-01-05 06:42 - 00380416 _____ C:\Users\User\Downloads\khejppv8.exe
2016-01-05 06:41 - 2016-01-05 06:41 - 00380416 _____ C:\Users\User\Downloads\7b25ro8m.exe
2016-01-05 06:15 - 2016-01-05 06:15 - 00000170 _____ C:\WINDOWS\system32\netcfg-76268796.txt
2016-01-05 06:15 - 2016-01-05 06:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-76255156.txt
2016-01-05 06:15 - 2016-01-05 06:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-76254953.txt
2016-01-05 06:15 - 2016-01-05 06:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-76254671.txt
2016-01-05 06:15 - 2016-01-05 06:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-76253937.txt
2016-01-05 06:04 - 2016-01-05 06:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-75551421.txt
2016-01-05 02:59 - 2016-01-05 02:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-64463640.txt
2016-01-04 12:10 - 2016-01-04 12:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-11130062.txt
2016-01-04 11:22 - 2016-01-04 11:22 - 00000117 _____ C:\WINDOWS\system32\netcfg-8242546.txt
2016-01-04 11:22 - 2016-01-04 11:22 - 00000117 _____ C:\WINDOWS\system32\netcfg-8241812.txt
2016-01-04 11:21 - 2016-01-04 11:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-8179859.txt
2016-01-04 11:19 - 2016-01-04 11:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-8081437.txt
2016-01-04 11:00 - 2016-01-04 11:00 - 00000117 _____ C:\WINDOWS\system32\netcfg-6953890.txt
2016-01-04 11:00 - 2016-01-04 11:00 - 00000117 _____ C:\WINDOWS\system32\netcfg-6941281.txt
2016-01-04 10:49 - 2016-01-04 10:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-6259828.txt
2016-01-04 10:47 - 2016-01-04 10:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-6143906.txt
2016-01-04 10:35 - 2016-01-04 10:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-5442515.txt
2016-01-04 09:04 - 2016-01-04 09:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-17110937.txt
2016-01-04 09:02 - 2016-01-04 09:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-17020140.txt
2016-01-04 07:26 - 2016-01-04 07:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-11211125.txt
2016-01-04 06:57 - 2016-01-04 06:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-9470312.txt
2016-01-04 06:57 - 2016-01-04 06:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-9469875.txt
2016-01-04 06:56 - 2016-01-04 06:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-9466406.txt
2016-01-04 06:38 - 2016-01-04 06:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-8367390.txt
2016-01-04 05:41 - 2016-01-04 05:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-4937203.txt
2016-01-04 04:18 - 2016-01-04 04:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-9431140.txt
2016-01-04 03:53 - 2016-01-04 03:53 - 00001164 _____ C:\WINDOWS\system32\netcfg-7895875.txt
2016-01-04 03:53 - 2016-01-04 03:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-7902390.txt
2016-01-04 03:53 - 2016-01-04 03:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-7896828.txt
2016-01-04 02:02 - 2016-01-04 02:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-1260578.txt
2016-01-04 02:02 - 2016-01-04 02:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-1249671.txt
2016-01-04 01:42 - 2016-01-04 01:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-58890.txt
2016-01-04 01:41 - 2016-01-04 01:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-2306156.txt
2016-01-04 01:34 - 2016-01-04 01:34 - 00000008 _____ C:\END
2016-01-04 01:03 - 2016-01-04 01:03 - 00000117 _____ C:\WINDOWS\system32\netcfg-63468.txt
2016-01-04 01:02 - 2016-01-04 01:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-170521562.txt
2016-01-04 01:02 - 2016-01-04 01:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-170521093.txt
2016-01-03 22:42 - 2016-01-03 22:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-162132578.txt
2016-01-03 22:42 - 2016-01-03 22:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-162125421.txt
2016-01-03 22:39 - 2016-01-03 22:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-161974500.txt
2016-01-03 22:39 - 2016-01-03 22:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-161971750.txt
2016-01-03 21:51 - 2016-01-03 21:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-159087203.txt
2016-01-03 21:51 - 2016-01-03 21:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-159086390.txt
2016-01-03 21:51 - 2016-01-03 21:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-159073484.txt
2016-01-03 21:49 - 2016-01-03 21:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-158969562.txt
2016-01-03 20:30 - 2016-01-03 20:32 - 00000156 _____ C:\WINDOWS\system32\netcfg-154215234.txt
2016-01-03 10:20 - 2016-01-03 10:20 - 00000117 _____ C:\WINDOWS\system32\netcfg-117620578.txt
2016-01-03 10:20 - 2016-01-03 10:20 - 00000117 _____ C:\WINDOWS\system32\netcfg-117615562.txt
2016-01-02 18:50 - 2016-01-02 18:50 - 00001139 _____ C:\WINDOWS\system32\netcfg-61825500.txt
2016-01-02 01:39 - 2016-01-02 01:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-787928093.txt
2016-01-02 01:38 - 2016-01-02 01:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-787900671.txt
2016-01-02 01:38 - 2016-01-02 01:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-787900625.txt
2016-01-02 01:07 - 2016-01-02 01:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-786030093.txt
2016-01-02 01:07 - 2016-01-02 01:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-786030031.txt
2016-01-01 22:55 - 2016-01-01 22:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-778086265.txt
2016-01-01 22:55 - 2016-01-01 22:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-778085937.txt
2016-01-01 21:40 - 2016-01-01 21:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-773606093.txt
2016-01-01 21:40 - 2016-01-01 21:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-773605750.txt
2016-01-01 19:46 - 2016-01-01 19:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-766733468.txt
2016-01-01 19:46 - 2016-01-01 19:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-766733093.txt
2016-01-01 14:47 - 2016-01-01 14:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-748795796.txt
2016-01-01 14:47 - 2016-01-01 14:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-748795750.txt
2016-01-01 13:59 - 2016-01-01 13:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-745938093.txt
2016-01-01 13:59 - 2016-01-01 13:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-745937875.txt
2016-01-01 13:07 - 2016-01-01 13:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-742792906.txt
2016-01-01 13:07 - 2016-01-01 13:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-742792859.txt
2016-01-01 12:29 - 2016-01-01 12:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-740561296.txt
2016-01-01 12:29 - 2016-01-01 12:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-740561093.txt
2016-01-01 10:48 - 2016-01-01 10:48 - 00000117 _____ C:\WINDOWS\system32\netcfg-734496109.txt
2016-01-01 10:48 - 2016-01-01 10:48 - 00000117 _____ C:\WINDOWS\system32\netcfg-734496015.txt
2016-01-01 09:15 - 2016-01-01 09:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-728920531.txt
2016-01-01 09:15 - 2016-01-01 09:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-728920468.txt
2016-01-01 02:49 - 2016-01-01 02:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-705744500.txt
2016-01-01 02:49 - 2016-01-01 02:49 - 00000117 _____ C:\WINDOWS\system32\netcfg-705744421.txt
2015-12-31 21:06 - 2015-12-31 21:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-685127578.txt
2015-12-31 21:06 - 2015-12-31 21:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-685126859.txt
2015-12-31 09:19 - 2015-12-31 09:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-642740734.txt
2015-12-31 09:19 - 2015-12-31 09:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-642740000.txt
2015-12-31 05:58 - 2015-12-31 05:58 - 00000117 _____ C:\WINDOWS\system32\netcfg-630658593.txt
2015-12-31 05:58 - 2015-12-31 05:58 - 00000117 _____ C:\WINDOWS\system32\netcfg-630658359.txt
2015-12-31 05:07 - 2015-12-31 05:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-627640109.txt
2015-12-31 05:07 - 2015-12-31 05:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-627639984.txt
2015-12-31 00:40 - 2015-12-31 00:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-611624953.txt
2015-12-31 00:40 - 2015-12-31 00:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-611624156.txt
2015-12-31 00:38 - 2015-12-31 00:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-611503656.txt
2015-12-31 00:38 - 2015-12-31 00:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-611503609.txt
2015-12-30 21:32 - 2015-12-30 21:32 - 00000117 _____ C:\WINDOWS\system32\netcfg-600314984.txt
2015-12-30 21:32 - 2015-12-30 21:32 - 00000117 _____ C:\WINDOWS\system32\netcfg-600314937.txt
2015-12-30 20:53 - 2015-12-30 20:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-597970265.txt
2015-12-30 20:53 - 2015-12-30 20:53 - 00000117 _____ C:\WINDOWS\system32\netcfg-597968312.txt
2015-12-30 12:24 - 2015-12-30 12:24 - 00000117 _____ C:\WINDOWS\system32\netcfg-567418140.txt
2015-12-30 12:23 - 2015-12-30 12:24 - 00000117 _____ C:\WINDOWS\system32\netcfg-567416796.txt
2015-12-30 08:41 - 2015-12-30 08:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-554067593.txt
2015-12-30 08:41 - 2015-12-30 08:41 - 00000117 _____ C:\WINDOWS\system32\netcfg-554067156.txt
2015-12-30 07:47 - 2015-12-30 07:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-550857015.txt
2015-12-30 07:47 - 2015-12-30 07:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-550851171.txt
2015-12-30 00:59 - 2015-12-30 00:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-526382171.txt
2015-12-30 00:59 - 2015-12-30 00:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-526381765.txt
2015-12-29 14:21 - 2015-12-29 14:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-488080875.txt
2015-12-29 14:21 - 2015-12-29 14:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-488080843.txt
2015-12-29 12:35 - 2015-12-29 12:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-481692296.txt
2015-12-29 12:35 - 2015-12-29 12:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-481692234.txt
2015-12-29 04:25 - 2015-12-29 04:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-452328843.txt
2015-12-29 04:25 - 2015-12-29 04:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-452328468.txt
2015-12-28 23:31 - 2015-12-28 23:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-434699656.txt
2015-12-28 23:31 - 2015-12-28 23:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-434699578.txt
2015-12-28 17:35 - 2015-12-28 17:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-413297640.txt
2015-12-28 17:35 - 2015-12-28 17:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-413295328.txt
2015-12-28 14:29 - 2015-12-28 14:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-402180140.txt
2015-12-28 14:29 - 2015-12-28 14:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-402179296.txt
2015-12-28 13:12 - 2015-12-28 13:12 - 00000117 _____ C:\WINDOWS\system32\netcfg-397534531.txt
2015-12-28 13:12 - 2015-12-28 13:12 - 00000117 _____ C:\WINDOWS\system32\netcfg-397533593.txt
2015-12-28 11:28 - 2015-12-28 11:28 - 00000117 _____ C:\WINDOWS\system32\netcfg-391275593.txt
2015-12-28 11:28 - 2015-12-28 11:28 - 00000117 _____ C:\WINDOWS\system32\netcfg-391275093.txt
2015-12-27 23:38 - 2015-12-27 23:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-348686593.txt
2015-12-27 23:38 - 2015-12-27 23:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-348686109.txt
2015-12-27 21:26 - 2015-12-27 21:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-340750093.txt
2015-12-27 21:26 - 2015-12-27 21:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-340749093.txt
2015-12-27 20:07 - 2015-12-27 20:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-336049593.txt
2015-12-27 20:07 - 2015-12-27 20:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-336049468.txt
2015-12-27 19:30 - 2015-12-27 19:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-333802375.txt
2015-12-27 19:30 - 2015-12-27 19:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-333802234.txt
2015-12-27 10:59 - 2015-12-27 10:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-303181593.txt
2015-12-27 10:59 - 2015-12-27 10:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-303181015.txt
2015-12-27 10:29 - 2015-12-27 10:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-301381265.txt
2015-12-27 10:29 - 2015-12-27 10:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-301381109.txt
2015-12-25 16:10 - 2015-12-25 16:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-148984500.txt
2015-12-25 16:10 - 2015-12-25 16:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-148984437.txt
2015-12-25 10:29 - 2015-12-25 10:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-128581593.txt
2015-12-25 10:29 - 2015-12-25 10:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-128580796.txt
2015-12-24 20:25 - 2015-12-24 20:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-77913359.txt
2015-12-24 20:25 - 2015-12-24 20:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-77913203.txt
2015-12-24 17:05 - 2015-12-24 17:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-65931156.txt
2015-12-24 17:05 - 2015-12-24 17:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-65930453.txt
2015-12-24 13:11 - 2015-12-24 13:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-51874015.txt
2015-12-24 11:30 - 2015-12-24 11:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-45796781.txt
2015-12-24 11:29 - 2015-12-24 11:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-45775781.txt
2015-12-24 11:29 - 2015-12-24 11:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-45766296.txt
2015-12-24 11:27 - 2015-12-24 11:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-45634312.txt
2015-12-24 11:27 - 2015-12-24 11:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-45633500.txt
2015-12-23 22:47 - 2015-12-23 22:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-45875.txt
2015-12-23 22:46 - 2015-12-23 22:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-6777375.txt
2015-12-23 20:54 - 2015-12-23 20:54 - 00000117 _____ C:\WINDOWS\system32\netcfg-59750.txt
2015-12-23 20:52 - 2015-12-23 20:52 - 00000117 _____ C:\WINDOWS\system32\netcfg--1111340406.txt
2015-12-18 13:02 - 2015-12-18 13:02 - 00000117 _____ C:\WINDOWS\system32\netcfg--1571552234.txt
2015-12-18 13:02 - 2015-12-18 13:02 - 00000117 _____ C:\WINDOWS\system32\netcfg--1571552187.txt
2015-12-18 11:16 - 2015-12-18 11:16 - 00000117 _____ C:\WINDOWS\system32\netcfg--1577907250.txt
2015-12-18 11:16 - 2015-12-18 11:16 - 00000117 _____ C:\WINDOWS\system32\netcfg--1577906515.txt
2015-12-17 23:50 - 2015-12-17 23:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--1619096843.txt
2015-12-17 23:50 - 2015-12-17 23:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--1619082000.txt
2015-12-17 23:50 - 2015-12-17 23:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--1619076859.txt
2015-12-17 23:50 - 2015-12-17 23:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--1619073781.txt
2015-12-17 13:54 - 2015-12-17 13:54 - 00000117 _____ C:\WINDOWS\system32\netcfg--1654807687.txt
2015-12-17 13:54 - 2015-12-17 13:54 - 00000117 _____ C:\WINDOWS\system32\netcfg--1654807640.txt
2015-12-17 13:54 - 2015-12-17 13:54 - 00000117 _____ C:\WINDOWS\system32\netcfg--1654807593.txt
2015-12-17 11:01 - 2015-12-17 11:01 - 00000117 _____ C:\WINDOWS\system32\netcfg--1665179921.txt
2015-12-17 10:58 - 2015-12-17 10:58 - 00000117 _____ C:\WINDOWS\system32\netcfg--1665395921.txt
2015-12-17 10:58 - 2015-12-17 10:58 - 00000117 _____ C:\WINDOWS\system32\netcfg--1665395875.txt
2015-12-17 02:44 - 2015-12-17 02:44 - 00000117 _____ C:\WINDOWS\system32\netcfg--1695008765.txt
2015-12-17 02:44 - 2015-12-17 02:44 - 00000117 _____ C:\WINDOWS\system32\netcfg--1695007812.txt
2015-12-15 04:13 - 2015-12-15 04:13 - 00000117 _____ C:\WINDOWS\system32\netcfg--1862512546.txt
2015-12-15 04:12 - 2015-12-15 04:13 - 00000117 _____ C:\WINDOWS\system32\netcfg--1862515796.txt
2015-12-14 17:03 - 2015-12-14 17:03 - 00000117 _____ C:\WINDOWS\system32\netcfg--1902664296.txt
2015-12-14 17:03 - 2015-12-14 17:03 - 00000117 _____ C:\WINDOWS\system32\netcfg--1902663890.txt
2015-12-14 09:42 - 2015-12-14 09:42 - 00000117 _____ C:\WINDOWS\system32\netcfg--1929132718.txt
2015-12-14 09:42 - 2015-12-14 09:42 - 00000117 _____ C:\WINDOWS\system32\netcfg--1929129906.txt
2015-12-14 09:40 - 2015-12-14 09:41 - 00000117 _____ C:\WINDOWS\system32\netcfg--1929235187.txt
2015-12-14 09:40 - 2015-12-14 09:40 - 00000117 _____ C:\WINDOWS\system32\netcfg--1929237890.txt
2015-12-13 04:50 - 2015-12-13 04:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--2033064015.txt
2015-12-13 04:50 - 2015-12-13 04:50 - 00000117 _____ C:\WINDOWS\system32\netcfg--2033062187.txt
C:\Users\User\AppData\Local\Temp\catchme.dll
C:\Users\User\AppData\Local\Temp\kis_setup.exe
C:\Users\User\AppData\Local\Temp\PROCEXP64.exe
C:\Users\User\AppData\Local\Temp\uc_english.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Please post the logs for my review.

I also want to see the Addition.txt file that was created by the Farbar tool the first time you used the tool.
Please post it.


Please give me more information on the nature of you problems.

#4 ryanuts

ryanuts
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:san diego
  • Local time:07:59 PM

Posted 15 January 2016 - 05:36 AM

I have been Hacked there is some sort of virtual machine going on and i don't want to post any informatiom that could result in action against me. PLease help thanks Getting this guys(or girls) Real IP address would be a great start. Hopefully he is in the US.

Thank you. PLease help!!!!!!!!!!!!!!!!



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 PM

Posted 15 January 2016 - 10:56 AM

This is not my forte.

I suggest you start a new topic in the Networking forum.
Someone may be able to help you.

http://www.bleepingcomputer.com/forums/f/21/networking/

Good luck.

#6 ryanuts

ryanuts
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:san diego
  • Local time:07:59 PM

Posted 15 January 2016 - 09:32 PM

ok thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users