Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

javaraws.exe*32 infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 sc4s2cg

sc4s2cg

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 20 January 2016 - 09:14 PM

javaraws.exe*32 appears under task manager hundreds of times in the row, it opens new instances each second. This obviously slows my computer down to the point of inoperability. Curiously it just closes randomly for up to 30-60 minutes at a time before restarting.

 

I attached the FRST and Addition text files below, although at the time of scanning the javaraws.exe*32 was not running. I did scan with everything that was suggested in this post, but no none of the programs found anything. I also used JavaRa to uninstall java runtime.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by Anya (administrator) on ANYA-PC (20-01-2016 20:57:21)
Running from C:\Users\Anya\Desktop
Loaded Profiles: Anya (Available Profiles: Anya)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
(Spotify Ltd) C:\Users\Anya\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Anya\AppData\Roaming\Spotify\Spotify.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\Anya\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFViewer\PdfPro7Hook.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Spotify Ltd) C:\Users\Anya\AppData\Roaming\Spotify\SpotifyCrashService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Spotify Ltd) C:\Users\Anya\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Anya\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Anya\Desktop\e4lzsqy7.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [36168 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [18248 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDFViewer\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [605512 2013-03-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140616 2013-03-26] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\...\Run: [Spotify Web Helper] => C:\Users\Anya\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-20] (Spotify Ltd)
HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\...\Run: [Spotify] => C:\Users\Anya\AppData\Roaming\Spotify\Spotify.exe [8316528 2016-01-20] (Spotify Ltd)
HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\...\Run: [GoogleChromeAutoLaunch_D67B43E2A43952E18801C144FDAA8D60] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748360 2016-01-12] (Google Inc.)
HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50385536 2015-12-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\...\Run: [BingSvc] => C:\Users\Anya\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-08] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2016-01-16] (Siber Systems)
HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\...\MountPoints2: {81e81a7c-250b-11e5-8eed-94de80305fcd} - V:\SETUP.EXE
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D2BF02CA-056D-47A1-895E-836D39E562FE}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1876110180-2343862886-1710493278-1000 -> DefaultScope {2683BAB5-4253-404C-A613-969F8D6B82ED} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US0D20151211&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1876110180-2343862886-1710493278-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2IDF&PC=SK2I&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1876110180-2343862886-1710493278-1000 -> {2683BAB5-4253-404C-A613-969F8D6B82ED} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US0D20151211&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1876110180-2343862886-1710493278-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={5347F41A-C994-404D-9739-FF39DDDE387A}&mid=54c4959e1ae447cd9d674597c6d4b63e-11230d80b32f8914698fdc4597b3016d5679a6ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2015-07-07 15:48:29&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-01-16] (Siber Systems Inc.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-07-07] (LastPass)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll [2015-12-23] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-25] (Zeon Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-07-07] (LastPass)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-01-16] (Siber Systems Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll [2015-12-23] (McAfee, Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-07-07] (LastPass)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-01-16] (Siber Systems Inc.)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-25] (Zeon Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll [2015-12-23] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1876110180-2343862886-1710493278-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1876110180-2343862886-1710493278-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-01-16] (Siber Systems Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll [2015-12-23] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll [2015-12-23] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll [2015-12-23] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll [2015-12-23] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\mcsniepl64.dll [2015-09-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll [2015-09-03] (McAfee, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-21] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\4aq28znp.default
FF DefaultSearchEngine: Bing 
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: about:home
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2IDF&PC=SK2I&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-07-07] (LastPass)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\program files\mcafee\msc\npmcsnffpl64.dll [2015-09-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-07-07] (LastPass)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\program files (x86)\mcafee\msc\npmcsnffpl.dll [2015-09-03] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1876110180-2343862886-1710493278-1000: jpl.nasa.gov/NASAEyes -> C:\Users\Anya\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2015-07-08] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2006-10-22] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\4aq28znp.default\searchplugins\bing-.xml [2016-01-08]
FF SearchPlugin: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\4aq28znp.default\searchplugins\McSiteAdvisor.xml [2016-01-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-12-16]
FF Extension: LastPass - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\4aq28znp.default\extensions\support@lastpass.com [2016-01-07]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF Extension: uBlock Origin - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\4aq28znp.default\Extensions\uBlock0@raymondhill.net.xpi [2016-01-11]
FF Extension: YouTube Flash Video Player - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\4aq28znp.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2016-01-12]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-01-16]
FF HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-07]
CHR Extension: (Google Docs) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-07]
CHR Extension: (Google Drive) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
CHR Extension: (Google Search) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Bing) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-01-09]
CHR Extension: (Google Sheets) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-07]
CHR Extension: (SiteAdvisor) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-12-13]
CHR Extension: (Google Docs Offline) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-07-08]
CHR Extension: (Kami (formerly Notable PDF)) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljojpiodmlhoehoecppliohmplbgeij [2015-08-22]
CHR Extension: (PDF Viewer) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccchjobcggajhnmckffhcahkkbioifn [2015-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-07]
CHR Extension: (RoboForm Password Manager) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-11-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-05]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-07-08]
CHR HKU\S-1-5-21-1876110180-2343862886-1710493278-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-07-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-07-07] (Macrovision Europe Ltd.) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe [154856 2015-12-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754792 2015-09-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-14] (Nuance Communications, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-20] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
S3 cpuz134; \??\C:\Users\Anya\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
U3 kxldrpow; \??\C:\Users\Anya\AppData\Local\Temp\kxldrpow.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-20 20:57 - 2016-01-20 20:57 - 00034129 _____ C:\Users\Anya\Desktop\FRST.txt
2016-01-20 20:56 - 2016-01-20 20:57 - 00000000 ____D C:\FRST
2016-01-20 20:56 - 2016-01-20 20:56 - 02370560 _____ (Farbar) C:\Users\Anya\Desktop\FRST64.exe
2016-01-20 20:55 - 2016-01-20 20:56 - 00000000 ____D C:\Users\Anya\Desktop\JavaRa-2.6
2016-01-20 20:39 - 2016-01-20 20:45 - 00000000 ____D C:\Users\Anya\AppData\Local\NPE
2016-01-20 20:39 - 2016-01-20 20:39 - 00000000 ____D C:\ProgramData\Norton
2016-01-20 20:30 - 2016-01-20 20:30 - 00184620 _____ C:\Users\Anya\Desktop\JavaRa-2.6.1.zip
2016-01-20 20:29 - 2016-01-20 20:29 - 00380416 _____ C:\Users\Anya\Desktop\e4lzsqy7.exe
2016-01-20 20:28 - 2016-01-20 20:28 - 03088296 _____ (Symantec Corporation) C:\Users\Anya\Desktop\NPE.exe
2016-01-20 20:27 - 2016-01-20 20:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-20 20:27 - 2016-01-20 20:27 - 00000000 ____D C:\Users\Anya\Desktop\mbar
2016-01-20 20:26 - 2016-01-20 20:26 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Anya\Desktop\mbar-1.09.3.1001.exe
2016-01-20 20:13 - 2016-01-20 20:27 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-20 20:13 - 2016-01-20 20:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-20 20:13 - 2016-01-20 20:13 - 00001132 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-20 20:13 - 2016-01-20 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-20 20:13 - 2016-01-20 20:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-20 20:13 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-20 20:13 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-20 20:12 - 2016-01-20 20:12 - 22908888 _____ (Malwarebytes ) C:\Users\Anya\Desktop\mbam-setup-2.2.0.1024.exe
2016-01-20 20:10 - 2016-01-20 20:11 - 00003264 _____ C:\Users\Anya\Desktop\Rkill.txt
2016-01-20 20:10 - 2016-01-20 20:10 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Anya\Desktop\iExplore64.exe
2016-01-20 20:09 - 2016-01-20 20:09 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Anya\Desktop\iExplore.exe
2016-01-20 20:03 - 2016-01-20 20:03 - 00448512 _____ (OldTimer Tools) C:\Users\Anya\Downloads\TFC.exe
2016-01-20 19:58 - 2016-01-20 19:58 - 00184620 _____ C:\Users\Anya\Downloads\JavaRa-2.6.1.zip
2016-01-20 18:49 - 2016-01-20 18:50 - 00000000 ____D C:\Users\Anya\Desktop\forditas
2016-01-20 09:58 - 2016-01-20 09:58 - 00129423 _____ C:\Users\Anya\Downloads\EUA AVG final.pdf
2016-01-20 09:57 - 2016-01-20 09:57 - 00038439 _____ C:\Users\Anya\Downloads\3102616023.pdf
2016-01-19 15:14 - 2016-01-19 15:14 - 00475160 _____ C:\Users\Anya\Downloads\Repair financing application.pdf
2016-01-19 15:14 - 2016-01-19 15:14 - 00031653 _____ C:\Users\Anya\Downloads\0112 - Transmission - Fontana CA.pdf
2016-01-19 13:42 - 2016-01-19 14:04 - 00178314 _____ C:\Users\Anya\Documents\Acrobat Document.pdf
2016-01-19 12:53 - 2016-01-19 12:53 - 00047424 _____ C:\Users\Anya\Downloads\1098e_interest_statement.pdf
2016-01-18 14:41 - 2016-01-18 14:41 - 00089108 _____ C:\Users\Anya\Downloads\FAX_20160118_1453146054_150.pdf
2016-01-16 12:38 - 2016-01-16 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2016-01-14 17:16 - 2016-01-14 17:16 - 00289627 _____ C:\Users\Anya\Downloads\SKMBT_C55415020213430.pdf
2016-01-14 15:52 - 2016-01-14 15:52 - 00143161 _____ C:\Users\Anya\Downloads\FAX_20151023_1445631704_124 (2).pdf
2016-01-14 15:41 - 2016-01-14 15:41 - 00061320 _____ C:\Users\Anya\Downloads\FAX_20151023_1445637723_64 (1).pdf
2016-01-14 15:17 - 2016-01-14 15:17 - 00110280 _____ C:\Users\Anya\Downloads\FAX_20151209_1449689527_33 (2).pdf
2016-01-14 13:45 - 2016-01-14 13:45 - 00067384 _____ C:\Users\Anya\Downloads\FAX_20150528_1432838384_159 (1).pdf
2016-01-14 13:31 - 2016-01-14 13:31 - 00024835 _____ C:\Users\Anya\Downloads\FAX_20141022_1413937526_34.pdf
2016-01-13 19:55 - 2016-01-13 19:55 - 00018524 _____ C:\Users\Anya\Downloads\FAX_20160114_1452732840_105.pdf
2016-01-13 19:55 - 2016-01-13 19:55 - 00018524 _____ C:\Users\Anya\Downloads\FAX_20160114_1452732840_105 (1).pdf
2016-01-13 11:29 - 2016-01-13 11:29 - 00426473 _____ C:\Users\Anya\Downloads\LoadDocument_6497339_01132016_100304.pdf
2016-01-13 11:25 - 2016-01-13 11:25 - 00253886 _____ C:\Users\Anya\Downloads\LoadDocument_6497339_01132016_112429.pdf
2016-01-13 10:52 - 2016-01-13 10:52 - 00351040 _____ C:\Users\Anya\Downloads\COOLANTK1.pdf
2016-01-12 22:08 - 2016-01-12 22:08 - 00000000 ____D C:\Windows\system32\SPReview
2016-01-12 19:36 - 2016-01-12 19:36 - 00155192 _____ C:\Users\Anya\Downloads\FAX_20160112_1452641404_16.pdf
2016-01-12 15:44 - 2016-01-12 15:44 - 00131916 _____ C:\Users\Anya\Downloads\FAX_20160112_1452628690_92.pdf
2016-01-12 14:35 - 2016-01-12 14:36 - 01055398 _____ C:\Users\Anya\Downloads\16 - 0108 - S - CHR. - BOL.pdf
2016-01-11 16:45 - 2016-01-11 16:45 - 00135405 _____ C:\Users\Anya\Downloads\Form1095a.pdf
2016-01-11 16:29 - 2016-01-11 16:29 - 00203398 _____ C:\Users\Anya\Downloads\EligibilityNotice (4).pdf
2016-01-11 16:05 - 2016-01-11 16:05 - 00203398 _____ C:\Users\Anya\Downloads\EligibilityNotice (3).pdf
2016-01-11 15:56 - 2016-01-11 15:57 - 01189342 _____ C:\Users\Anya\Documents\med2pet.pdf
2016-01-11 15:51 - 2016-01-11 15:51 - 00148892 _____ C:\Users\Anya\Documents\med1.pdf
2016-01-10 20:36 - 2016-01-10 20:36 - 01018575 _____ C:\Users\Anya\Downloads\GATESSTEVENIandCSILLAAfinal.pdf
2016-01-10 20:30 - 2016-01-10 20:30 - 01016233 _____ C:\Users\Anya\Downloads\GATESSTEVENIandCSILLAA (1).pdf
2016-01-10 20:07 - 2016-01-10 20:07 - 00946256 _____ C:\Users\Anya\Downloads\2014 Gates, S & C 1040 T-R.pdf
2016-01-09 14:36 - 2016-01-09 14:36 - 00862893 _____ C:\Users\Anya\Downloads\MARVIN INVOICE (1).pdf
2016-01-09 14:36 - 2016-01-09 14:36 - 00341712 _____ C:\Users\Anya\Downloads\MARVIN BODY SHOP (1).pdf
2016-01-09 14:28 - 2016-01-09 14:28 - 00862893 _____ C:\Users\Anya\Downloads\MARVIN INVOICE.pdf
2016-01-09 14:28 - 2016-01-09 14:28 - 00341712 _____ C:\Users\Anya\Downloads\MARVIN BODY SHOP.pdf
2016-01-09 11:34 - 2016-01-09 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2016-01-09 11:33 - 2016-01-09 13:51 - 00000000 ____D C:\Brother
2016-01-09 11:33 - 2016-01-09 11:33 - 00000000 ____D C:\Program Files (x86)\Browny02
2016-01-09 11:33 - 2016-01-09 11:33 - 00000000 ____D C:\Program Files (x86)\Brother
2016-01-09 11:33 - 2010-08-02 20:57 - 00217088 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2016-01-09 11:33 - 2010-03-15 19:56 - 00002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2016-01-09 11:33 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2016-01-09 11:33 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2016-01-09 11:32 - 2016-01-09 11:32 - 00000000 ____D C:\Users\Anya\Downloads\install
2016-01-09 11:31 - 2016-01-09 11:31 - 40827177 _____ (A.I.SOFT,INC.) C:\Users\Anya\Downloads\HL-2270DW-inst-C1-useu.EXE
2016-01-09 10:56 - 2016-01-09 10:56 - 00645729 _____ (WDS Team) C:\Users\Anya\Downloads\windirstat1_1_2_setup(1).exe
2016-01-08 10:16 - 2016-01-08 10:25 - 00921624 _____ C:\DC6810xp-001.raw
2016-01-07 20:38 - 2016-01-07 20:38 - 00307337 _____ C:\Users\Anya\Downloads\MacroPoint.pdf
2016-01-07 20:38 - 2016-01-07 20:38 - 00307337 _____ C:\Users\Anya\Downloads\MacroPoint (1).pdf
2016-01-07 20:23 - 2016-01-07 20:32 - 00122926 _____ C:\Users\Anya\Downloads\Profile.pdf
2016-01-07 20:23 - 2016-01-07 20:23 - 00548158 _____ C:\Users\Anya\Downloads\PAYMENT PROCESS (1).pdf
2016-01-07 20:00 - 2016-01-07 20:12 - 00585336 _____ C:\Users\Anya\Downloads\PAYMENT PROCESS.pdf
2016-01-07 20:00 - 2016-01-07 20:00 - 00209104 _____ C:\Users\Anya\Downloads\2012 carrier ref (1).pdf
2016-01-07 19:59 - 2016-01-07 19:59 - 00504736 _____ C:\Users\Anya\Downloads\BMC85.pdf
2016-01-07 19:58 - 2016-01-07 19:58 - 00209104 _____ C:\Users\Anya\Downloads\2012 carrier ref.pdf
2016-01-07 19:50 - 2016-01-07 19:58 - 06462987 _____ C:\Users\Anya\Downloads\Broker Carrier Innards 01-01-2015.pdf
2016-01-07 19:50 - 2016-01-07 19:51 - 06421416 _____ C:\Users\Anya\Downloads\Broker Carrier Innards 01-01-2015 (1).pdf
2016-01-07 15:56 - 2016-01-08 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-07 15:34 - 2016-01-07 15:34 - 00027406 _____ C:\Users\Anya\Downloads\FAX_20160107_1452198809_136.pdf
2016-01-07 13:21 - 2016-01-07 13:21 - 03012901 _____ C:\Users\Anya\Downloads\Menuk es receptek.pdf
2016-01-07 12:32 - 2016-01-07 12:32 - 00006002 _____ C:\Users\Anya\Downloads\SSR_TSRPT (1).pdf
2016-01-07 12:28 - 2016-01-07 12:28 - 00006002 _____ C:\Users\Anya\Downloads\SSR_TSRPT.pdf
2016-01-07 10:27 - 2016-01-07 10:27 - 00003010 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe
2016-01-07 10:25 - 2016-01-07 10:25 - 00002047 _____ C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2016-01-07 10:25 - 2016-01-07 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2016-01-07 10:24 - 2016-01-07 10:24 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2016-01-07 10:24 - 2016-01-07 10:24 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2016-01-07 10:24 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-01-07 10:24 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-01-07 09:54 - 2016-01-07 09:54 - 00046806 _____ C:\Users\Anya\Downloads\FAX_20160107_1452178408_51.pdf
2016-01-04 17:21 - 2016-01-04 17:21 - 00839590 _____ C:\Users\Anya\Downloads\FAX_20160104_1451945982_111.pdf
2016-01-04 11:25 - 2016-01-04 11:25 - 00129382 _____ C:\Users\Anya\Documents\leo.pdf
2016-01-04 10:07 - 2016-01-04 10:07 - 00173366 _____ C:\Users\Anya\Downloads\15 - 1230 - S - Mercer - bol_1.pdf
2016-01-01 15:50 - 2016-01-08 12:06 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-01-01 15:50 - 2016-01-01 15:50 - 00000000 ____D C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-01-01 09:41 - 2016-01-01 09:41 - 00001179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-31 12:50 - 2015-12-31 12:50 - 00139460 _____ C:\Users\Anya\Downloads\EligibilityNotice (2).pdf
2015-12-31 12:49 - 2015-12-31 12:49 - 00203398 _____ C:\Users\Anya\Downloads\EligibilityNotice (1).pdf
2015-12-31 12:05 - 2015-12-31 12:05 - 00146993 _____ C:\Users\Anya\Documents\hc2016.pdf
2015-12-30 09:54 - 2015-12-30 09:54 - 00339498 _____ C:\Users\Anya\Downloads\15 - 1228 - S - CHR - bol.pdf
2015-12-29 11:59 - 2015-12-29 11:59 - 00004206 _____ C:\Users\Anya\Downloads\LANDSTARSTATEMENT (2).pdf
2015-12-29 11:58 - 2015-12-29 11:58 - 00003242 _____ C:\Users\Anya\Downloads\LANDSTARSTATEMENT.pdf
2015-12-29 11:58 - 2015-12-29 11:58 - 00003242 _____ C:\Users\Anya\Downloads\LANDSTARSTATEMENT (1).pdf
2015-12-28 21:13 - 2015-12-28 21:13 - 00998378 _____ C:\Users\Anya\Downloads\Label-360513849.pdf
2015-12-28 18:57 - 2015-12-28 18:57 - 00094490 _____ C:\Users\Anya\Documents\Amazon.pdf
2015-12-28 14:00 - 2015-12-28 14:00 - 00064904 _____ C:\Users\Anya\Downloads\doc444717872.pdf
2015-12-28 13:16 - 2015-12-28 13:16 - 00075908 _____ C:\Users\Anya\Downloads\FAX_20151228_1451322377_9.pdf
2015-12-28 13:02 - 2015-12-28 13:02 - 00008408 _____ C:\Users\Anya\Downloads\CarrierConfirmSheetReport (1) (1).pdf
2015-12-28 12:37 - 2015-12-28 12:37 - 00008408 _____ C:\Users\Anya\Downloads\CarrierConfirmSheetReport (1).pdf
2015-12-28 10:28 - 2015-12-28 10:28 - 00044972 _____ C:\Users\Anya\Downloads\15 - 1223 -  LTr - CHR - bol.pdf
2015-12-26 11:05 - 2016-01-14 15:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-26 11:05 - 2015-12-26 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-24 12:43 - 2015-12-24 12:43 - 00022211 _____ C:\Users\Anya\Downloads\15 - 1224 - S - PDS- advance.pdf
2015-12-24 10:39 - 2015-12-24 10:39 - 00003268 _____ C:\Windows\System32\Tasks\{190F99F9-1152-4FC0-BAA0-F1D79040CD17}
2015-12-24 10:11 - 2015-12-24 10:11 - 00401112 _____ C:\Users\Anya\Downloads\15 - 1223 - S - Hubgroup - bol.pdf
2015-12-24 09:08 - 2015-12-24 09:08 - 00250294 _____ C:\Users\Anya\Downloads\Doc (18).pdf
2015-12-23 15:20 - 2015-12-23 15:20 - 00482442 _____ C:\Users\Anya\Downloads\SKM_454e15122215210 (9).pdf
2015-12-23 15:20 - 2015-12-23 15:20 - 00482442 _____ C:\Users\Anya\Downloads\SKM_454e15122215210 (8).pdf
2015-12-23 15:17 - 2015-12-23 15:17 - 00482442 _____ C:\Users\Anya\Downloads\SKM_454e15122215210 (7).pdf
2015-12-23 15:17 - 2015-12-23 15:17 - 00482442 _____ C:\Users\Anya\Downloads\SKM_454e15122215210 (6).pdf
2015-12-23 15:17 - 2015-12-23 15:17 - 00482442 _____ C:\Users\Anya\Downloads\SKM_454e15122215210 (5).pdf
2015-12-23 15:16 - 2015-12-23 15:16 - 00482442 _____ C:\Users\Anya\Downloads\SKM_454e15122215210.pdf
2015-12-23 15:16 - 2015-12-23 15:16 - 00482442 _____ C:\Users\Anya\Downloads\SKM_454e15122215210 (4).pdf
2015-12-23 15:16 - 2015-12-23 15:16 - 00482442 _____ C:\Users\Anya\Downloads\SKM_454e15122215210 (3).pdf
2015-12-23 15:16 - 2015-12-23 15:16 - 00482442 _____ C:\Users\Anya\Downloads\SKM_454e15122215210 (2).pdf
2015-12-23 15:16 - 2015-12-23 15:16 - 00482442 _____ C:\Users\Anya\Downloads\SKM_454e15122215210 (1).pdf
2015-12-23 14:41 - 2015-12-23 15:21 - 00562656 _____ C:\Users\Anya\Downloads\FAX_20151223_1450899258_62.pdf
2015-12-23 12:51 - 2015-12-23 12:51 - 00065614 _____ C:\Users\Anya\Downloads\doc443997609.pdf
2015-12-23 12:47 - 2015-12-23 12:47 - 00101687 _____ C:\Users\Anya\Downloads\FAX_20151223_1450890316_10 (1).pdf
2015-12-23 12:23 - 2015-12-23 12:23 - 00101687 _____ C:\Users\Anya\Downloads\FAX_20151223_1450890316_10.pdf
2015-12-23 10:48 - 2015-12-23 10:48 - 00103261 _____ C:\Users\Anya\Downloads\Statement (3).pdf
2015-12-23 10:23 - 2015-12-23 10:23 - 00015404 _____ C:\Users\Anya\Downloads\12053123901.pdf
2015-12-23 10:10 - 2015-12-23 10:10 - 00226061 _____ C:\Users\Anya\Downloads\15 - 1222b - S - CHR - bol.pdf
2015-12-22 12:12 - 2015-12-22 12:12 - 00233374 _____ C:\Users\Anya\Downloads\15 - 1222 - S - CHR - bol.pdf
2015-12-22 08:51 - 2015-12-22 08:51 - 00065570 _____ C:\Users\Anya\Downloads\doc442765941.pdf
2015-12-22 08:48 - 2015-12-22 08:48 - 00064734 _____ C:\Users\Anya\Downloads\doc443254162 (1).pdf
2015-12-22 08:30 - 2015-12-22 08:30 - 00220683 _____ C:\Users\Anya\Downloads\15 - 1221 - S - CHR - bol.pdf
2015-12-21 12:47 - 2015-12-21 12:47 - 00015082 _____ C:\Users\Anya\Downloads\12052641901.pdf
2015-12-21 11:50 - 2015-12-21 11:50 - 00241997 _____ C:\Users\Anya\Downloads\15 - 1217 - S - CHR - bol.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-20 20:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-20 20:51 - 2015-07-07 14:33 - 00000000 ____D C:\Users\Anya\AppData\Roaming\Skype
2016-01-20 20:40 - 2015-07-07 14:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-20 20:35 - 2015-07-07 14:24 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-20 20:24 - 2015-07-07 14:24 - 00000000 ____D C:\Users\Anya\AppData\Roaming\Spotify
2016-01-20 20:15 - 2009-07-13 23:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-20 20:15 - 2009-07-13 23:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-20 20:12 - 2015-08-29 14:23 - 00688130 _____ C:\Windows\system32\perfh00E.dat
2016-01-20 20:12 - 2015-08-29 14:23 - 00172640 _____ C:\Windows\system32\perfc00E.dat
2016-01-20 20:12 - 2009-07-14 00:13 - 01634882 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-20 20:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-20 20:08 - 2015-07-07 14:24 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-20 20:08 - 2015-07-07 14:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-20 20:08 - 2015-07-07 14:24 - 00000000 ____D C:\Users\Anya\AppData\Local\Spotify
2016-01-20 20:08 - 2015-07-07 13:21 - 00000000 ____D C:\Users\Anya
2016-01-20 20:08 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-20 20:05 - 2015-07-07 14:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-20 20:05 - 2015-07-07 14:22 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-20 20:04 - 2015-07-07 14:23 - 00000000 ____D C:\Program Files\Java
2016-01-20 19:52 - 2015-10-26 11:16 - 00000000 ____D C:\ProgramData\Avg
2016-01-20 19:52 - 2015-07-07 14:26 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-20 19:26 - 2015-10-26 10:17 - 00000000 ____D C:\Users\Anya\AppData\Local\AvgSetupLog
2016-01-20 19:06 - 2015-07-07 20:53 - 00000000 ____D C:\Users\Anya\AppData\Roaming\.oit
2016-01-20 19:01 - 2015-07-08 14:26 - 00000000 ____D C:\Users\Anya\Documents\Amazon Downloader Logs
2016-01-20 19:01 - 2015-07-07 14:42 - 00000000 ____D C:\Users\Anya\Documents\Custom Office Templates
2016-01-20 19:00 - 2015-07-07 14:42 - 00000000 _____ C:\Users\Anya\Documents\Nuance Image Printer Writer Port
2016-01-20 18:57 - 2015-07-07 20:12 - 00000000 ____D C:\ProgramData\TEMP
2016-01-20 18:56 - 2015-07-07 14:27 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-20 18:56 - 2015-07-07 14:26 - 00000000 ____D C:\ProgramData\MFAData
2016-01-20 18:50 - 2015-08-02 16:29 - 00000000 ____D C:\Users\Anya\Desktop\fotok
2016-01-20 18:35 - 2015-10-09 12:49 - 00000000 ____D C:\Users\Anya\Desktop\VIDEOK
2016-01-20 18:27 - 2015-07-07 14:59 - 00000000 ____D C:\Users\Anya\AppData\LocalLow\LastPass
2016-01-20 15:46 - 2015-12-14 14:22 - 00000000 ____D C:\Users\Anya\Desktop\ELSZAMOLAS
2016-01-20 10:35 - 2015-12-11 13:01 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-01-20 10:35 - 2015-08-10 08:31 - 00000000 ____D C:\ProgramData\McAfee
2016-01-19 20:55 - 2015-07-07 21:32 - 00000000 ___RD C:\Users\Anya\Virtual Machines
2016-01-19 18:03 - 2015-07-07 14:25 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-19 18:03 - 2015-07-07 14:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-19 18:03 - 2015-07-07 14:25 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-19 17:29 - 2015-07-07 20:05 - 00000000 ____D C:\Program Files\KMSpico
2016-01-14 19:07 - 2015-07-07 21:49 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-14 08:05 - 2015-07-07 14:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 08:05 - 2015-07-07 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 20:19 - 2015-12-09 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 20:19 - 2015-07-07 19:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 20:16 - 2015-11-11 18:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-13 20:16 - 2015-07-07 14:37 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 20:07 - 2015-07-07 14:37 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 20:05 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2016-01-10 10:19 - 2015-12-04 08:14 - 00000000 ____D C:\Users\Anya\AppData\Local\ElevatedDiagnostics
2016-01-09 18:24 - 2015-12-11 19:16 - 00000148 _____ C:\Windows\Reimage.ini
2016-01-09 11:33 - 2015-07-07 14:14 - 00000000 ____D C:\ProgramData\Brother
2016-01-09 11:33 - 2015-07-07 13:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-09 11:32 - 2015-07-17 20:23 - 00000000 ____D C:\Users\Anya\Downloads\wlan_wiz
2016-01-09 10:33 - 2015-07-07 14:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-08 12:06 - 2015-07-07 14:37 - 00002008 _____ C:\Users\Anya\Desktop\Kindle.lnk
2016-01-08 10:20 - 2015-07-07 14:24 - 00000000 ____D C:\ProgramData\Skype
2016-01-07 19:14 - 2015-07-07 14:37 - 00000000 ____D C:\Users\Anya\Documents\My Kindle Content
2016-01-04 15:26 - 2015-12-13 20:00 - 00044344 _____ C:\Windows\system32\ScanResults.xml
2016-01-04 15:18 - 2015-12-13 19:51 - 00000464 _____ C:\Windows\system32\ScannerSettings
2016-01-01 09:41 - 2015-11-09 08:39 - 00001167 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-26 11:05 - 2015-07-07 14:33 - 00000000 ____D C:\Users\Anya\AppData\Local\Skype
2015-12-26 11:05 - 2015-07-07 14:24 - 00002727 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-24 08:48 - 2015-07-08 12:18 - 00000000 ____D C:\Users\Anya\Documents\DEPENDABLE TRUCKING
 
==================== Files in the root of some directories =======
 
2015-07-07 14:59 - 2015-07-07 14:59 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-07-07 20:11 - 2015-07-07 21:10 - 0000273 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-07-07 21:27 - 2015-07-07 21:27 - 0000148 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-19 08:52
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 21 January 2016 - 11:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

For your security I suggest you update these programs if not already done.

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

===

Open the Control Panel > Programs and Featuress applet and delete this program.
KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - )
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Users\Anya\Desktop\e4lzsqy7.exe
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1876110180-2343862886-1710493278-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={5347F41A-C994-404D-9739-FF39DDDE387A}&mid=54c4959e1ae447cd9d674597c6d4b63e-11230d80b32f8914698fdc4597b3016d5679a6ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2015-07-07 15:48:29&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
Toolbar: HKU\S-1-5-21-1876110180-2343862886-1710493278-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-12-16]
CHR Extension: (Bing) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-01-09]
S3 cpuz134; \??\C:\Users\Anya\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
U3 kxldrpow; \??\C:\Users\Anya\AppData\Local\Temp\kxldrpow.sys [X]
Task: {DDFB0D30-9E6C-45E8-8FCA-FDF59AA4360B} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-29] (@ByELDI)
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3
FirewallRules: [{09A6906F-48B5-45D3-AA02-7E14E17E5BA8}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{DC2C17B4-0F46-495D-8C7F-7DD0B7C10822}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7A910FFE-D4EC-41C5-990F-CFB382707F4C}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E10FB09B-33E3-481B-9FF1-EBE3ED6BE58B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{1DE399F4-E2FF-4835-A1A8-36F06D86B832}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0AE79F4C-9053-4726-938E-543A6AB4AD4E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{EC64D2D6-847D-4BF8-92FD-F3E82B1D394B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{F17B9FC2-000F-4374-9130-FCE2F5AAFB02}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{3CFC3406-D6D9-43DB-8C79-9E3FAF87C0F7}C:\users\anya\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\anya\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{ECC92AFD-47F6-45DB-9E16-199DB0F042BB}C:\users\anya\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\anya\appdata\local\popcorn time\node-webkit\popcorn time.exe
C:\Users\Anya\Desktop\e4lzsqy7.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

Please post the logs and let me know what problems persists on this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:54 PM

Posted 26 January 2016 - 08:42 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users