Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with searchinterneat-a.akamaihd.net Firefox redirects Searches.


  • This topic is locked This topic is locked
21 replies to this topic

#1 BlueSierra

BlueSierra

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 02 February 2016 - 08:37 AM

My laptop is infected with searchinterneat-a.akamaihd.net browser hijacker.

I believe installed bundled with Java when I installed Minecraft for my son ! Only realised that clicking Next was installing additional software too late..... bit too careless I know !

 

I'm running 360 Total Security Antivirus. Have already followed a self-help guide on Bleeping Computer and have already scanned with AVG ,  Adwcleaner and JRT and Malwarebytes.
 

Most of those programs did not even identify searchinterneat-a.akamaihd.net as a threat.

 

All data in F Drive - securely backed up to a Samsung 500GB External -I suppose worst case is a clean re-install, but I want to avoid that if possible.  

 

Any help really appreciated.

 

 

 

 

 

FRST Log :

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by johnm (administrator) on DESKTOP-M6P0IF8 (02-02-2016 13:07:12)
Running from C:\Users\johnm\Downloads
Loaded Profiles: johnm (Available Profiles: johnm)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\johnm\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Flickr) C:\Users\johnm\AppData\Local\FlickrUploadrWindows\app-0.9.98.280\Flickr.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2015-08-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-07-31] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2015-12-08] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [655112 2015-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-08-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DriverTalent] => C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe [3009296 2016-01-21] (OSToto Co., Ltd.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [305272 2015-12-11] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-01-25] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Run: [Spotify Web Helper] => C:\Users\johnm\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-01-29] (Spotify Ltd)
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Run: [FlickrUploadr] => "C:\Users\johnm\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2016-01-17] (Siber Systems)
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk [2016-02-02]
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\johnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-12-08]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b4261d84-5aab-4cf3-816c-15a4d21cf07b}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> OldSearch URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2779425049-1141099686-2853734179-1001 -> OldSearch URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-01-17] (Siber Systems Inc.)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2015-12-11] (Qihu 360 Software Co., Ltd.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-01-17] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-31] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2015-12-11] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-31] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-01-17] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-01-17] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2779425049-1141099686-2853734179-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-01-17] (Siber Systems Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default
FF DefaultSearchEngine: Default
FF SelectedSearchEngine: Default
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVcg0NBAAUERgScgtZTA1JEVMOIlhdUBQVGFYQIQ1dUw1HFwwFIk0FA18DB0VXfWFoKB8fHGZGIUtbCXIfTkI=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-09] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-31] (Oracle Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF SearchPlugin: C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default\searchplugins\default.xml [2016-02-02]
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-12-20]
FF Extension: Pin It button - C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-12-19]
FF Extension: Search Know - C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default\Extensions\{5e315a4a-641e-496c-8b99-fb9475b4abb2}.xpi [2016-01-30] [not signed]
FF Extension: Share Button for Pinterest - C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2016-01-30]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-01-17]
FF HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881696 2016-01-25] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-01-25] (AVG Technologies CZ, s.r.o.)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [621472 2015-11-17] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-08] (Dropbox, Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-08-03] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-07-31] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [604936 2015-08-17] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373152 2015-11-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 LDrvSvc; c:\program files (x86)\ostotosoft\drivertalent\LDrvSvc.dll [147216 2015-12-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-07-31] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-07-31] (NVIDIA Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [903288 2015-12-11] (QIHU 360 SOFTWARE CO. LIMITED)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [308464 2015-08-21] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2015-08-19] (Clarus, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-12-21] (Wacom Technology, Corp.)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-01] ()
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2015-12-11] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-12-11] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2015-12-11] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-12-11] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-12-11] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [367696 2015-12-11] (360.cn)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181328 2015-12-11] (360.cn)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [47096 2015-08-03] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-08-03] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-08-03] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [259312 2015-07-22] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [4043504 2015-08-02] (Intel Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [6731520 2016-01-29] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-31] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2015-07-31] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-07-31] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-08-13] (Realtek                                            )
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [753368 2015-07-31] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-07-31] (Realsil Semiconductor Corporation)
S3 SGXEPC; C:\Windows\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-12-08] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 13:07 - 2016-02-02 13:07 - 00030416 _____ C:\Users\johnm\Downloads\FRST.txt
2016-02-02 13:06 - 2016-02-02 13:07 - 00000000 ____D C:\FRST
2016-02-02 13:06 - 2016-02-02 13:06 - 02370560 _____ (Farbar) C:\Users\johnm\Downloads\FRST64.exe
2016-02-02 12:53 - 2016-02-02 12:53 - 00000000 ____D C:\ProgramData\Clarus
2016-02-02 12:47 - 2016-02-02 12:47 - 00016148 _____ C:\windows\system32\DESKTOP-M6P0IF8_johnm_HistoryPrediction.bin
2016-02-02 12:47 - 2016-02-02 12:47 - 00000000 ___HD C:\OneDriveTemp
2016-02-02 12:44 - 2016-02-02 12:44 - 00001844 _____ C:\Users\johnm\Desktop\Samsung Drive Manager.lnk
2016-02-02 12:44 - 2016-02-02 12:44 - 00000000 ____D C:\windows\System32\Tasks\CLARUS_DRIVE_MANAGER
2016-02-02 12:44 - 2016-02-02 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-02-02 12:44 - 2016-02-02 12:44 - 00000000 ____D C:\Program Files (x86)\Clarus
2016-02-02 12:43 - 2016-02-02 12:43 - 00000000 ____D C:\Users\johnm\Downloads\DriveManager_v1.0.175_Full
2016-02-02 12:41 - 2016-02-02 12:41 - 75949867 _____ C:\Users\johnm\Downloads\DriveManager_v1.0.175_Full.zip
2016-02-02 11:39 - 2016-02-02 11:39 - 00001102 _____ C:\Users\johnm\Desktop\JRT.txt
2016-02-02 11:03 - 2016-02-02 11:03 - 00003276 _____ C:\Users\johnm\Desktop\Rkill.txt
2016-02-02 11:02 - 2016-02-02 11:36 - 01609032 _____ (Malwarebytes) C:\Users\johnm\Downloads\JRT.exe
2016-02-02 11:00 - 2016-02-02 11:03 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\johnm\Downloads\rkill.exe
2016-02-02 10:57 - 2016-02-02 12:47 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-02 10:57 - 2016-02-02 10:57 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-02 10:57 - 2016-02-02 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-02 10:57 - 2016-02-02 10:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-02 10:57 - 2016-02-02 10:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-02 10:57 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-02-02 10:57 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-02-02 10:57 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-02-02 10:56 - 2016-02-02 10:56 - 22908888 _____ (Malwarebytes ) C:\Users\johnm\Downloads\mbam-setup-bc.1878-2.2.0.1024.exe
2016-02-02 10:25 - 2016-02-02 10:29 - 00000000 ____D C:\AdwCleaner
2016-02-02 10:24 - 2016-02-02 10:25 - 01508352 _____ C:\Users\johnm\Downloads\AdwCleaner.exe
2016-02-02 10:11 - 2016-02-02 10:11 - 00242000 _____ C:\Users\johnm\Downloads\Firefox Setup Stub 44.0.exe
2016-02-02 10:11 - 2016-02-02 10:11 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-02 10:11 - 2016-02-02 10:11 - 00001227 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-02 10:11 - 2016-02-02 10:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-02 10:11 - 2016-02-02 10:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-02 01:05 - 2016-02-02 01:05 - 00002870 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-02-02 01:05 - 2016-02-02 01:05 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-02 01:05 - 2016-02-02 01:05 - 00000000 ____D C:\Program Files\CCleaner
2016-02-02 01:02 - 2016-02-02 01:02 - 00000000 ____D C:\Users\johnm\AppData\Local\VS Revo Group
2016-02-02 01:01 - 2016-02-02 01:01 - 00001129 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-02-02 01:01 - 2016-02-02 01:01 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-02-02 01:01 - 2016-02-02 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-02-02 01:01 - 2016-02-02 01:01 - 00000000 ____D C:\Program Files\VS Revo Group
2016-02-02 01:01 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2016-02-02 01:00 - 2016-02-02 01:03 - 06828320 _____ (Piriform Ltd) C:\Users\johnm\Downloads\ccsetup514.exe
2016-02-02 00:57 - 2016-02-02 01:01 - 10691640 _____ (VS Revo Group ) C:\Users\johnm\Downloads\RevoUninProSetup.exe
2016-02-02 00:12 - 2016-02-02 00:19 - 00000000 ____D C:\Users\johnm\AppData\Local\AVG Web TuneUp
2016-02-02 00:07 - 2016-02-02 00:19 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-02 00:05 - 2016-02-02 00:05 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-02-01 23:55 - 2016-02-02 00:04 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-01 23:53 - 2016-02-01 23:53 - 00000000 ____D C:\Users\johnm\AppData\Roaming\AVG
2016-02-01 23:52 - 2016-02-01 23:52 - 00000000 ___HD C:\$AVG
2016-02-01 23:52 - 2016-02-01 23:52 - 00000000 ____D C:\Users\johnm\AppData\Roaming\TuneUp Software
2016-02-01 23:52 - 2016-02-01 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-01 23:51 - 2016-02-02 12:49 - 00000000 ____D C:\ProgramData\MFAData
2016-02-01 23:51 - 2016-02-01 23:51 - 00000000 ____D C:\Users\johnm\AppData\Local\MFAData
2016-02-01 23:50 - 2016-02-01 23:52 - 00000000 ____D C:\ProgramData\Avg
2016-02-01 23:50 - 2016-02-01 23:51 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-01 23:50 - 2016-02-01 23:50 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-01 23:50 - 2016-02-01 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-01 23:49 - 2016-02-01 23:53 - 00000000 ____D C:\Users\johnm\AppData\Local\Avg
2016-02-01 23:49 - 2016-02-01 23:50 - 00000000 ____D C:\Users\johnm\AppData\Local\AvgSetupLog
2016-02-01 23:49 - 2016-02-01 23:49 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\johnm\Downloads\AVG_Protection_Free_698.exe
2016-01-31 15:58 - 2016-01-31 15:58 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-31 15:58 - 2016-01-31 15:58 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Sun
2016-01-31 15:58 - 2016-01-31 15:58 - 00000000 ____D C:\Users\johnm\.oracle_jre_usage
2016-01-31 15:58 - 2016-01-30 20:40 - 00111016 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-64.dll
2016-01-31 15:57 - 2016-01-31 15:59 - 00000000 ____D C:\ProgramData\Oracle
2016-01-31 15:57 - 2016-01-31 15:57 - 00643168 _____ (Oracle Corporation) C:\Users\johnm\Downloads\JavaSetup8u71.exe
2016-01-31 15:57 - 2016-01-31 15:57 - 00000000 ____D C:\Users\johnm\AppData\LocalLow\Oracle
2016-01-31 15:57 - 2016-01-31 15:57 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-30 21:29 - 2016-01-30 21:29 - 00067118 _____ C:\Users\johnm\Downloads\GameModeSwitcher-PC.zip
2016-01-30 21:23 - 2016-01-30 21:30 - 00000000 ____D C:\Users\johnm\Desktop\MINECRAFT
2016-01-30 21:21 - 2016-01-30 21:21 - 00000000 ___HT C:\Users\johnm\Desktop\New shortcut.lnk~RF1e3c38f2.TMP
2016-01-30 21:20 - 2016-01-30 21:20 - 00000000 ___HT C:\Users\johnm\Desktop\New shortcut.lnk~RF1e3af15f.TMP
2016-01-30 20:41 - 2016-01-31 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-30 20:40 - 2016-01-30 20:40 - 00000000 ____D C:\Users\johnm\AppData\LocalLow\Sun
2016-01-30 20:39 - 2016-01-30 20:38 - 31012264 _____ (Oracle Corporation) C:\Users\johnm\Downloads\Java_Installer.exe
2016-01-30 15:48 - 2016-02-01 19:36 - 00000000 ____D C:\Users\johnm\AppData\Roaming\.minecraft
2016-01-30 15:48 - 2016-01-30 15:48 - 00000000 ____D C:\Users\johnm\AppData\Roaming\java
2016-01-30 15:47 - 2016-01-30 15:48 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-01-30 15:47 - 2016-01-30 15:47 - 02314240 _____ C:\Users\johnm\Downloads\MinecraftInstaller.msi
2016-01-30 15:47 - 2016-01-30 15:47 - 00001037 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-01-30 15:47 - 2016-01-30 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-01-29 23:28 - 2016-01-29 23:28 - 10718860 _____ C:\windows\system32\Drivers\Netwfw02.dat
2016-01-24 23:58 - 2016-01-24 23:59 - 00319995 _____ C:\Users\johnm\Downloads\lame_v3.99.5.zip
2016-01-22 15:15 - 2016-01-22 15:15 - 00260528 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2016-01-19 22:02 - 2016-01-19 22:02 - 00000000 ____D C:\Users\johnm\AppData\Roaming\OpenOffice
2016-01-19 22:01 - 2016-01-19 22:01 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-01-19 22:01 - 2016-01-19 22:01 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-01-19 22:00 - 2016-01-19 22:01 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-01-19 21:54 - 2016-01-19 21:54 - 00000000 ____D C:\Users\johnm\Desktop\OpenOffice 4.1.2 (en-GB) Installation Files
2016-01-19 21:53 - 2016-01-19 21:53 - 133575912 _____ C:\Users\johnm\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-GB.exe
2016-01-19 21:30 - 2016-01-19 21:30 - 00070345 _____ C:\Users\johnm\Downloads\Chemsheets GCSE 014 (Word equations 1).pdf
2016-01-19 21:30 - 2016-01-19 21:30 - 00070345 _____ C:\Users\johnm\Downloads\Chemsheets GCSE 014 (Word equations 1)(1).pdf
2016-01-19 21:29 - 2016-01-19 21:30 - 00086683 _____ C:\Users\johnm\Downloads\Chemsheets GCSE 005 (Electron structure).pdf
2016-01-19 21:29 - 2016-01-19 21:30 - 00086683 _____ C:\Users\johnm\Downloads\Chemsheets GCSE 005 (Electron structure)(1).pdf
2016-01-17 00:37 - 2016-01-17 00:37 - 17767464 _____ (Siber Systems) C:\Users\johnm\Downloads\RoboForm-Setup-12e01(1).exe
2016-01-16 23:47 - 2016-01-16 23:48 - 17767464 _____ (Siber Systems) C:\Users\johnm\Downloads\RoboForm-Setup-12e01.exe
2016-01-16 21:29 - 2016-01-16 21:29 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-16 21:29 - 2016-01-16 21:29 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Apple Computer
2016-01-16 21:29 - 2016-01-16 21:29 - 00000000 ____D C:\Users\johnm\AppData\Local\Apple Computer
2016-01-16 21:29 - 2016-01-16 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-16 21:28 - 2016-01-16 21:29 - 00000000 ____D C:\Program Files\iTunes
2016-01-16 21:28 - 2016-01-16 21:28 - 00000000 ____D C:\Users\johnm\AppData\Local\Apple
2016-01-16 21:28 - 2016-01-16 21:28 - 00000000 ____D C:\ProgramData\Apple Computer
2016-01-16 21:28 - 2016-01-16 21:28 - 00000000 ____D C:\Program Files\iPod
2016-01-16 21:28 - 2016-01-16 21:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-16 21:27 - 2016-01-16 21:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-16 21:27 - 2016-01-16 21:27 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-16 21:27 - 2016-01-16 21:27 - 00000000 ____D C:\Program Files\Bonjour
2016-01-16 21:27 - 2016-01-16 21:27 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-01-16 21:27 - 2016-01-16 21:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-01-16 21:25 - 2016-01-16 21:26 - 167583000 _____ (Apple Inc.) C:\Users\johnm\Downloads\iTunes6464Setup.exe
2016-01-14 20:41 - 2016-01-14 20:41 - 00000000 ____D C:\tmp
2016-01-14 20:38 - 2016-01-14 20:38 - 00000000 ____D C:\Users\johnm\Downloads\80845_Blender_2.75_Advanced_Cycles_Smoke___Fire_Shader___Test_Scene
2016-01-14 20:37 - 2016-01-14 20:37 - 00404914 _____ C:\Users\johnm\Downloads\80845_Blender_2.75_Advanced_Cycles_Smoke___Fire_Shader___Test_Scene.zip
2016-01-14 20:31 - 2016-01-14 20:32 - 22774529 _____ C:\Users\johnm\Downloads\81349_Dusty___Dirty_Shader.zip
2016-01-13 23:25 - 2016-01-13 23:25 - 21895616 _____ (SecureMix LLC) C:\Users\johnm\Downloads\GlassWireSetup.exe
2016-01-12 21:09 - 2016-01-12 21:09 - 00000000 ____D C:\Users\johnm\AppData\LocalLow\Temp
2016-01-12 20:57 - 2016-01-05 03:07 - 02463704 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2016-01-12 20:57 - 2016-01-05 03:07 - 00377592 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-12 20:57 - 2016-01-05 03:06 - 08022368 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-01-12 20:57 - 2016-01-05 03:06 - 01991120 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-12 20:57 - 2016-01-05 03:06 - 01270104 _____ (Microsoft Corporation) C:\windows\system32\mfnetsrc.dll
2016-01-12 20:57 - 2016-01-05 03:06 - 01063504 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-12 20:57 - 2016-01-05 03:06 - 00119800 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 02824248 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 02641928 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 01591848 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 01150816 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00862056 _____ (Microsoft Corporation) C:\windows\system32\mfnetcore.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00787720 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 00784136 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00779928 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00772448 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00751992 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 00667856 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00250520 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 00249464 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 00243248 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00233992 _____ (Microsoft Corporation) C:\windows\system32\mftranscode.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00115704 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 00090912 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00083704 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-12 20:57 - 2016-01-05 02:59 - 00781976 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-01-12 20:57 - 2016-01-05 02:52 - 00441696 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-01-12 20:57 - 2016-01-05 02:50 - 01817064 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2016-01-12 20:57 - 2016-01-05 02:50 - 01083072 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-01-12 20:57 - 2016-01-05 02:50 - 00723648 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-01-12 20:57 - 2016-01-05 02:50 - 00345080 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-12 20:57 - 2016-01-05 02:50 - 00251544 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-12 20:57 - 2016-01-05 02:50 - 00205072 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-12 20:57 - 2016-01-05 02:31 - 01365576 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-12 20:57 - 2016-01-05 02:30 - 02459096 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-12 20:57 - 2016-01-05 02:30 - 02162064 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-12 20:57 - 2016-01-05 02:30 - 02152744 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2016-01-12 20:57 - 2016-01-05 02:30 - 01106872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetsrc.dll
2016-01-12 20:57 - 2016-01-05 02:30 - 00882208 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-12 20:57 - 2016-01-05 02:30 - 00368776 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-12 20:57 - 2016-01-05 02:30 - 00232896 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 20:57 - 2016-01-05 02:30 - 00100712 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-12 20:57 - 2016-01-05 02:29 - 00208688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mftranscode.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 02445128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00714808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetcore.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00696192 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-12 20:57 - 2016-01-05 02:28 - 00695752 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-12 20:57 - 2016-01-05 02:28 - 00645144 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00635312 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00497896 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00277400 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-12 20:57 - 2016-01-05 02:28 - 00116728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00107952 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-12 20:57 - 2016-01-05 02:28 - 00082096 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00072808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-12 20:57 - 2016-01-05 02:21 - 00658528 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-01-12 20:57 - 2016-01-05 02:18 - 21873152 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2016-01-12 20:57 - 2016-01-05 02:15 - 24592896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-01-12 20:57 - 2016-01-05 02:15 - 00931328 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-01-12 20:57 - 2016-01-05 02:15 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\UserMgrProxy.dll
2016-01-12 20:57 - 2016-01-05 02:15 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\usermgrcli.dll
2016-01-12 20:57 - 2016-01-05 02:10 - 00539136 _____ (Microsoft Corporation) C:\windows\system32\mfh264enc.dll
2016-01-12 20:57 - 2016-01-05 02:10 - 00305776 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-12 20:57 - 2016-01-05 02:10 - 00278424 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-12 20:57 - 2016-01-05 02:10 - 00188032 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-12 20:57 - 2016-01-05 02:09 - 01234944 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2016-01-12 20:57 - 2016-01-05 02:09 - 00205312 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-12 20:57 - 2016-01-05 02:02 - 01672192 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-12 20:57 - 2016-01-05 02:02 - 00678912 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-12 20:57 - 2016-01-05 02:02 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-12 20:57 - 2016-01-05 02:01 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-12 20:57 - 2016-01-05 02:00 - 00826880 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-01-12 20:57 - 2016-01-05 02:00 - 00771072 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2016-01-12 20:57 - 2016-01-05 01:59 - 00572928 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-01-12 20:57 - 2016-01-05 01:57 - 00712704 _____ (Microsoft Corporation) C:\windows\system32\usermgr.dll
2016-01-12 20:57 - 2016-01-05 01:57 - 00578560 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2016-01-12 20:57 - 2016-01-05 01:57 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-01-12 20:57 - 2016-01-05 01:56 - 07523840 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2016-01-12 20:57 - 2016-01-05 01:51 - 01255936 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-12 20:57 - 2016-01-05 01:51 - 01009664 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-12 20:57 - 2016-01-05 01:51 - 00634368 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-12 20:57 - 2016-01-05 01:51 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-12 20:57 - 2016-01-05 01:51 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-12 20:57 - 2016-01-05 01:44 - 00159744 _____ (Microsoft Corporation) C:\windows\SysWOW64\UserMgrProxy.dll
2016-01-12 20:57 - 2016-01-05 01:44 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\usermgrcli.dll
2016-01-12 20:57 - 2016-01-05 01:43 - 19324928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-01-12 20:57 - 2016-01-05 01:42 - 00871936 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 20:57 - 2016-01-05 01:38 - 00556032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfh264enc.dll
2016-01-12 20:57 - 2016-01-05 01:32 - 01541632 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-12 20:57 - 2016-01-05 01:32 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-12 20:57 - 2016-01-05 01:31 - 00563200 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-12 20:57 - 2016-01-05 01:31 - 00235008 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-12 20:57 - 2016-01-05 01:30 - 18802176 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2016-01-12 20:57 - 2016-01-05 01:29 - 00650240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-01-12 20:57 - 2016-01-05 01:29 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-01-12 20:57 - 2016-01-05 01:26 - 00373760 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-01-12 20:57 - 2016-01-05 01:24 - 05454848 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2016-01-12 20:57 - 2016-01-05 01:20 - 00890880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 20:57 - 2016-01-05 01:19 - 01070080 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 20:57 - 2016-01-05 01:19 - 00747008 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-12 20:57 - 2016-01-05 01:19 - 00409088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-12 20:57 - 2016-01-05 01:19 - 00404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-09 21:43 - 2016-01-09 21:39 - 00000030 _____ C:\AVScanner.ini
2016-01-08 10:46 - 2016-01-08 10:46 - 00272304 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2016-01-08 10:46 - 2016-01-08 10:46 - 00023472 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avguniva.sys
2016-01-07 15:03 - 2016-01-07 15:03 - 00021632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgboota.sys
2016-01-06 22:49 - 2016-01-06 22:49 - 00000000 ____D C:\Users\johnm\AppData\Roaming\NVIDIA
2016-01-06 22:42 - 2016-01-06 22:42 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Blender Foundation
2016-01-06 00:21 - 2016-01-06 00:21 - 02983248 _____ C:\Users\johnm\Downloads\nectartoolbar.exe
2016-01-05 16:02 - 2016-01-05 16:02 - 00315312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2016-01-04 23:56 - 2016-01-04 23:56 - 01158327 _____ C:\Users\johnm\Downloads\Pistone, Joseph D.-Donnie Brasco.epub
2016-01-04 19:35 - 2016-01-04 19:35 - 00000000 ____D C:\Users\johnm\AppData\LocalLow\Adobe
2016-01-04 19:14 - 2016-01-04 19:19 - 18058212 _____ C:\Users\johnm\Downloads\dslrBooth Photo Booth Software 4.6.28.1 Professional.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 12:59 - 2015-12-20 22:38 - 00000000 ____D C:\Users\johnm\AppData\LocalLow\360WD
2016-02-02 12:48 - 2015-12-08 21:24 - 00000000 ___RD C:\Users\johnm\Dropbox
2016-02-02 12:48 - 2015-12-08 21:22 - 00000000 ____D C:\Users\johnm\AppData\Local\Dropbox
2016-02-02 12:47 - 2015-12-08 21:22 - 00000934 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-02 12:47 - 2015-12-08 21:17 - 00000000 ___RD C:\Users\johnm\OneDrive
2016-02-02 12:47 - 2015-12-08 21:13 - 00000000 __SHD C:\Users\johnm\IntelGraphicsProfiles
2016-02-02 12:47 - 2015-12-08 20:50 - 00000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-02 12:46 - 2015-07-10 12:21 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-02 12:46 - 2015-07-10 12:20 - 04788560 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-02 12:45 - 2015-07-10 09:05 - 01572864 ___SH C:\windows\system32\config\BBI
2016-02-02 12:44 - 2015-10-07 14:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-02 12:41 - 2015-07-16 06:09 - 00969890 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-02 12:41 - 2015-07-10 11:02 - 00000000 ____D C:\windows\INF
2016-02-02 12:27 - 2015-12-08 21:22 - 00000938 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-02 11:49 - 2015-07-10 11:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-02 11:49 - 2015-07-10 11:04 - 00000000 ____D C:\windows\AppReadiness
2016-02-02 11:41 - 2015-07-10 11:04 - 00000000 ____D C:\windows\Web
2016-02-02 10:36 - 2015-12-11 23:52 - 00004168 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{2C15931E-4F30-4ED2-B45F-A4DCAB6062DC}
2016-02-02 09:56 - 2015-12-08 21:14 - 00000000 ____D C:\Users\johnm\Documents\YouCam
2016-02-02 01:22 - 2015-12-24 14:32 - 00000364 _____ C:\windows\Tasks\HPCeeScheduleForjohnm.job
2016-02-02 01:12 - 2015-07-16 06:50 - 00000000 ____D C:\windows\Panther
2016-02-02 01:02 - 2015-12-24 14:32 - 00003256 _____ C:\windows\System32\Tasks\HPCeeScheduleForjohnm
2016-02-02 00:59 - 2015-12-22 20:18 - 00000000 __SHD C:\ProgramData\360Quarant
2016-02-02 00:59 - 2015-12-22 20:18 - 00000000 __SHD C:\$360Section
2016-02-02 00:49 - 2015-12-20 22:37 - 00000000 _RSHD C:\360SANDBOX
2016-02-01 23:54 - 2015-07-10 09:05 - 00032768 ___SH C:\windows\system32\config\ELAM
2016-02-01 23:52 - 2015-07-10 11:04 - 00000000 ___HD C:\windows\ELAMBKUP
2016-02-01 20:12 - 2015-12-20 22:38 - 00000000 ____D C:\ProgramData\360safe
2016-02-01 16:47 - 2015-12-08 21:08 - 00000000 ____D C:\Users\johnm
2016-01-31 04:19 - 2015-12-08 23:42 - 00000000 ____D C:\Users\johnm\AppData\Local\Spotify
2016-01-31 04:16 - 2015-12-08 23:42 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Spotify
2016-01-30 18:06 - 2015-12-08 21:13 - 00000000 ____D C:\Users\johnm\AppData\Local\VirtualStore
2016-01-29 23:44 - 2015-12-14 01:14 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Audacity
2016-01-29 23:28 - 2015-08-02 16:15 - 06731520 _____ (Intel Corporation) C:\windows\system32\Drivers\Netwtw02.sys
2016-01-25 00:02 - 2015-12-09 20:28 - 00000000 ____D C:\Users\Public\CyberLink
2016-01-25 00:00 - 2015-12-14 01:14 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-01-24 20:57 - 2015-07-16 06:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-19 21:52 - 2015-12-18 00:09 - 00002413 _____ C:\Users\johnm\Desktop\Flickr Uploadr.lnk
2016-01-19 21:52 - 2015-12-18 00:09 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flickr
2016-01-19 21:52 - 2015-12-18 00:09 - 00000000 ____D C:\Users\johnm\AppData\Local\FlickrUploadrWindows
2016-01-17 00:40 - 2015-12-09 22:40 - 00004322 _____ C:\windows\System32\Tasks\Open URL by RoboForm
2016-01-17 00:40 - 2015-12-09 22:40 - 00003592 _____ C:\windows\System32\Tasks\Run RoboForm TaskBar Icon
2016-01-17 00:39 - 2015-12-09 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2016-01-17 00:37 - 2015-12-20 22:46 - 00000000 ____D C:\Users\johnm\AppData\Roaming\360Safe
2016-01-16 21:27 - 2015-10-07 14:46 - 00000000 ____D C:\ProgramData\Apple
2016-01-12 23:32 - 2015-07-10 10:55 - 00000000 ____D C:\windows\CbsTemp
2016-01-12 23:31 - 2015-12-08 23:37 - 00000000 ____D C:\windows\system32\MRT
2016-01-12 23:28 - 2015-12-08 23:37 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-01-09 21:40 - 2015-12-12 20:30 - 00000000 ____D C:\Users\johnm\AppData\Local\Adobe
2016-01-09 21:39 - 2015-10-07 14:50 - 00000000 ____D C:\ProgramData\mcafee
2016-01-05 00:30 - 2015-12-20 02:47 - 00000000 ____D C:\Users\johnm\Documents\actions
2016-01-03 21:33 - 2015-12-08 21:13 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Adobe
2016-01-03 01:40 - 2015-07-10 11:06 - 00826872 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 01:40 - 2015-07-10 11:06 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some files in TEMP:
====================
C:\Users\johnm\AppData\Local\Temp\jansi-64-1579013872543991892.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-1673261130576460891.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-3299224844860229834.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-3447682095957418723.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-4706826664299954993.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-5507312114902318525.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-5777870822038847559.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-6340393913750294737.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-6915792775422739861.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-921987982591810221.dll
C:\Users\johnm\AppData\Local\Temp\sqlite3.dll
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-02-01 15:45
 
==================== End of FRST.txt ============================

 


 Attached File  Addition.txt   48.95KB   2 downloads



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:56 AM

Posted 02 February 2016 - 10:32 AM

Hello BlueSierra and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Uninstall programs

You have 2 antivirus programs running, one of which is a “rogue” programme.

Uninstall 360 Total Security.

To do this:

  • right-click the Start button and click Control Panel
  • go to “Programs and Features” - (if your Control Panel is in “Category” view, go to “Uninstall a Program”)
  • locate 360 Total Security, click it to select it, and then click Uninstall.

===================================================

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

AdwCleaner log
New Frst.txt
New Addition.txt


Thanks

Satchfan


Edited by satchfan, 02 February 2016 - 10:34 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 BlueSierra

BlueSierra
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 02 February 2016 - 11:06 AM

Hi Satchfan - many thanks for your help.

 

I'm surprised that 360 is rogue - I thought I did some research and it was recommended - anyhow its deleted now. Also deleted Adwcleaner and replaced it with the one from your link, cleaned and restarted. Then did a fresh FRST. Here's the log of that  :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by johnm (administrator) on DESKTOP-M6P0IF8 (02-02-2016 15:53:42)
Running from C:\Users\johnm\Downloads
Loaded Profiles: johnm (Available Profiles: johnm)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\johnm\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Flickr) C:\Users\johnm\AppData\Local\FlickrUploadrWindows\app-0.9.98.280\Flickr.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2015-08-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-07-31] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2015-12-08] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [655112 2015-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-08-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DriverTalent] => C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe [3009296 2016-01-21] (OSToto Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-01-25] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Run: [Spotify Web Helper] => C:\Users\johnm\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-01-29] (Spotify Ltd)
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Run: [FlickrUploadr] => "C:\Users\johnm\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2016-01-17] (Siber Systems)
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk [2016-02-02]
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\johnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-12-08]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b4261d84-5aab-4cf3-816c-15a4d21cf07b}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> OldSearch URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2779425049-1141099686-2853734179-1001 -> OldSearch URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-01-17] (Siber Systems Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-01-17] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-31] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-31] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-01-17] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-01-17] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2779425049-1141099686-2853734179-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-01-17] (Siber Systems Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default
FF DefaultSearchEngine: Default
FF SelectedSearchEngine: Default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-09] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-31] (Oracle Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Extension: Pin It button - C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-12-19]
FF Extension: Search Know - C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default\Extensions\{5e315a4a-641e-496c-8b99-fb9475b4abb2}.xpi [2016-01-30] [not signed]
FF Extension: Share Button for Pinterest - C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2016-01-30]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-01-17]
FF HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881696 2016-01-25] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-01-25] (AVG Technologies CZ, s.r.o.)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [621472 2015-11-17] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-08] (Dropbox, Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-08-03] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-07-31] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [604936 2015-08-17] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373152 2015-11-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 LDrvSvc; c:\program files (x86)\ostotosoft\drivertalent\LDrvSvc.dll [147216 2015-12-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-07-31] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-07-31] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [308464 2015-08-21] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2015-08-19] (Clarus, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-12-21] (Wacom Technology, Corp.)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-01] ()
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [47096 2015-08-03] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-08-03] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-08-03] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [259312 2015-07-22] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [4043504 2015-08-02] (Intel Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [6731520 2016-01-29] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-31] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2015-07-31] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-07-31] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-08-13] (Realtek                                            )
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [753368 2015-07-31] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-07-31] (Realsil Semiconductor Corporation)
S3 SGXEPC; C:\Windows\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-12-08] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 15:52 - 2016-02-02 15:52 - 00001164 _____ C:\Users\johnm\Desktop\AdwCleaner[C1].txt
2016-02-02 15:50 - 2016-02-02 15:50 - 00016148 _____ C:\windows\system32\DESKTOP-M6P0IF8_johnm_HistoryPrediction.bin
2016-02-02 15:40 - 2016-02-02 15:41 - 00000000 ____D C:\AdwCleaner
2016-02-02 15:39 - 2016-02-02 15:40 - 01508352 _____ C:\Users\johnm\Downloads\adwcleaner_5.032.exe
2016-02-02 14:59 - 2016-02-02 14:59 - 00000000 ___HD C:\OneDriveTemp
2016-02-02 14:18 - 2016-02-02 14:18 - 00009451 _____ C:\Users\johnm\Downloads\traditional-mansion.schematic
2016-02-02 13:08 - 2016-02-02 13:35 - 00050122 _____ C:\Users\johnm\Downloads\Addition.txt
2016-02-02 13:07 - 2016-02-02 15:54 - 00028227 _____ C:\Users\johnm\Downloads\FRST.txt
2016-02-02 13:06 - 2016-02-02 15:53 - 00000000 ____D C:\FRST
2016-02-02 13:06 - 2016-02-02 13:06 - 02370560 _____ (Farbar) C:\Users\johnm\Downloads\FRST64.exe
2016-02-02 12:53 - 2016-02-02 12:53 - 00000000 ____D C:\ProgramData\Clarus
2016-02-02 12:44 - 2016-02-02 12:44 - 00001844 _____ C:\Users\johnm\Desktop\Samsung Drive Manager.lnk
2016-02-02 12:44 - 2016-02-02 12:44 - 00000000 ____D C:\windows\System32\Tasks\CLARUS_DRIVE_MANAGER
2016-02-02 12:44 - 2016-02-02 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-02-02 12:44 - 2016-02-02 12:44 - 00000000 ____D C:\Program Files (x86)\Clarus
2016-02-02 12:43 - 2016-02-02 12:43 - 00000000 ____D C:\Users\johnm\Downloads\DriveManager_v1.0.175_Full
2016-02-02 12:41 - 2016-02-02 12:41 - 75949867 _____ C:\Users\johnm\Downloads\DriveManager_v1.0.175_Full.zip
2016-02-02 11:02 - 2016-02-02 11:36 - 01609032 _____ (Malwarebytes) C:\Users\johnm\Downloads\JRT.exe
2016-02-02 11:00 - 2016-02-02 11:03 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\johnm\Downloads\rkill.exe
2016-02-02 10:57 - 2016-02-02 15:50 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-02 10:57 - 2016-02-02 10:57 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-02 10:57 - 2016-02-02 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-02 10:57 - 2016-02-02 10:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-02 10:57 - 2016-02-02 10:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-02 10:57 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-02-02 10:57 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-02-02 10:57 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-02-02 10:56 - 2016-02-02 10:56 - 22908888 _____ (Malwarebytes ) C:\Users\johnm\Downloads\mbam-setup-bc.1878-2.2.0.1024.exe
2016-02-02 10:11 - 2016-02-02 10:11 - 00242000 _____ C:\Users\johnm\Downloads\Firefox Setup Stub 44.0.exe
2016-02-02 10:11 - 2016-02-02 10:11 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-02 10:11 - 2016-02-02 10:11 - 00001227 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-02 10:11 - 2016-02-02 10:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-02 10:11 - 2016-02-02 10:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-02 01:05 - 2016-02-02 01:05 - 00002870 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-02-02 01:05 - 2016-02-02 01:05 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-02 01:05 - 2016-02-02 01:05 - 00000000 ____D C:\Program Files\CCleaner
2016-02-02 01:02 - 2016-02-02 01:02 - 00000000 ____D C:\Users\johnm\AppData\Local\VS Revo Group
2016-02-02 01:01 - 2016-02-02 01:01 - 00001129 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-02-02 01:01 - 2016-02-02 01:01 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-02-02 01:01 - 2016-02-02 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-02-02 01:01 - 2016-02-02 01:01 - 00000000 ____D C:\Program Files\VS Revo Group
2016-02-02 01:01 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2016-02-02 01:00 - 2016-02-02 01:03 - 06828320 _____ (Piriform Ltd) C:\Users\johnm\Downloads\ccsetup514.exe
2016-02-02 00:57 - 2016-02-02 01:01 - 10691640 _____ (VS Revo Group ) C:\Users\johnm\Downloads\RevoUninProSetup.exe
2016-02-02 00:12 - 2016-02-02 00:19 - 00000000 ____D C:\Users\johnm\AppData\Local\AVG Web TuneUp
2016-02-02 00:07 - 2016-02-02 00:19 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-02 00:05 - 2016-02-02 00:05 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-02-01 23:55 - 2016-02-02 00:04 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-01 23:53 - 2016-02-01 23:53 - 00000000 ____D C:\Users\johnm\AppData\Roaming\AVG
2016-02-01 23:52 - 2016-02-01 23:52 - 00000000 ___HD C:\$AVG
2016-02-01 23:52 - 2016-02-01 23:52 - 00000000 ____D C:\Users\johnm\AppData\Roaming\TuneUp Software
2016-02-01 23:52 - 2016-02-01 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-01 23:51 - 2016-02-02 12:49 - 00000000 ____D C:\ProgramData\MFAData
2016-02-01 23:51 - 2016-02-01 23:51 - 00000000 ____D C:\Users\johnm\AppData\Local\MFAData
2016-02-01 23:50 - 2016-02-01 23:52 - 00000000 ____D C:\ProgramData\Avg
2016-02-01 23:50 - 2016-02-01 23:51 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-01 23:50 - 2016-02-01 23:50 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-01 23:50 - 2016-02-01 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-01 23:49 - 2016-02-01 23:53 - 00000000 ____D C:\Users\johnm\AppData\Local\Avg
2016-02-01 23:49 - 2016-02-01 23:50 - 00000000 ____D C:\Users\johnm\AppData\Local\AvgSetupLog
2016-02-01 23:49 - 2016-02-01 23:49 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\johnm\Downloads\AVG_Protection_Free_698.exe
2016-01-31 15:58 - 2016-01-31 15:58 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-31 15:58 - 2016-01-31 15:58 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Sun
2016-01-31 15:58 - 2016-01-31 15:58 - 00000000 ____D C:\Users\johnm\.oracle_jre_usage
2016-01-31 15:58 - 2016-01-30 20:40 - 00111016 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-64.dll
2016-01-31 15:57 - 2016-01-31 15:59 - 00000000 ____D C:\ProgramData\Oracle
2016-01-31 15:57 - 2016-01-31 15:57 - 00643168 _____ (Oracle Corporation) C:\Users\johnm\Downloads\JavaSetup8u71.exe
2016-01-31 15:57 - 2016-01-31 15:57 - 00000000 ____D C:\Users\johnm\AppData\LocalLow\Oracle
2016-01-31 15:57 - 2016-01-31 15:57 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-30 21:29 - 2016-01-30 21:29 - 00067118 _____ C:\Users\johnm\Downloads\GameModeSwitcher-PC.zip
2016-01-30 21:23 - 2016-01-30 21:30 - 00000000 ____D C:\Users\johnm\Desktop\MINECRAFT
2016-01-30 20:41 - 2016-01-31 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-30 20:40 - 2016-01-30 20:40 - 00000000 ____D C:\Users\johnm\AppData\LocalLow\Sun
2016-01-30 20:39 - 2016-01-30 20:38 - 31012264 _____ (Oracle Corporation) C:\Users\johnm\Downloads\Java_Installer.exe
2016-01-30 15:48 - 2016-02-01 19:36 - 00000000 ____D C:\Users\johnm\AppData\Roaming\.minecraft
2016-01-30 15:48 - 2016-01-30 15:48 - 00000000 ____D C:\Users\johnm\AppData\Roaming\java
2016-01-30 15:47 - 2016-01-30 15:48 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-01-30 15:47 - 2016-01-30 15:47 - 02314240 _____ C:\Users\johnm\Downloads\MinecraftInstaller.msi
2016-01-30 15:47 - 2016-01-30 15:47 - 00001037 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-01-30 15:47 - 2016-01-30 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-01-29 23:28 - 2016-01-29 23:28 - 10718860 _____ C:\windows\system32\Drivers\Netwfw02.dat
2016-01-24 23:58 - 2016-01-24 23:59 - 00319995 _____ C:\Users\johnm\Downloads\lame_v3.99.5.zip
2016-01-22 15:15 - 2016-01-22 15:15 - 00260528 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2016-01-19 22:02 - 2016-01-19 22:02 - 00000000 ____D C:\Users\johnm\AppData\Roaming\OpenOffice
2016-01-19 22:01 - 2016-01-19 22:01 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-01-19 22:01 - 2016-01-19 22:01 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-01-19 22:00 - 2016-01-19 22:01 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-01-19 21:54 - 2016-01-19 21:54 - 00000000 ____D C:\Users\johnm\Desktop\OpenOffice 4.1.2 (en-GB) Installation Files
2016-01-19 21:53 - 2016-01-19 21:53 - 133575912 _____ C:\Users\johnm\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-GB.exe
2016-01-19 21:30 - 2016-01-19 21:30 - 00070345 _____ C:\Users\johnm\Downloads\Chemsheets GCSE 014 (Word equations 1).pdf
2016-01-19 21:30 - 2016-01-19 21:30 - 00070345 _____ C:\Users\johnm\Downloads\Chemsheets GCSE 014 (Word equations 1)(1).pdf
2016-01-19 21:29 - 2016-01-19 21:30 - 00086683 _____ C:\Users\johnm\Downloads\Chemsheets GCSE 005 (Electron structure).pdf
2016-01-19 21:29 - 2016-01-19 21:30 - 00086683 _____ C:\Users\johnm\Downloads\Chemsheets GCSE 005 (Electron structure)(1).pdf
2016-01-17 00:37 - 2016-01-17 00:37 - 17767464 _____ (Siber Systems) C:\Users\johnm\Downloads\RoboForm-Setup-12e01(1).exe
2016-01-16 23:47 - 2016-01-16 23:48 - 17767464 _____ (Siber Systems) C:\Users\johnm\Downloads\RoboForm-Setup-12e01.exe
2016-01-16 21:29 - 2016-01-16 21:29 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-16 21:29 - 2016-01-16 21:29 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Apple Computer
2016-01-16 21:29 - 2016-01-16 21:29 - 00000000 ____D C:\Users\johnm\AppData\Local\Apple Computer
2016-01-16 21:29 - 2016-01-16 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-16 21:28 - 2016-01-16 21:29 - 00000000 ____D C:\Program Files\iTunes
2016-01-16 21:28 - 2016-01-16 21:28 - 00000000 ____D C:\Users\johnm\AppData\Local\Apple
2016-01-16 21:28 - 2016-01-16 21:28 - 00000000 ____D C:\ProgramData\Apple Computer
2016-01-16 21:28 - 2016-01-16 21:28 - 00000000 ____D C:\Program Files\iPod
2016-01-16 21:28 - 2016-01-16 21:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-16 21:27 - 2016-01-16 21:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-16 21:27 - 2016-01-16 21:27 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-16 21:27 - 2016-01-16 21:27 - 00000000 ____D C:\Program Files\Bonjour
2016-01-16 21:27 - 2016-01-16 21:27 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-01-16 21:27 - 2016-01-16 21:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-01-16 21:25 - 2016-01-16 21:26 - 167583000 _____ (Apple Inc.) C:\Users\johnm\Downloads\iTunes6464Setup.exe
2016-01-14 20:41 - 2016-01-14 20:41 - 00000000 ____D C:\tmp
2016-01-14 20:38 - 2016-01-14 20:38 - 00000000 ____D C:\Users\johnm\Downloads\80845_Blender_2.75_Advanced_Cycles_Smoke___Fire_Shader___Test_Scene
2016-01-14 20:37 - 2016-01-14 20:37 - 00404914 _____ C:\Users\johnm\Downloads\80845_Blender_2.75_Advanced_Cycles_Smoke___Fire_Shader___Test_Scene.zip
2016-01-14 20:31 - 2016-01-14 20:32 - 22774529 _____ C:\Users\johnm\Downloads\81349_Dusty___Dirty_Shader.zip
2016-01-13 23:25 - 2016-01-13 23:25 - 21895616 _____ (SecureMix LLC) C:\Users\johnm\Downloads\GlassWireSetup.exe
2016-01-12 21:09 - 2016-01-12 21:09 - 00000000 ____D C:\Users\johnm\AppData\LocalLow\Temp
2016-01-12 20:57 - 2016-01-05 03:07 - 02463704 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2016-01-12 20:57 - 2016-01-05 03:07 - 00377592 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-12 20:57 - 2016-01-05 03:06 - 08022368 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-01-12 20:57 - 2016-01-05 03:06 - 01991120 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-12 20:57 - 2016-01-05 03:06 - 01270104 _____ (Microsoft Corporation) C:\windows\system32\mfnetsrc.dll
2016-01-12 20:57 - 2016-01-05 03:06 - 01063504 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-12 20:57 - 2016-01-05 03:06 - 00119800 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 02824248 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 02641928 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 01591848 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 01150816 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00862056 _____ (Microsoft Corporation) C:\windows\system32\mfnetcore.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00787720 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 00784136 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00779928 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00772448 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00751992 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 00667856 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00250520 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 00249464 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 00243248 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00233992 _____ (Microsoft Corporation) C:\windows\system32\mftranscode.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00115704 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-12 20:57 - 2016-01-05 03:04 - 00090912 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-12 20:57 - 2016-01-05 03:04 - 00083704 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-12 20:57 - 2016-01-05 02:59 - 00781976 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-01-12 20:57 - 2016-01-05 02:52 - 00441696 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-01-12 20:57 - 2016-01-05 02:50 - 01817064 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2016-01-12 20:57 - 2016-01-05 02:50 - 01083072 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-01-12 20:57 - 2016-01-05 02:50 - 00723648 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-01-12 20:57 - 2016-01-05 02:50 - 00345080 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-12 20:57 - 2016-01-05 02:50 - 00251544 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-12 20:57 - 2016-01-05 02:50 - 00205072 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-12 20:57 - 2016-01-05 02:31 - 01365576 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-12 20:57 - 2016-01-05 02:30 - 02459096 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-12 20:57 - 2016-01-05 02:30 - 02162064 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-12 20:57 - 2016-01-05 02:30 - 02152744 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2016-01-12 20:57 - 2016-01-05 02:30 - 01106872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetsrc.dll
2016-01-12 20:57 - 2016-01-05 02:30 - 00882208 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-12 20:57 - 2016-01-05 02:30 - 00368776 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-12 20:57 - 2016-01-05 02:30 - 00232896 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 20:57 - 2016-01-05 02:30 - 00100712 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-12 20:57 - 2016-01-05 02:29 - 00208688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mftranscode.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 02445128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00714808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetcore.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00696192 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-12 20:57 - 2016-01-05 02:28 - 00695752 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-12 20:57 - 2016-01-05 02:28 - 00645144 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00635312 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00497896 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00277400 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-12 20:57 - 2016-01-05 02:28 - 00116728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00107952 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-12 20:57 - 2016-01-05 02:28 - 00082096 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-12 20:57 - 2016-01-05 02:28 - 00072808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-12 20:57 - 2016-01-05 02:21 - 00658528 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-01-12 20:57 - 2016-01-05 02:18 - 21873152 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2016-01-12 20:57 - 2016-01-05 02:15 - 24592896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-01-12 20:57 - 2016-01-05 02:15 - 00931328 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-01-12 20:57 - 2016-01-05 02:15 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\UserMgrProxy.dll
2016-01-12 20:57 - 2016-01-05 02:15 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\usermgrcli.dll
2016-01-12 20:57 - 2016-01-05 02:10 - 00539136 _____ (Microsoft Corporation) C:\windows\system32\mfh264enc.dll
2016-01-12 20:57 - 2016-01-05 02:10 - 00305776 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-12 20:57 - 2016-01-05 02:10 - 00278424 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-12 20:57 - 2016-01-05 02:10 - 00188032 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-12 20:57 - 2016-01-05 02:09 - 01234944 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2016-01-12 20:57 - 2016-01-05 02:09 - 00205312 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-12 20:57 - 2016-01-05 02:02 - 01672192 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-12 20:57 - 2016-01-05 02:02 - 00678912 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-12 20:57 - 2016-01-05 02:02 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-12 20:57 - 2016-01-05 02:01 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-12 20:57 - 2016-01-05 02:00 - 00826880 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-01-12 20:57 - 2016-01-05 02:00 - 00771072 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2016-01-12 20:57 - 2016-01-05 01:59 - 00572928 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-01-12 20:57 - 2016-01-05 01:57 - 00712704 _____ (Microsoft Corporation) C:\windows\system32\usermgr.dll
2016-01-12 20:57 - 2016-01-05 01:57 - 00578560 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2016-01-12 20:57 - 2016-01-05 01:57 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-01-12 20:57 - 2016-01-05 01:56 - 07523840 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2016-01-12 20:57 - 2016-01-05 01:51 - 01255936 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-12 20:57 - 2016-01-05 01:51 - 01009664 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-12 20:57 - 2016-01-05 01:51 - 00634368 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-12 20:57 - 2016-01-05 01:51 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-12 20:57 - 2016-01-05 01:51 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-12 20:57 - 2016-01-05 01:44 - 00159744 _____ (Microsoft Corporation) C:\windows\SysWOW64\UserMgrProxy.dll
2016-01-12 20:57 - 2016-01-05 01:44 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\usermgrcli.dll
2016-01-12 20:57 - 2016-01-05 01:43 - 19324928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-01-12 20:57 - 2016-01-05 01:42 - 00871936 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 20:57 - 2016-01-05 01:38 - 00556032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfh264enc.dll
2016-01-12 20:57 - 2016-01-05 01:32 - 01541632 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-12 20:57 - 2016-01-05 01:32 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-12 20:57 - 2016-01-05 01:31 - 00563200 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-12 20:57 - 2016-01-05 01:31 - 00235008 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-12 20:57 - 2016-01-05 01:30 - 18802176 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2016-01-12 20:57 - 2016-01-05 01:29 - 00650240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-01-12 20:57 - 2016-01-05 01:29 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-01-12 20:57 - 2016-01-05 01:26 - 00373760 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-01-12 20:57 - 2016-01-05 01:24 - 05454848 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2016-01-12 20:57 - 2016-01-05 01:20 - 00890880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 20:57 - 2016-01-05 01:19 - 01070080 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 20:57 - 2016-01-05 01:19 - 00747008 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-12 20:57 - 2016-01-05 01:19 - 00409088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-12 20:57 - 2016-01-05 01:19 - 00404992 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-09 21:43 - 2016-01-09 21:39 - 00000030 _____ C:\AVScanner.ini
2016-01-08 10:46 - 2016-01-08 10:46 - 00272304 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2016-01-08 10:46 - 2016-01-08 10:46 - 00023472 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avguniva.sys
2016-01-07 15:03 - 2016-01-07 15:03 - 00021632 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgboota.sys
2016-01-06 22:49 - 2016-01-06 22:49 - 00000000 ____D C:\Users\johnm\AppData\Roaming\NVIDIA
2016-01-06 22:42 - 2016-01-06 22:42 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Blender Foundation
2016-01-06 00:21 - 2016-01-06 00:21 - 02983248 _____ C:\Users\johnm\Downloads\nectartoolbar.exe
2016-01-05 16:02 - 2016-01-05 16:02 - 00315312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2016-01-04 23:56 - 2016-01-04 23:56 - 01158327 _____ C:\Users\johnm\Downloads\Pistone, Joseph D.-Donnie Brasco.epub
2016-01-04 19:35 - 2016-01-04 19:35 - 00000000 ____D C:\Users\johnm\AppData\LocalLow\Adobe
2016-01-04 19:14 - 2016-01-04 19:19 - 18058212 _____ C:\Users\johnm\Downloads\dslrBooth Photo Booth Software 4.6.28.1 Professional.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 15:50 - 2015-12-20 22:37 - 00000000 ____D C:\Program Files (x86)\360
2016-02-02 15:50 - 2015-12-08 21:24 - 00000000 ___RD C:\Users\johnm\Dropbox
2016-02-02 15:50 - 2015-12-08 21:22 - 00000934 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-02 15:50 - 2015-12-08 21:22 - 00000000 ____D C:\Users\johnm\AppData\Local\Dropbox
2016-02-02 15:50 - 2015-12-08 21:17 - 00000000 ___RD C:\Users\johnm\OneDrive
2016-02-02 15:50 - 2015-12-08 21:13 - 00000000 __SHD C:\Users\johnm\IntelGraphicsProfiles
2016-02-02 15:50 - 2015-12-08 20:50 - 00000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-02 15:45 - 2015-07-10 12:21 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-02 15:44 - 2015-07-10 09:05 - 01572864 ___SH C:\windows\system32\config\BBI
2016-02-02 15:27 - 2015-12-08 21:22 - 00000938 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-02 12:46 - 2015-07-10 12:20 - 04788560 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-02 12:44 - 2015-10-07 14:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-02 12:41 - 2015-07-16 06:09 - 00969890 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-02 12:41 - 2015-07-10 11:02 - 00000000 ____D C:\windows\INF
2016-02-02 11:49 - 2015-07-10 11:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-02 11:49 - 2015-07-10 11:04 - 00000000 ____D C:\windows\AppReadiness
2016-02-02 11:41 - 2015-07-10 11:04 - 00000000 ____D C:\windows\Web
2016-02-02 10:36 - 2015-12-11 23:52 - 00004168 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{2C15931E-4F30-4ED2-B45F-A4DCAB6062DC}
2016-02-02 09:56 - 2015-12-08 21:14 - 00000000 ____D C:\Users\johnm\Documents\YouCam
2016-02-02 01:22 - 2015-12-24 14:32 - 00000364 _____ C:\windows\Tasks\HPCeeScheduleForjohnm.job
2016-02-02 01:12 - 2015-07-16 06:50 - 00000000 ____D C:\windows\Panther
2016-02-02 01:02 - 2015-12-24 14:32 - 00003256 _____ C:\windows\System32\Tasks\HPCeeScheduleForjohnm
2016-02-02 00:59 - 2015-12-22 20:18 - 00000000 __SHD C:\ProgramData\360Quarant
2016-02-02 00:59 - 2015-12-22 20:18 - 00000000 __SHD C:\$360Section
2016-02-01 23:54 - 2015-07-10 09:05 - 00032768 ___SH C:\windows\system32\config\ELAM
2016-02-01 23:52 - 2015-07-10 11:04 - 00000000 ___HD C:\windows\ELAMBKUP
2016-02-01 16:47 - 2015-12-08 21:08 - 00000000 ____D C:\Users\johnm
2016-01-31 04:19 - 2015-12-08 23:42 - 00000000 ____D C:\Users\johnm\AppData\Local\Spotify
2016-01-31 04:16 - 2015-12-08 23:42 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Spotify
2016-01-30 18:06 - 2015-12-08 21:13 - 00000000 ____D C:\Users\johnm\AppData\Local\VirtualStore
2016-01-29 23:44 - 2015-12-14 01:14 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Audacity
2016-01-29 23:28 - 2015-08-02 16:15 - 06731520 _____ (Intel Corporation) C:\windows\system32\Drivers\Netwtw02.sys
2016-01-25 00:02 - 2015-12-09 20:28 - 00000000 ____D C:\Users\Public\CyberLink
2016-01-25 00:00 - 2015-12-14 01:14 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-01-24 20:57 - 2015-07-16 06:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-19 21:52 - 2015-12-18 00:09 - 00002413 _____ C:\Users\johnm\Desktop\Flickr Uploadr.lnk
2016-01-19 21:52 - 2015-12-18 00:09 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flickr
2016-01-19 21:52 - 2015-12-18 00:09 - 00000000 ____D C:\Users\johnm\AppData\Local\FlickrUploadrWindows
2016-01-17 00:40 - 2015-12-09 22:40 - 00004322 _____ C:\windows\System32\Tasks\Open URL by RoboForm
2016-01-17 00:40 - 2015-12-09 22:40 - 00003592 _____ C:\windows\System32\Tasks\Run RoboForm TaskBar Icon
2016-01-17 00:39 - 2015-12-09 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2016-01-16 21:27 - 2015-10-07 14:46 - 00000000 ____D C:\ProgramData\Apple
2016-01-12 23:32 - 2015-07-10 10:55 - 00000000 ____D C:\windows\CbsTemp
2016-01-12 23:31 - 2015-12-08 23:37 - 00000000 ____D C:\windows\system32\MRT
2016-01-12 23:28 - 2015-12-08 23:37 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-01-09 21:40 - 2015-12-12 20:30 - 00000000 ____D C:\Users\johnm\AppData\Local\Adobe
2016-01-09 21:39 - 2015-10-07 14:50 - 00000000 ____D C:\ProgramData\mcafee
2016-01-05 00:30 - 2015-12-20 02:47 - 00000000 ____D C:\Users\johnm\Documents\actions
2016-01-03 21:33 - 2015-12-08 21:13 - 00000000 ____D C:\Users\johnm\AppData\Roaming\Adobe
2016-01-03 01:40 - 2015-07-10 11:06 - 00826872 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 01:40 - 2015-07-10 11:06 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some files in TEMP:
====================
C:\Users\johnm\AppData\Local\Temp\jansi-64-1579013872543991892.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-1673261130576460891.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-2217682336927534784.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-3299224844860229834.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-3447682095957418723.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-4706826664299954993.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-5221867679579328582.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-5507312114902318525.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-5777870822038847559.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-6340393913750294737.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-6915792775422739861.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-7132066914189789155.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-921987982591810221.dll
C:\Users\johnm\AppData\Local\Temp\sqlite3.dll
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-02-01 15:45
 
==================== End of FRST.txt ============================

Attached Files



#4 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:56 AM

Posted 02 February 2016 - 12:23 PM

Did you run the new AdwCleaner before running the new FRST scan? If you did, please send the log. I have to leave for a while but will reply later.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 BlueSierra

BlueSierra
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 02 February 2016 - 12:42 PM

Hi Satchfan - yep sorry - here's the AdwCleaner log

 

# AdwCleaner v5.032 - Logfile created 02/02/2016 at 15:41:36
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : johnm - DESKTOP-M6P0IF8
# Running from : C:\Users\johnm\Downloads\adwcleaner_5.032.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default\searchplugins\default.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVcg0NBAAUERgScgtZTA1JEVMOIlhdUBQVGFYQIQ1dUw1HFwwFIk0FA18DB0VXfWFoKB8fHGZGIUtbCXIfTkI=");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1085 bytes] ##########
 



#6 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:56 AM

Posted 02 February 2016 - 04:07 PM

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.


HKU\S-1-5-21-2779425049-1141099686-2853734179-1001\...\Run: [AdobeBridge] => [X]
FF Extension: Search Know - C:\Users\johnm\AppData\Roaming\Mozilla\Firefox\Profiles\9y2pb548.default\Extensions\{5e315a4a-641e-496c-8b99-fb9475b4abb2}.xpi [2016-01-30] [not signed]
2016-02-02 15:50 - 2015-12-20 22:37 - 00000000 ____D C:\Program Files (x86)\360
2016-02-02 00:59 - 2015-12-22 20:18 - 00000000 __SHD C:\ProgramData\360Quarant
2016-02-02 00:59 - 2015-12-22 20:18 - 00000000 __SHD C:\$360Section
2016-01-17 00:40 - 2015-12-09 22:40 - 00004322 _____ C:\windows\System32\Tasks\Open URL by RoboForm
C:\Users\johnm\AppData\Local\Temp\jansi-64-1579013872543991892.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-1673261130576460891.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-2217682336927534784.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-3299224844860229834.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-3447682095957418723.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-4706826664299954993.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-5221867679579328582.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-5507312114902318525.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-5777870822038847559.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-6340393913750294737.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-6915792775422739861.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-7132066914189789155.dll
C:\Users\johnm\AppData\Local\Temp\jansi-64-921987982591810221.dll
C:\Users\johnm\AppData\Local\Temp\sqlite3.dll
Task: {0BB725E0-2FFD-474A-BC45-EDDB516D3BB1} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJKMHMKMPMIMLMLMCNJMLMGMOJCNLMOJGMMMCNNJPMKMGMCNGMOMNJMJGMGMIMJMGMOJHMKJJNJICMIMCNGMCNOMIMFMOMOMCNPMCNOMPMNMLMPMFMPMCNPMCNOMPMNMLMPMCNNMJNPICMPMFMOMNMKJPMOMFMMMHMJNHICMOMNMKJPMOMJNBJCMFJAJHJBJPNIJDJGIBJBJJNKJCMCJNIIJDJGIBJBJGIPLIJCJOJGJDJBNMJAJCJJNNICMIJAJAJIJDJKJJNDJCMKJBJJNMJCMMMFMOMJMKMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
C:\Program Files (x86)\Siber Systems\AI RoboForm
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Logs to include with next post:

Fixlog.txt

Thanks
Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 BlueSierra

BlueSierra
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 02 February 2016 - 04:36 PM

Hi Satchfan - Fixlog.txt attached.

 

thanks

 

John

Attached Files



#8 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:56 AM

Posted 02 February 2016 - 06:11 PM

Thanks for the logs.

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Logs to include with the next post:

Mbam.txt
checkup.txt


Can you tell me if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 BlueSierra

BlueSierra
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 02 February 2016 - 07:08 PM

Hi Satchfan

 

Mban and Checkup logs attached.

MBAM didn't ask for a reboot.

 

Opened Firefox and seems ok  - no redirect.

 

I will restart and check Firefox again.

 

Thanks

 

John

Attached Files



#10 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:56 AM

Posted 02 February 2016 - 07:18 PM

Multiple antiviruses

You have AVG and Windows Defender antivirus programs running.

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

I would suggest you uninstall AVG as Windows Defender is more effective and less intrusive but, it is your choice.

If you uninstalled AVG there will still be some remnants on your computer even after the uninstall so please download and run AVG Removal Tool from here.

If there are no remaining problems I’ll send you instructions to tidy up.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 BlueSierra

BlueSierra
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 02 February 2016 - 07:39 PM

Hi Satchfan - restarted laptop. Opened Firefox - homepage is now Mozilla Start page (was searchinterneat etc) and Google search behaves normally.

Malwarebytes is not giving warning as it was previously.

 

Thankyou very, very,  much - all seems to be back to working order again.

 

Thanks for your help - more importantly - do you think that's resolved it ?

 

John
 



#12 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:56 AM

Posted 02 February 2016 - 07:47 PM

do you think that's resolved it ?
Yep. :bananas:

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner
  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe
 

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.

  • download CryptoPrevent
  • save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
  • you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
  • you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
  • click OK to continue and select your protection level. Go ahead and click OK.
  • click the Apply button to set Default protection
  • you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 BlueSierra

BlueSierra
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 02 February 2016 - 08:01 PM

Hi Satchfan.

 

Many thanks for your expert advice. Greatly appreciated. Thanks for the cleanup advice - I'll work through that tomorrow.

 

Can I just ask about creating an image file of my clean system ? Would that restore back to pre-infected condition if need be ? All my data is backed up to an external  seperate hard drive so that would be easy to restore.

 

thanks again.

 

BlueSierra



#14 satchfan

satchfan

  • Malware Response Team
  • 2,859 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:56 AM

Posted 02 February 2016 - 08:20 PM

Many thanks for your expert advice. Greatly appreciated. Thanks for the cleanup advice

You're welcome.

 

Can I just ask about creating an image file of my clean system ?

Have a look at this article.

 

Take care

 

Nina


Edited by satchfan, 02 February 2016 - 08:20 PM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 BlueSierra

BlueSierra
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 03 February 2016 - 05:23 PM

Hi Satchfan - I just found that Spotify has been blocked by the administrator ....... can I unblock it please ?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users