Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Herdprotect found stuff but AVG free, MB, Spybot did not. Do I remove items?


  • This topic is locked This topic is locked
73 replies to this topic

#1 trashywoman

trashywoman

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:06:59 AM

Posted 17 February 2016 - 06:05 AM

Here is what I posted last night about problems I am having. I have attached the FRST and ADDITION logs as well as the Herdprotect Log identifying the files.

AVG scanned again and no detection. I use all the suggested programs as well as not opening odd emails. I did switch from paid AVG to Free AVG a few days ago and that seems like when it got worse.

 

I have been having some problems with PCKEEPER popups but it isn't installed on my pc. Last week someone told me the popup was probably being "triggered by a re-targeting link" such as Photobucket, which is what site it would show up on. Searched online and found a solution and it worked...for a few days and now it's back again.

 

Also since then, computer is doing the cannot display webpage more and more often, not responding to mouse clicks so I knew something was going on. Forgot to mention memory is running really high and have gotten RAM message when trying to save a Word document but I have plenty of memory. Several svchosts run at once, tried stopping some autorun programs to see if that would help but not really.

 

Today, I ran Herdprotect and it came up with 5 files with 3 different issues. I saved the log and did not remove the items because I wanted to make sure they were not false positives because the all had the Win32 in their name and didn't want to mess up computer. Really didn't find anything I could understand online so left them alone and ran AVG free, Malwarebytes and Spybot. They found nothing. So I need someone to look at the names of these files and tell me if I should delete them, please.

 

BUT...in prepping for this post, I did the FRST scan and looked at results. I have the logs for it saved. Really don't understand any of it except all the arrows pointing to many files and the words ATTENTION next to it so I think I am in full blown messed up mode. Thanks ahead of time for the help.

 

Regina

 

I have an HP p7-1380t running

Windows 7 Home Premium

SP1, 64 bit, all updated.

 

Link to first posting in other forum

http://www.bleepingcomputer.com/forums/t/605646/herdprotect-found-stuff-but-avg-free-mb-spybot-did-not-do-i-remove-items/

 

Attached Files


Edited by trashywoman, 17 February 2016 - 06:08 AM.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,665 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:59 PM

Posted 17 February 2016 - 06:39 AM

Hello trashywoman and welcome to Bleeping Computer.

 

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and post the new log.

 

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt


Thanks

Satchfan
 


Edited by satchfan, 17 February 2016 - 06:43 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:06:59 AM

Posted 17 February 2016 - 06:42 AM

Running scans. Do I paste the logs here or attach them?



#4 satchfan

satchfan

  • Malware Response Team
  • 2,665 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:59 PM

Posted 17 February 2016 - 06:46 AM

Just post them.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:06:59 AM

Posted 17 February 2016 - 06:47 AM

# AdwCleaner v5.034 - Logfile created 17/02/2016 at 05:43:09
# Updated 16/02/2016 by Xplode
# Database : 2016-02-16.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Transfer - REGINA
# Running from : C:\Users\Transfer\Desktop\adwcleaner_5.034.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg

***** [ Files ] *****

File Found : C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_floipahigmmkfhkoapmnijnlnboniglg_0.localstorage

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}

***** [ Web browsers ] *****

[C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1419 bytes] ##########



#6 satchfan

satchfan

  • Malware Response Team
  • 2,665 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:59 PM

Posted 17 February 2016 - 06:57 AM

I realise that you are keen to clear up your problem but please slow down and read the instructions fully before you proceed.

You didn’t choose “clean” as per the instructions. Please re-run AdwCleaner and when the results are produced, select Clean. If it asks to reboot, allow the reboot

Please do not run FRST again until that is done.

Thanks


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:06:59 AM

Posted 17 February 2016 - 07:31 AM

Sorry, realized that as soon as I did it. And yes, in a tizzy because of this mess.

So here are the logs again. And I did not do "fix" on FRST.

 

# AdwCleaner v5.034 - Logfile created 17/02/2016 at 05:52:45
# Updated 16/02/2016 by Xplode
# Database : 2016-02-16.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Transfer - REGINA
# Running from : C:\Users\Transfer\Desktop\adwcleaner_5.034.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg

***** [ Files ] *****

[-] File Deleted : C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_floipahigmmkfhkoapmnijnlnboniglg_0.localstorage

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}

***** [ Web browsers ] *****

[-] [C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1553 bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by Transfer (Administrator) on Wed 02/17/2016 at  6:08:41.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 4

Failed to delete: C:\Users\Transfer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5V1TERKW (Folder)
Successfully deleted: C:\Users\Transfer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26KS53TP (Folder)
Successfully deleted: C:\Users\Transfer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFI1S031 (Folder)
Successfully deleted: C:\Users\Transfer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFL6LG98 (Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/17/2016 at  6:13:30.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Transfer (administrator) on REGINA (17-02-2016 06:02:15)
Running from C:\Users\Transfer\Downloads
Loaded Profiles: Transfer (Available Profiles: Regina & Transfer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1065680 2015-05-29] (Carbonite, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-926090934-439431683-2122779614-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-926090934-439431683-2122779614-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\SysWOW64\GPhotos.scr [4575232 2015-02-13] (Google Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C7280DC0-4219-44E7-8134-36008D27B9A4}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-926090934-439431683-2122779614-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-926090934-439431683-2122779614-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-926090934-439431683-2122779614-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {79563D26-64E1-4463-B559-172EDDB200C6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {9149D15A-201F-4A7B-98B5-B8403BC0B794} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {9149D15A-201F-4A7B-98B5-B8403BC0B794} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&rlz=1I7GGNI_enUS528
SearchScopes: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&rlz=1I7GGNI_enUS528
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-13]
CHR Extension: (Google Search) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-16]
CHR Extension: (Winter Chills) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjciefciokhnhkflkjnkcooigcbpgdhe [2016-02-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-23]
CHR Extension: (Highlight Keywords for Google Search) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhahncknpppipmgjchbbhehkfglelepf [2016-02-08]
CHR Extension: (Google Wallet) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-16]
CHR Extension: (Gmail) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware2\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4429664 2016-01-19] (SurfRight B.V.)
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S4 WebUpdate4; C:\windows\SysWOW64\WebUpdateSvc4.exe [412776 2013-11-25] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2014-01-13] (AVG Technologies)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [38400 2014-12-15] (CSR plc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 farflt; C:\windows\system32\drivers\farflt.sys [56704 2016-02-07] (Malwarebytes)
R3 hmpalert; C:\windows\system32\drivers\hmpalert.sys [176464 2016-01-19] (SurfRight B.V.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 PSMNBUS; C:\Windows\System32\DRIVERS\PSMNBUS.sys [106096 2013-05-21] (DEVGURU Co., LTD.)
S3 PSMNMDM; C:\Windows\System32\DRIVERS\PSMNMDM.sys [184048 2013-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNVSP; C:\Windows\System32\DRIVERS\PSMNVSP.sys [184048 2013-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware2\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware2\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 hmpnet; system32\drivers\hmpnet.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-17 05:56 - 2016-02-17 06:01 - 00000000 ____D C:\Users\Transfer\Desktop\cleaning logs
2016-02-17 05:54 - 2016-02-17 05:54 - 00016384 _____ C:\windows\SysWOW64\�Ǩ
2016-02-17 05:41 - 2016-02-17 05:41 - 01609032 _____ (Malwarebytes) C:\Users\Transfer\Desktop\JRT.exe
2016-02-17 05:40 - 2016-02-17 05:41 - 01511936 _____ C:\Users\Transfer\Desktop\adwcleaner_5.034.exe
2016-02-17 04:32 - 2016-02-17 04:32 - 00016384 _____ C:\windows\SysWOW64\��n
2016-02-16 20:08 - 2016-02-17 05:05 - 00106542 _____ C:\Users\Transfer\Desktop\FRST.txt
2016-02-16 20:08 - 2016-02-17 05:05 - 00047022 _____ C:\Users\Transfer\Desktop\Addition.txt
2016-02-16 19:59 - 2016-02-16 20:01 - 00047022 _____ C:\Users\Transfer\Downloads\Addition.txt
2016-02-16 19:57 - 2016-02-17 06:02 - 00034547 _____ C:\Users\Transfer\Downloads\FRST.txt
2016-02-16 19:57 - 2016-02-17 06:02 - 00000000 ____D C:\FRST
2016-02-16 19:56 - 2016-02-16 19:56 - 02370560 _____ (Farbar) C:\Users\Transfer\Downloads\FRST64.exe
2016-02-16 19:07 - 2016-02-17 05:04 - 00019751 _____ C:\Users\Transfer\Desktop\HERDPROTECTScan_2016-2-16-19-5.txt
2016-02-15 20:36 - 2016-02-15 20:47 - 00003326 _____ C:\windows\System32\Tasks\PinItAutoUpdate
2016-02-15 20:36 - 2016-02-15 20:36 - 00000000 ____D C:\Program Files (x86)\Pinterest
2016-02-15 18:17 - 2016-02-15 18:17 - 00141340 _____ C:\Users\Transfer\Downloads\2016-FinancialSummary.pdf
2016-02-15 05:15 - 2016-02-15 05:15 - 00016384 _____ C:\windows\SysWOW64\�˹
2016-02-15 04:18 - 2016-02-15 04:18 - 08267997 _____ C:\Users\Transfer\Downloads\gsmartcontrol-0.8.7.exe
2016-02-13 07:15 - 2016-02-13 07:15 - 04728048 _____ () C:\Users\Transfer\Downloads\adblockplusie-1.0.exe
2016-02-13 05:43 - 2016-01-22 14:31 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-02-13 05:43 - 2016-01-22 14:10 - 00341200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-02-13 05:43 - 2016-01-22 00:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-02-13 05:43 - 2016-01-22 00:41 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-02-13 05:43 - 2016-01-22 00:40 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-02-13 05:43 - 2016-01-22 00:32 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-02-13 05:43 - 2016-01-22 00:27 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-02-13 05:43 - 2016-01-22 00:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-02-13 05:43 - 2016-01-22 00:09 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-02-13 05:43 - 2016-01-22 00:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-02-13 05:43 - 2016-01-22 00:02 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-02-13 05:43 - 2016-01-22 00:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-02-13 05:43 - 2016-01-22 00:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-02-13 05:43 - 2016-01-22 00:01 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-02-13 05:43 - 2016-01-22 00:00 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-02-13 05:43 - 2016-01-21 23:55 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-02-13 05:43 - 2016-01-21 23:55 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-02-13 05:43 - 2016-01-21 23:51 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-02-13 05:43 - 2016-01-21 23:51 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-02-13 05:43 - 2016-01-21 23:48 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-02-13 05:43 - 2016-01-21 23:47 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-02-13 05:43 - 2016-01-21 23:46 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-02-13 05:43 - 2016-01-21 23:43 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-02-13 05:43 - 2016-01-21 23:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-13 05:43 - 2016-01-21 23:38 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-02-13 05:43 - 2016-01-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-02-13 05:43 - 2016-01-21 23:34 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-02-13 05:43 - 2016-01-21 23:33 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-02-13 05:43 - 2016-01-21 23:25 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-02-13 05:43 - 2016-01-21 23:24 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-02-13 05:43 - 2016-01-21 23:08 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-02-13 05:43 - 2016-01-21 23:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-02-13 05:42 - 2016-02-06 04:48 - 25839104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-02-13 05:42 - 2016-02-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-02-13 05:42 - 2016-02-06 04:24 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-02-13 05:42 - 2016-02-06 04:11 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-02-13 05:42 - 2016-02-06 04:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-02-13 05:42 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-02-13 05:42 - 2016-02-06 03:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-02-13 05:42 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-02-13 05:42 - 2016-02-06 03:38 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-02-13 05:42 - 2016-02-06 03:37 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-02-13 05:42 - 2016-02-06 03:32 - 14458368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-02-13 05:42 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-02-13 05:42 - 2016-02-06 03:09 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-02-13 05:42 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-02-13 05:42 - 2016-01-22 00:40 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-02-13 05:42 - 2016-01-22 00:40 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-02-13 05:42 - 2016-01-22 00:40 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-02-13 05:42 - 2016-01-22 00:33 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-02-13 05:42 - 2016-01-22 00:29 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-02-13 05:42 - 2016-01-22 00:27 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-02-13 05:42 - 2016-01-22 00:27 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-02-13 05:42 - 2016-01-22 00:17 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-02-13 05:42 - 2016-01-22 00:05 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-02-13 05:42 - 2016-01-22 00:04 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-02-13 05:42 - 2016-01-22 00:01 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-02-13 05:42 - 2016-01-22 00:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-02-13 05:42 - 2016-01-21 23:50 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-02-13 05:42 - 2016-01-21 23:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-02-13 05:42 - 2016-01-21 23:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-02-13 05:42 - 2016-01-21 23:35 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-02-13 05:42 - 2016-01-21 23:31 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-02-13 05:42 - 2016-01-21 23:27 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-02-13 05:42 - 2016-01-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-02-13 05:42 - 2016-01-21 23:07 - 02120704 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-02-13 05:41 - 2016-01-22 00:27 - 05573056 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-02-13 05:41 - 2016-01-22 00:27 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-02-13 05:41 - 2016-01-22 00:27 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-02-13 05:41 - 2016-01-22 00:24 - 01733592 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-02-13 05:41 - 2016-01-22 00:19 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-02-13 05:41 - 2016-01-22 00:19 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-02-13 05:41 - 2016-01-22 00:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-02-13 05:41 - 2016-01-22 00:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-02-13 05:41 - 2016-01-22 00:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-02-13 05:41 - 2016-01-22 00:18 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-02-13 05:41 - 2016-01-22 00:17 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-02-13 05:41 - 2016-01-22 00:17 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-02-13 05:41 - 2016-01-22 00:17 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-02-13 05:41 - 2016-01-22 00:16 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-02-13 05:41 - 2016-01-22 00:16 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-02-13 05:41 - 2016-01-22 00:16 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-02-13 05:41 - 2016-01-22 00:15 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-02-13 05:41 - 2016-01-22 00:15 - 00730112 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-02-13 05:41 - 2016-01-22 00:15 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-02-13 05:41 - 2016-01-22 00:13 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-02-13 05:41 - 2016-01-22 00:13 - 03938752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-02-13 05:41 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-02-13 05:41 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-02-13 05:41 - 2016-01-22 00:13 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00880128 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:09 - 01314328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-02-13 05:41 - 2016-01-22 00:05 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-02-13 05:41 - 2016-01-22 00:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-02-13 05:41 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-02-13 05:41 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00114176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00642560 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-02-13 05:41 - 2016-01-21 23:07 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-02-13 05:41 - 2016-01-21 23:07 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-02-13 05:41 - 2016-01-21 23:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-02-13 05:41 - 2016-01-21 22:59 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-02-13 05:41 - 2016-01-21 22:58 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-02-13 05:41 - 2016-01-21 22:58 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-02-13 05:41 - 2016-01-21 22:57 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-02-13 05:41 - 2016-01-21 22:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-02-13 05:41 - 2016-01-21 22:53 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-02-13 05:41 - 2016-01-21 22:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-02-13 05:41 - 2016-01-21 22:53 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-02-13 05:41 - 2016-01-21 22:53 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-02-13 05:41 - 2016-01-21 22:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-02-13 05:41 - 2016-01-21 22:51 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 22:51 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 22:51 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 22:51 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-13 05:41 - 2016-01-16 13:01 - 02085888 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-02-13 05:41 - 2016-01-07 11:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-02-13 05:41 - 2016-01-06 13:02 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-02-13 05:41 - 2016-01-06 13:02 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-02-13 05:41 - 2016-01-06 12:41 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-02-13 05:41 - 2015-12-20 12:50 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-02-13 05:41 - 2015-12-20 12:50 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-02-13 05:41 - 2015-12-20 08:08 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-02-13 05:40 - 2016-01-16 12:36 - 01413632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-02-13 05:39 - 2016-01-07 11:53 - 03211776 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-02-13 05:22 - 2016-02-13 05:22 - 00016384 _____ C:\windows\SysWOW64\��2
2016-02-12 07:14 - 2016-02-12 07:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-12 07:13 - 2016-02-12 07:13 - 00000000 ___HD C:\$AVG
2016-02-12 07:10 - 2016-02-12 07:10 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-12 07:10 - 2016-02-12 07:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-12 07:08 - 2016-02-12 07:12 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-12 07:07 - 2016-02-12 07:15 - 00000000 ____D C:\Users\Transfer\AppData\Local\Avg
2016-02-12 07:07 - 2016-02-12 07:10 - 00000000 ____D C:\Users\Transfer\AppData\Local\AvgSetupLog
2016-02-12 06:42 - 2016-02-12 06:42 - 00016384 _____ C:\windows\SysWOW64\��I
2016-02-10 15:46 - 2016-02-10 15:46 - 00016384 _____ C:\windows\SysWOW64\��c
2016-02-08 14:28 - 2016-02-08 14:28 - 00083149 _____ C:\Users\Transfer\Desktop\CALENDAR WITH WEEKS.pdf
2016-02-08 05:39 - 2016-02-08 05:39 - 00016384 _____ C:\windows\SysWOW64\�ˌ
2016-02-07 11:34 - 2016-02-07 11:34 - 00016384 _____ C:\windows\SysWOW64\�ˀ
2016-02-07 08:28 - 2016-02-07 08:30 - 00000000 ____D C:\Users\Transfer\Documents\MAIL CONTACTS SAVED
2016-02-07 07:44 - 2016-02-07 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-02-07 07:44 - 2016-02-07 07:44 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-02-07 07:42 - 2016-02-07 07:42 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-02-07 07:42 - 2016-02-07 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-02-07 07:41 - 2016-02-07 07:42 - 00000000 ____D C:\Program Files\iTunes
2016-02-07 07:41 - 2016-02-07 07:41 - 00000000 ____D C:\Program Files\iPod
2016-02-07 07:41 - 2016-02-07 07:41 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-02-07 07:39 - 2016-02-07 07:39 - 00000000 ____D C:\windows\System32\Tasks\Apple
2016-02-07 07:39 - 2016-02-07 07:39 - 00000000 ____D C:\Program Files\Bonjour
2016-02-07 07:39 - 2016-02-07 07:39 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-02-07 07:39 - 2016-02-07 07:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-02-06 23:18 - 2016-02-07 11:35 - 00056704 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2016-02-06 23:18 - 2016-02-06 23:18 - 00000000 ____D C:\Program Files\Malwarebytes
2016-02-06 23:16 - 2016-02-06 23:16 - 03007700 _____ C:\Users\Transfer\Downloads\revouninstaller.zip
2016-02-06 22:21 - 2016-02-06 22:21 - 01508352 _____ C:\Users\Transfer\Downloads\AdwCleaner.exe
2016-02-06 21:58 - 2016-02-06 21:58 - 00003286 _____ C:\windows\System32\Tasks\{9CED0646-8DAF-4342-9245-D2FCEAA51EC0}
2016-02-06 21:55 - 2016-02-16 19:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-02-06 10:49 - 2016-02-06 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-06 10:49 - 2016-02-06 10:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-06 10:49 - 2016-02-06 10:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-02-06 10:42 - 2016-01-11 13:05 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-02-06 10:42 - 2016-01-11 13:05 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-02-06 10:42 - 2016-01-11 13:05 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-02-06 10:42 - 2016-01-11 12:52 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-02-06 10:42 - 2016-01-11 12:47 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-02-06 10:42 - 2016-01-11 12:26 - 02610176 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-02-06 10:42 - 2016-01-11 12:24 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-02-06 10:42 - 2016-01-11 12:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-02-06 10:42 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-02-06 10:42 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-02-06 10:42 - 2016-01-11 12:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-02-06 10:42 - 2016-01-11 12:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-02-06 10:42 - 2016-01-11 12:14 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-02-06 10:42 - 2016-01-11 12:14 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-02-06 10:42 - 2016-01-11 12:14 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-02-06 10:42 - 2016-01-11 12:14 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-02-06 10:41 - 2016-01-22 00:19 - 14179840 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-02-06 10:41 - 2016-01-22 00:15 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-02-06 10:41 - 2016-01-22 00:12 - 01940992 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-02-06 10:41 - 2016-01-22 00:05 - 12877824 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-02-06 10:41 - 2016-01-22 00:00 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-02-06 10:41 - 2016-01-21 23:59 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-02-06 10:41 - 2016-01-21 23:19 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-02-06 10:41 - 2016-01-21 23:12 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-02-06 10:41 - 2016-01-16 13:06 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-02-06 10:41 - 2016-01-16 12:54 - 01162240 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-02-06 10:41 - 2016-01-11 08:08 - 01362944 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-02-06 10:41 - 2016-01-11 08:08 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-02-06 10:41 - 2016-01-11 08:08 - 00677376 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-02-06 10:41 - 2016-01-11 08:08 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-02-06 10:41 - 2016-01-11 08:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-02-06 10:05 - 2016-02-06 10:05 - 00016384 _____ C:\windows\SysWOW64\ ɀ
2016-02-03 22:39 - 2016-02-15 06:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-02-03 22:39 - 2016-02-15 06:02 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-02-03 21:26 - 2016-02-03 21:30 - 00000022 _____ C:\Users\Transfer\Desktop\Sent from Snipping Tool.zip
2016-02-03 15:08 - 2016-02-03 15:08 - 05446281 _____ C:\Users\Transfer\Desktop\floorplan.pdf
2016-02-02 21:19 - 2016-02-02 21:19 - 00016384 _____ C:\windows\SysWOW64\ ə
2016-02-02 16:55 - 2016-02-10 15:52 - 00002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-02 16:55 - 2016-02-10 15:52 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-01 14:47 - 2016-02-01 14:47 - 32243088 _____ (Microsoft Corporation) C:\Users\Transfer\Downloads\EIE11_EN-US_WOL_WIN7.EXE
2016-01-31 18:44 - 2016-01-31 18:44 - 00000000 ____D C:\Users\Transfer\AppData\Local\CEF
2016-01-31 18:35 - 2016-01-31 18:35 - 00016384 _____ C:\windows\SysWOW64\�ȭ
2016-01-31 15:47 - 2016-01-29 17:14 - 00000027 _____ C:\windows\system32\Drivers\etc\hosts.20160131-154708.backup
2016-01-31 14:53 - 2016-01-31 14:53 - 00000000 ____D C:\Users\Transfer\Documents\ProcAlyzer Dumps
2016-01-30 19:01 - 2016-01-30 19:02 - 40044345 _____ C:\Users\Transfer\Downloads\canon-inst-8-10-4a-24-r2-u01-9l.zip
2016-01-30 18:53 - 2016-01-30 18:53 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\CANON INC
2016-01-29 17:18 - 2016-01-29 17:18 - 00032878 _____ C:\ComboFix.txt
2016-01-29 17:02 - 2011-06-26 00:45 - 00256000 _____ C:\windows\PEV.exe
2016-01-29 17:02 - 2010-11-07 11:20 - 00208896 _____ C:\windows\MBR.exe
2016-01-29 17:02 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2016-01-29 17:02 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2016-01-29 17:02 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2016-01-29 17:02 - 2000-08-30 18:00 - 00098816 _____ C:\windows\sed.exe
2016-01-29 17:02 - 2000-08-30 18:00 - 00080412 _____ C:\windows\grep.exe
2016-01-29 17:02 - 2000-08-30 18:00 - 00068096 _____ C:\windows\zip.exe
2016-01-29 16:35 - 2016-01-29 16:35 - 00000000 ____D C:\SUPERDelete
2016-01-29 06:30 - 2016-01-29 06:31 - 55915216 _____ (Microsoft Corporation) C:\Users\Transfer\Downloads\IE11-Windows6.1-x64-en-us.exe
2016-01-23 13:08 - 2016-01-23 14:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-23 13:07 - 2016-01-23 14:26 - 00000000 ____D C:\Users\Transfer\Desktop\mbar
2016-01-23 13:06 - 2016-01-23 13:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Transfer\Downloads\mbar-1.09.3.1001.exe
2016-01-23 12:42 - 2016-01-29 17:18 - 00000000 ____D C:\Qoobox
2016-01-23 12:42 - 2016-01-29 17:15 - 00000000 ____D C:\windows\erdnt
2016-01-22 15:15 - 2016-01-22 15:15 - 00260528 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2016-01-21 18:07 - 2016-01-21 18:07 - 00002609 _____ C:\Users\Transfer\Downloads\Export.Zip
2016-01-21 15:32 - 2016-01-21 15:34 - 00000000 ____D C:\Users\Transfer\Desktop\Master gardener
2016-01-21 03:02 - 2016-01-21 03:02 - 00016384 _____ C:\windows\SysWOW64\ ��
2016-01-20 08:01 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-01-20 08:01 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-01-20 08:01 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-20 08:01 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-01-20 08:01 - 2015-12-08 15:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-01-20 08:01 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-01-20 08:01 - 2015-12-08 15:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 01393152 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-01-20 08:01 - 2015-12-08 13:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-01-20 08:01 - 2015-12-08 13:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-20 08:01 - 2015-12-08 13:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-01-20 08:01 - 2015-12-08 13:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-01-20 08:01 - 2015-12-08 12:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-01-20 08:01 - 2015-12-08 12:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-01-20 08:01 - 2015-12-08 12:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-01-20 08:01 - 2015-11-16 14:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-20 08:01 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2016-01-20 08:01 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2016-01-20 08:01 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2016-01-20 08:01 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2016-01-20 08:01 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2016-01-20 08:01 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2016-01-20 08:01 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2016-01-20 08:01 - 2015-10-01 12:06 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-01-20 08:01 - 2015-10-01 12:04 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-01-20 08:01 - 2015-10-01 12:00 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-01-20 08:01 - 2015-10-01 12:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-01-20 08:01 - 2015-10-01 12:00 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-01-20 08:01 - 2015-10-01 12:00 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-01-20 08:01 - 2015-10-01 12:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-01-20 08:01 - 2015-10-01 11:50 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-01-20 08:01 - 2015-10-01 11:00 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-01-20 08:01 - 2015-07-22 18:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-01-20 08:01 - 2015-07-22 18:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2016-01-20 08:01 - 2015-07-22 11:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2016-01-20 08:01 - 2015-07-22 10:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-01-20 08:01 - 2015-07-15 12:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2016-01-20 08:01 - 2015-07-15 12:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2016-01-20 08:01 - 2015-07-15 12:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2016-01-20 08:00 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-20 08:00 - 2015-12-08 15:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-20 08:00 - 2015-12-08 13:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-20 08:00 - 2015-12-08 13:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-20 08:00 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-01-20 08:00 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-01-20 08:00 - 2015-11-13 17:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-01-20 08:00 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-01-20 08:00 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-01-20 08:00 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
2016-01-20 08:00 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2016-01-20 08:00 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2016-01-20 08:00 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2016-01-20 08:00 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2016-01-20 08:00 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2016-01-20 08:00 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2016-01-20 08:00 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-01-20 08:00 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2016-01-20 08:00 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-01-20 08:00 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2016-01-20 08:00 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2016-01-20 08:00 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-01-20 08:00 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-01-20 08:00 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2016-01-20 08:00 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2016-01-20 08:00 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2016-01-20 08:00 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2016-01-20 08:00 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2016-01-20 08:00 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2016-01-20 08:00 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2016-01-20 08:00 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2016-01-20 08:00 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-01-20 08:00 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-01-20 08:00 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-01-20 08:00 - 2015-08-27 12:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2016-01-20 08:00 - 2015-08-27 12:18 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-01-20 08:00 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2016-01-20 08:00 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-01-20 08:00 - 2015-08-27 11:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2016-01-20 08:00 - 2015-08-27 11:58 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-01-20 08:00 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2016-01-20 08:00 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-01-20 08:00 - 2015-08-05 11:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2016-01-20 08:00 - 2015-07-09 11:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2016-01-20 08:00 - 2015-07-09 11:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2016-01-20 08:00 - 2015-07-09 11:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2016-01-20 08:00 - 2015-07-09 11:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2016-01-20 08:00 - 2015-06-25 04:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-01-20 08:00 - 2015-06-25 04:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-01-20 07:52 - 2015-09-01 21:04 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-01-20 07:52 - 2015-09-01 21:04 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-01-20 07:52 - 2015-09-01 21:04 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-01-20 07:52 - 2015-09-01 21:04 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-01-20 07:52 - 2015-09-01 20:48 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-01-20 07:52 - 2015-09-01 20:48 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-01-20 07:52 - 2015-09-01 20:48 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-01-20 07:52 - 2015-09-01 20:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-01-20 07:52 - 2015-09-01 19:47 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-01-20 07:52 - 2015-09-01 19:33 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-01-20 06:41 - 2016-01-20 06:41 - 00016384 _____ C:\windows\SysWOW64\xȨ
2016-01-20 06:09 - 2015-12-16 12:55 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-01-20 06:09 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-01-20 06:09 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-01-20 06:09 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-01-20 06:09 - 2015-12-16 12:48 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2016-01-20 06:09 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2016-01-20 06:09 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2016-01-20 06:09 - 2015-12-16 12:47 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-01-20 06:09 - 2015-12-16 08:38 - 00419928 _____ C:\windows\SysWOW64\locale.nls
2016-01-20 06:09 - 2015-12-16 08:37 - 00419928 _____ C:\windows\system32\locale.nls
2016-01-20 06:09 - 2015-08-05 11:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2016-01-20 06:09 - 2015-08-05 11:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-01-20 05:12 - 2016-01-20 05:12 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\Sun
2016-01-20 05:12 - 2016-01-20 05:12 - 00000000 ____D C:\Users\Transfer\.oracle_jre_usage
2016-01-20 05:02 - 2016-01-20 05:02 - 00016384 _____ C:\windows\SysWOW64\@�=
2016-01-19 21:51 - 2016-01-19 21:51 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-19 21:51 - 2016-01-19 21:51 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-17 06:00 - 2016-01-14 20:21 - 00001081 _____ C:\Users\Transfer\Desktop\JRT.txt
2016-02-17 05:54 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-17 05:52 - 2015-03-12 10:32 - 00000000 ____D C:\AdwCleaner
2016-02-17 05:52 - 2014-01-13 11:39 - 00000000 ____D C:\ProgramData\MFAData
2016-02-17 04:49 - 2015-03-24 12:30 - 00000000 ____D C:\Users\Transfer\EMAIL STORAGE
2016-02-17 04:42 - 2009-07-13 22:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-17 04:42 - 2009-07-13 22:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-17 04:38 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2016-02-17 04:32 - 2015-03-23 21:23 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2016-02-16 19:34 - 2013-03-19 13:40 - 00000000 ____D C:\Users\Regina
2016-02-16 18:29 - 2014-05-22 03:47 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-16 15:20 - 2014-05-29 08:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-16 15:20 - 2014-01-06 17:51 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\TeamViewer
2016-02-16 15:20 - 2013-03-20 18:07 - 00000000 ____D C:\Users\Transfer\AppData\Local\CrashDumps
2016-02-16 15:19 - 2014-11-15 06:54 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-16 10:26 - 2016-01-09 21:54 - 00003930 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{F668C72C-529A-40C8-B61E-2D034B452B16}
2016-02-15 22:50 - 2013-02-24 20:01 - 00000000 ____D C:\Users\Transfer\Documents\1nursery information
2016-02-15 17:24 - 2013-03-20 17:51 - 00000000 ____D C:\Users\Transfer\AppData\Local\ElevatedDiagnostics
2016-02-15 16:07 - 2009-07-13 23:13 - 00796934 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-15 06:02 - 2013-05-04 20:20 - 00000000 ____D C:\ProgramData\Adobe
2016-02-15 05:13 - 2016-01-06 10:52 - 00007629 _____ C:\Users\Transfer\AppData\Local\Resmon.ResmonCfg
2016-02-13 14:31 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2016-02-13 06:38 - 2014-02-12 10:43 - 00367280 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-13 06:35 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-13 05:58 - 2013-08-14 02:01 - 00000000 ____D C:\windows\system32\MRT
2016-02-13 05:51 - 2013-03-20 18:30 - 146614896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-02-12 07:15 - 2015-06-30 08:27 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-12 07:15 - 2014-02-06 13:18 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\AVG
2016-02-12 07:13 - 2014-02-06 13:16 - 00000000 ____D C:\ProgramData\AVG
2016-02-08 04:57 - 2013-03-12 13:15 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-02-07 08:33 - 2013-04-13 17:24 - 00019968 ___SH C:\Users\Transfer\Thumbs.db
2016-02-07 07:41 - 2013-04-28 17:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-02-07 07:39 - 2013-05-09 09:53 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-02-06 23:18 - 2013-05-07 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-06 11:06 - 2014-12-10 22:46 - 00000000 ____D C:\windows\system32\appraiser
2016-02-06 11:06 - 2014-04-23 03:38 - 00000000 ___SD C:\windows\system32\CompatTel
2016-02-06 10:46 - 2011-02-11 11:15 - 00789056 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-02-03 22:40 - 2014-08-20 12:55 - 00000000 ____D C:\Users\Transfer\AppData\Local\Adobe
2016-02-03 22:39 - 2013-08-20 08:23 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-03 22:22 - 2016-01-12 15:55 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-02 21:19 - 2015-08-27 15:37 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0e110a3d52c2f.job
2016-02-02 21:19 - 2015-08-27 15:37 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e110a33cd41e.job
2016-02-02 21:07 - 2015-12-12 15:27 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-02-02 18:34 - 2013-06-28 21:46 - 00000000 ____D C:\Users\Transfer\Documents\My Garden Information
2016-02-02 16:55 - 2013-03-24 18:52 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-02 04:17 - 2015-08-27 15:37 - 00003906 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0e110a3d52c2f
2016-02-02 04:17 - 2015-08-27 15:37 - 00003654 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0e110a33cd41e
2016-02-02 04:15 - 2015-01-07 17:12 - 00000000 ____D C:\windows\pss
2016-01-31 21:10 - 2013-03-18 06:56 - 00000000 ____D C:\Users\Transfer\Desktop\idea book
2016-01-31 21:02 - 2013-06-15 19:26 - 00000000 ____D C:\Users\Transfer\.gimp-2.8
2016-01-31 18:39 - 2014-02-11 21:15 - 00093088 _____ C:\Users\Transfer\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-31 18:32 - 2013-03-20 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-31 18:32 - 2013-03-20 18:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-01-31 18:30 - 2010-11-21 01:16 - 00000000 ____D C:\windows\ShellNew
2016-01-31 15:47 - 2009-07-13 20:34 - 00450099 ____R C:\windows\system32\Drivers\etc\hosts.20160216-193954.backup
2016-01-31 10:58 - 2013-03-24 12:25 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-30 18:53 - 2013-02-27 10:09 - 00000000 ____D C:\Users\Transfer\Documents\Canon Utilities
2016-01-29 17:18 - 2013-03-19 21:13 - 00000000 ____D C:\Users\Administrator
2016-01-29 17:14 - 2009-07-13 20:34 - 00000215 _____ C:\windows\system.ini
2016-01-29 06:43 - 2013-03-20 04:35 - 00001415 _____ C:\Users\Transfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-28 23:30 - 2013-03-27 13:02 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-01-28 23:11 - 2013-08-27 17:50 - 00000000 ____D C:\Users\Transfer\AppData\Local\PokerStars.NET
2016-01-28 23:11 - 2013-08-20 12:20 - 00000000 ____D C:\Users\Transfer\AppData\LocalLow\Adobe
2016-01-28 23:11 - 2013-04-28 17:27 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\Apple Computer
2016-01-28 23:11 - 2013-03-20 04:45 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\Adobe
2016-01-28 23:07 - 2014-06-05 07:45 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-28 23:07 - 2014-03-03 09:02 - 00000000 ____D C:\ProgramData\PTC
2016-01-28 23:07 - 2013-03-24 18:51 - 00000000 ____D C:\Users\Transfer\AppData\Local\Google
2016-01-28 23:07 - 2013-03-19 17:35 - 00000000 ____D C:\Users\Transfer\AppData\Local\Apple Computer
2016-01-28 23:07 - 2013-03-12 13:27 - 00000000 ____D C:\ProgramData\TouchSmartData
2016-01-28 23:05 - 2013-05-07 18:18 - 00000000 ____D C:\ProgramData\Blio
2016-01-28 23:05 - 2013-03-12 13:16 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-28 21:32 - 2009-07-13 23:32 - 00000000 ____D C:\windows\Downloaded Program Files
2016-01-23 13:07 - 2014-05-22 03:47 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-01-20 06:39 - 2009-07-13 21:20 - 00000000 ____D C:\windows\PolicyDefinitions
2016-01-20 06:13 - 2013-03-12 13:30 - 00001420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-01-20 05:13 - 2015-03-08 04:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-20 05:13 - 2013-12-31 19:01 - 00000000 ____D C:\ProgramData\Oracle
2016-01-20 05:12 - 2015-03-08 04:47 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-20 05:12 - 2013-05-06 10:46 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-20 05:12 - 2013-03-19 17:26 - 00000000 ____D C:\Users\Transfer
2016-01-20 05:02 - 2015-03-23 21:23 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2016-01-19 04:11 - 2015-03-23 21:23 - 00853200 _____ (SurfRight B.V.) C:\windows\system32\hmpalert.dll
2016-01-19 04:11 - 2015-03-23 21:23 - 00769744 _____ (SurfRight B.V.) C:\windows\SysWOW64\hmpalert.dll
2016-01-19 04:11 - 2015-03-23 21:23 - 00176464 _____ (SurfRight B.V.) C:\windows\system32\Drivers\hmpalert.sys

==================== Files in the root of some directories =======

2015-07-30 11:52 - 2015-07-30 11:52 - 0000850 _____ () C:\Users\Transfer\AppData\Local\recently-used.xbel
2016-01-06 10:52 - 2016-02-15 05:13 - 0007629 _____ () C:\Users\Transfer\AppData\Local\Resmon.ResmonCfg
2015-09-09 18:03 - 2015-09-28 11:09 - 2632704 _____ () C:\ProgramData\excalibur.db
2015-09-09 18:03 - 2015-09-09 18:03 - 0032768 _____ () C:\ProgramData\excalibur.db-shm
2015-09-09 18:03 - 2015-09-28 11:09 - 1058512 _____ () C:\ProgramData\excalibur.db-wal
2014-11-06 20:52 - 2014-11-06 20:52 - 0000272 _____ () C:\ProgramData\INSTALL_TOR.URL
2013-11-17 11:23 - 2013-11-17 11:23 - 0000104 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Transfer\hpothb07.dat

Some files in TEMP:
====================
C:\Users\Transfer\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-08 00:49

==================== End of FRST.txt ============================


Sorry, realized that as soon as I did it. And yes, in a tizzy because of this mess.

So here are the logs again. And I did not do "fix" on FRST.

 

# AdwCleaner v5.034 - Logfile created 17/02/2016 at 05:52:45
# Updated 16/02/2016 by Xplode
# Database : 2016-02-16.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Transfer - REGINA
# Running from : C:\Users\Transfer\Desktop\adwcleaner_5.034.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg

***** [ Files ] *****

[-] File Deleted : C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_floipahigmmkfhkoapmnijnlnboniglg_0.localstorage

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}

***** [ Web browsers ] *****

[-] [C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1553 bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by Transfer (Administrator) on Wed 02/17/2016 at  6:08:41.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 4

Failed to delete: C:\Users\Transfer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5V1TERKW (Folder)
Successfully deleted: C:\Users\Transfer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26KS53TP (Folder)
Successfully deleted: C:\Users\Transfer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFI1S031 (Folder)
Successfully deleted: C:\Users\Transfer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFL6LG98 (Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/17/2016 at  6:13:30.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Transfer (administrator) on REGINA (17-02-2016 06:02:15)
Running from C:\Users\Transfer\Downloads
Loaded Profiles: Transfer (Available Profiles: Regina & Transfer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1065680 2015-05-29] (Carbonite, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-926090934-439431683-2122779614-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-926090934-439431683-2122779614-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\SysWOW64\GPhotos.scr [4575232 2015-02-13] (Google Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C7280DC0-4219-44E7-8134-36008D27B9A4}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-926090934-439431683-2122779614-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-926090934-439431683-2122779614-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-926090934-439431683-2122779614-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {79563D26-64E1-4463-B559-172EDDB200C6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {9149D15A-201F-4A7B-98B5-B8403BC0B794} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {9149D15A-201F-4A7B-98B5-B8403BC0B794} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&rlz=1I7GGNI_enUS528
SearchScopes: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&rlz=1I7GGNI_enUS528
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-13]
CHR Extension: (Google Search) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-16]
CHR Extension: (Winter Chills) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjciefciokhnhkflkjnkcooigcbpgdhe [2016-02-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-23]
CHR Extension: (Highlight Keywords for Google Search) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhahncknpppipmgjchbbhehkfglelepf [2016-02-08]
CHR Extension: (Google Wallet) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-16]
CHR Extension: (Gmail) - C:\Users\Transfer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware2\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4429664 2016-01-19] (SurfRight B.V.)
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S4 WebUpdate4; C:\windows\SysWOW64\WebUpdateSvc4.exe [412776 2013-11-25] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2014-01-13] (AVG Technologies)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [38400 2014-12-15] (CSR plc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 farflt; C:\windows\system32\drivers\farflt.sys [56704 2016-02-07] (Malwarebytes)
R3 hmpalert; C:\windows\system32\drivers\hmpalert.sys [176464 2016-01-19] (SurfRight B.V.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 PSMNBUS; C:\Windows\System32\DRIVERS\PSMNBUS.sys [106096 2013-05-21] (DEVGURU Co., LTD.)
S3 PSMNMDM; C:\Windows\System32\DRIVERS\PSMNMDM.sys [184048 2013-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNVSP; C:\Windows\System32\DRIVERS\PSMNVSP.sys [184048 2013-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware2\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware2\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 hmpnet; system32\drivers\hmpnet.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-17 05:56 - 2016-02-17 06:01 - 00000000 ____D C:\Users\Transfer\Desktop\cleaning logs
2016-02-17 05:54 - 2016-02-17 05:54 - 00016384 _____ C:\windows\SysWOW64\�Ǩ
2016-02-17 05:41 - 2016-02-17 05:41 - 01609032 _____ (Malwarebytes) C:\Users\Transfer\Desktop\JRT.exe
2016-02-17 05:40 - 2016-02-17 05:41 - 01511936 _____ C:\Users\Transfer\Desktop\adwcleaner_5.034.exe
2016-02-17 04:32 - 2016-02-17 04:32 - 00016384 _____ C:\windows\SysWOW64\��n
2016-02-16 20:08 - 2016-02-17 05:05 - 00106542 _____ C:\Users\Transfer\Desktop\FRST.txt
2016-02-16 20:08 - 2016-02-17 05:05 - 00047022 _____ C:\Users\Transfer\Desktop\Addition.txt
2016-02-16 19:59 - 2016-02-16 20:01 - 00047022 _____ C:\Users\Transfer\Downloads\Addition.txt
2016-02-16 19:57 - 2016-02-17 06:02 - 00034547 _____ C:\Users\Transfer\Downloads\FRST.txt
2016-02-16 19:57 - 2016-02-17 06:02 - 00000000 ____D C:\FRST
2016-02-16 19:56 - 2016-02-16 19:56 - 02370560 _____ (Farbar) C:\Users\Transfer\Downloads\FRST64.exe
2016-02-16 19:07 - 2016-02-17 05:04 - 00019751 _____ C:\Users\Transfer\Desktop\HERDPROTECTScan_2016-2-16-19-5.txt
2016-02-15 20:36 - 2016-02-15 20:47 - 00003326 _____ C:\windows\System32\Tasks\PinItAutoUpdate
2016-02-15 20:36 - 2016-02-15 20:36 - 00000000 ____D C:\Program Files (x86)\Pinterest
2016-02-15 18:17 - 2016-02-15 18:17 - 00141340 _____ C:\Users\Transfer\Downloads\2016-FinancialSummary.pdf
2016-02-15 05:15 - 2016-02-15 05:15 - 00016384 _____ C:\windows\SysWOW64\�˹
2016-02-15 04:18 - 2016-02-15 04:18 - 08267997 _____ C:\Users\Transfer\Downloads\gsmartcontrol-0.8.7.exe
2016-02-13 07:15 - 2016-02-13 07:15 - 04728048 _____ () C:\Users\Transfer\Downloads\adblockplusie-1.0.exe
2016-02-13 05:43 - 2016-01-22 14:31 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-02-13 05:43 - 2016-01-22 14:10 - 00341200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-02-13 05:43 - 2016-01-22 00:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-02-13 05:43 - 2016-01-22 00:41 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-02-13 05:43 - 2016-01-22 00:40 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-02-13 05:43 - 2016-01-22 00:32 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-02-13 05:43 - 2016-01-22 00:27 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-02-13 05:43 - 2016-01-22 00:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-02-13 05:43 - 2016-01-22 00:09 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-02-13 05:43 - 2016-01-22 00:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-02-13 05:43 - 2016-01-22 00:02 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-02-13 05:43 - 2016-01-22 00:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-02-13 05:43 - 2016-01-22 00:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-02-13 05:43 - 2016-01-22 00:01 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-02-13 05:43 - 2016-01-22 00:00 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-02-13 05:43 - 2016-01-21 23:55 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-02-13 05:43 - 2016-01-21 23:55 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-02-13 05:43 - 2016-01-21 23:51 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-02-13 05:43 - 2016-01-21 23:51 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-02-13 05:43 - 2016-01-21 23:48 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-02-13 05:43 - 2016-01-21 23:47 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-02-13 05:43 - 2016-01-21 23:46 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-02-13 05:43 - 2016-01-21 23:43 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-02-13 05:43 - 2016-01-21 23:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-13 05:43 - 2016-01-21 23:38 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-02-13 05:43 - 2016-01-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-02-13 05:43 - 2016-01-21 23:34 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-02-13 05:43 - 2016-01-21 23:33 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-02-13 05:43 - 2016-01-21 23:25 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-02-13 05:43 - 2016-01-21 23:24 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-02-13 05:43 - 2016-01-21 23:08 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-02-13 05:43 - 2016-01-21 23:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-02-13 05:42 - 2016-02-06 04:48 - 25839104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-02-13 05:42 - 2016-02-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-02-13 05:42 - 2016-02-06 04:24 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-02-13 05:42 - 2016-02-06 04:11 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-02-13 05:42 - 2016-02-06 04:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-02-13 05:42 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-02-13 05:42 - 2016-02-06 03:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-02-13 05:42 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-02-13 05:42 - 2016-02-06 03:38 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-02-13 05:42 - 2016-02-06 03:37 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-02-13 05:42 - 2016-02-06 03:32 - 14458368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-02-13 05:42 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-02-13 05:42 - 2016-02-06 03:09 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-02-13 05:42 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-02-13 05:42 - 2016-01-22 00:40 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-02-13 05:42 - 2016-01-22 00:40 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-02-13 05:42 - 2016-01-22 00:40 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-02-13 05:42 - 2016-01-22 00:33 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-02-13 05:42 - 2016-01-22 00:29 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-02-13 05:42 - 2016-01-22 00:27 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-02-13 05:42 - 2016-01-22 00:27 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-02-13 05:42 - 2016-01-22 00:17 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-02-13 05:42 - 2016-01-22 00:05 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-02-13 05:42 - 2016-01-22 00:04 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-02-13 05:42 - 2016-01-22 00:01 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-02-13 05:42 - 2016-01-22 00:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-02-13 05:42 - 2016-01-21 23:50 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-02-13 05:42 - 2016-01-21 23:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-02-13 05:42 - 2016-01-21 23:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-02-13 05:42 - 2016-01-21 23:35 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-02-13 05:42 - 2016-01-21 23:31 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-02-13 05:42 - 2016-01-21 23:27 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-02-13 05:42 - 2016-01-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-02-13 05:42 - 2016-01-21 23:07 - 02120704 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-02-13 05:41 - 2016-01-22 00:27 - 05573056 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-02-13 05:41 - 2016-01-22 00:27 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-02-13 05:41 - 2016-01-22 00:27 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-02-13 05:41 - 2016-01-22 00:24 - 01733592 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-02-13 05:41 - 2016-01-22 00:20 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-02-13 05:41 - 2016-01-22 00:19 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-02-13 05:41 - 2016-01-22 00:19 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-02-13 05:41 - 2016-01-22 00:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-02-13 05:41 - 2016-01-22 00:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-02-13 05:41 - 2016-01-22 00:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-02-13 05:41 - 2016-01-22 00:18 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-02-13 05:41 - 2016-01-22 00:17 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-02-13 05:41 - 2016-01-22 00:17 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-02-13 05:41 - 2016-01-22 00:17 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-02-13 05:41 - 2016-01-22 00:16 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-02-13 05:41 - 2016-01-22 00:16 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-02-13 05:41 - 2016-01-22 00:16 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-02-13 05:41 - 2016-01-22 00:15 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-02-13 05:41 - 2016-01-22 00:15 - 00730112 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-02-13 05:41 - 2016-01-22 00:15 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-02-13 05:41 - 2016-01-22 00:13 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-02-13 05:41 - 2016-01-22 00:13 - 03938752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-02-13 05:41 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-02-13 05:41 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-02-13 05:41 - 2016-01-22 00:13 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00880128 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-13 05:41 - 2016-01-22 00:09 - 01314328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-02-13 05:41 - 2016-01-22 00:06 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-02-13 05:41 - 2016-01-22 00:05 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-02-13 05:41 - 2016-01-22 00:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-02-13 05:41 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-02-13 05:41 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00114176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-02-13 05:41 - 2016-01-22 00:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00642560 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-02-13 05:41 - 2016-01-21 23:07 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-02-13 05:41 - 2016-01-21 23:07 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-02-13 05:41 - 2016-01-21 23:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-02-13 05:41 - 2016-01-21 22:59 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-02-13 05:41 - 2016-01-21 22:58 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-02-13 05:41 - 2016-01-21 22:58 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-02-13 05:41 - 2016-01-21 22:57 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-02-13 05:41 - 2016-01-21 22:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-02-13 05:41 - 2016-01-21 22:53 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-02-13 05:41 - 2016-01-21 22:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-02-13 05:41 - 2016-01-21 22:53 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-02-13 05:41 - 2016-01-21 22:53 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-02-13 05:41 - 2016-01-21 22:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-02-13 05:41 - 2016-01-21 22:51 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 22:51 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 22:51 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-13 05:41 - 2016-01-21 22:51 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-13 05:41 - 2016-01-16 13:01 - 02085888 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-02-13 05:41 - 2016-01-07 11:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-02-13 05:41 - 2016-01-06 13:02 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-02-13 05:41 - 2016-01-06 13:02 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-02-13 05:41 - 2016-01-06 12:41 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-02-13 05:41 - 2015-12-20 12:50 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-02-13 05:41 - 2015-12-20 12:50 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-02-13 05:41 - 2015-12-20 08:08 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-02-13 05:40 - 2016-01-16 12:36 - 01413632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-02-13 05:39 - 2016-01-07 11:53 - 03211776 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-02-13 05:22 - 2016-02-13 05:22 - 00016384 _____ C:\windows\SysWOW64\��2
2016-02-12 07:14 - 2016-02-12 07:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-12 07:13 - 2016-02-12 07:13 - 00000000 ___HD C:\$AVG
2016-02-12 07:10 - 2016-02-12 07:10 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-12 07:10 - 2016-02-12 07:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-12 07:08 - 2016-02-12 07:12 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-12 07:07 - 2016-02-12 07:15 - 00000000 ____D C:\Users\Transfer\AppData\Local\Avg
2016-02-12 07:07 - 2016-02-12 07:10 - 00000000 ____D C:\Users\Transfer\AppData\Local\AvgSetupLog
2016-02-12 06:42 - 2016-02-12 06:42 - 00016384 _____ C:\windows\SysWOW64\��I
2016-02-10 15:46 - 2016-02-10 15:46 - 00016384 _____ C:\windows\SysWOW64\��c
2016-02-08 14:28 - 2016-02-08 14:28 - 00083149 _____ C:\Users\Transfer\Desktop\CALENDAR WITH WEEKS.pdf
2016-02-08 05:39 - 2016-02-08 05:39 - 00016384 _____ C:\windows\SysWOW64\�ˌ
2016-02-07 11:34 - 2016-02-07 11:34 - 00016384 _____ C:\windows\SysWOW64\�ˀ
2016-02-07 08:28 - 2016-02-07 08:30 - 00000000 ____D C:\Users\Transfer\Documents\MAIL CONTACTS SAVED
2016-02-07 07:44 - 2016-02-07 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-02-07 07:44 - 2016-02-07 07:44 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-02-07 07:42 - 2016-02-07 07:42 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-02-07 07:42 - 2016-02-07 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-02-07 07:41 - 2016-02-07 07:42 - 00000000 ____D C:\Program Files\iTunes
2016-02-07 07:41 - 2016-02-07 07:41 - 00000000 ____D C:\Program Files\iPod
2016-02-07 07:41 - 2016-02-07 07:41 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-02-07 07:39 - 2016-02-07 07:39 - 00000000 ____D C:\windows\System32\Tasks\Apple
2016-02-07 07:39 - 2016-02-07 07:39 - 00000000 ____D C:\Program Files\Bonjour
2016-02-07 07:39 - 2016-02-07 07:39 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-02-07 07:39 - 2016-02-07 07:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-02-06 23:18 - 2016-02-07 11:35 - 00056704 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2016-02-06 23:18 - 2016-02-06 23:18 - 00000000 ____D C:\Program Files\Malwarebytes
2016-02-06 23:16 - 2016-02-06 23:16 - 03007700 _____ C:\Users\Transfer\Downloads\revouninstaller.zip
2016-02-06 22:21 - 2016-02-06 22:21 - 01508352 _____ C:\Users\Transfer\Downloads\AdwCleaner.exe
2016-02-06 21:58 - 2016-02-06 21:58 - 00003286 _____ C:\windows\System32\Tasks\{9CED0646-8DAF-4342-9245-D2FCEAA51EC0}
2016-02-06 21:55 - 2016-02-16 19:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-02-06 10:49 - 2016-02-06 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-06 10:49 - 2016-02-06 10:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-06 10:49 - 2016-02-06 10:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-02-06 10:42 - 2016-01-11 13:05 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-02-06 10:42 - 2016-01-11 13:05 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-02-06 10:42 - 2016-01-11 13:05 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-02-06 10:42 - 2016-01-11 12:52 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-02-06 10:42 - 2016-01-11 12:47 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-02-06 10:42 - 2016-01-11 12:26 - 02610176 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-02-06 10:42 - 2016-01-11 12:24 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-02-06 10:42 - 2016-01-11 12:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-02-06 10:42 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-02-06 10:42 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-02-06 10:42 - 2016-01-11 12:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-02-06 10:42 - 2016-01-11 12:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-02-06 10:42 - 2016-01-11 12:14 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-02-06 10:42 - 2016-01-11 12:14 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-02-06 10:42 - 2016-01-11 12:14 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-02-06 10:42 - 2016-01-11 12:14 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-02-06 10:41 - 2016-01-22 00:19 - 14179840 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-02-06 10:41 - 2016-01-22 00:15 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-02-06 10:41 - 2016-01-22 00:12 - 01940992 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-02-06 10:41 - 2016-01-22 00:05 - 12877824 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-02-06 10:41 - 2016-01-22 00:00 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-02-06 10:41 - 2016-01-21 23:59 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-02-06 10:41 - 2016-01-21 23:19 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-02-06 10:41 - 2016-01-21 23:12 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-02-06 10:41 - 2016-01-16 13:06 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-02-06 10:41 - 2016-01-16 12:54 - 01162240 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-02-06 10:41 - 2016-01-11 08:08 - 01362944 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-02-06 10:41 - 2016-01-11 08:08 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-02-06 10:41 - 2016-01-11 08:08 - 00677376 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-02-06 10:41 - 2016-01-11 08:08 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-02-06 10:41 - 2016-01-11 08:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-02-06 10:05 - 2016-02-06 10:05 - 00016384 _____ C:\windows\SysWOW64\ ɀ
2016-02-03 22:39 - 2016-02-15 06:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-02-03 22:39 - 2016-02-15 06:02 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-02-03 21:26 - 2016-02-03 21:30 - 00000022 _____ C:\Users\Transfer\Desktop\Sent from Snipping Tool.zip
2016-02-03 15:08 - 2016-02-03 15:08 - 05446281 _____ C:\Users\Transfer\Desktop\floorplan.pdf
2016-02-02 21:19 - 2016-02-02 21:19 - 00016384 _____ C:\windows\SysWOW64\ ə
2016-02-02 16:55 - 2016-02-10 15:52 - 00002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-02 16:55 - 2016-02-10 15:52 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-01 14:47 - 2016-02-01 14:47 - 32243088 _____ (Microsoft Corporation) C:\Users\Transfer\Downloads\EIE11_EN-US_WOL_WIN7.EXE
2016-01-31 18:44 - 2016-01-31 18:44 - 00000000 ____D C:\Users\Transfer\AppData\Local\CEF
2016-01-31 18:35 - 2016-01-31 18:35 - 00016384 _____ C:\windows\SysWOW64\�ȭ
2016-01-31 15:47 - 2016-01-29 17:14 - 00000027 _____ C:\windows\system32\Drivers\etc\hosts.20160131-154708.backup
2016-01-31 14:53 - 2016-01-31 14:53 - 00000000 ____D C:\Users\Transfer\Documents\ProcAlyzer Dumps
2016-01-30 19:01 - 2016-01-30 19:02 - 40044345 _____ C:\Users\Transfer\Downloads\canon-inst-8-10-4a-24-r2-u01-9l.zip
2016-01-30 18:53 - 2016-01-30 18:53 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\CANON INC
2016-01-29 17:18 - 2016-01-29 17:18 - 00032878 _____ C:\ComboFix.txt
2016-01-29 17:02 - 2011-06-26 00:45 - 00256000 _____ C:\windows\PEV.exe
2016-01-29 17:02 - 2010-11-07 11:20 - 00208896 _____ C:\windows\MBR.exe
2016-01-29 17:02 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2016-01-29 17:02 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2016-01-29 17:02 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2016-01-29 17:02 - 2000-08-30 18:00 - 00098816 _____ C:\windows\sed.exe
2016-01-29 17:02 - 2000-08-30 18:00 - 00080412 _____ C:\windows\grep.exe
2016-01-29 17:02 - 2000-08-30 18:00 - 00068096 _____ C:\windows\zip.exe
2016-01-29 16:35 - 2016-01-29 16:35 - 00000000 ____D C:\SUPERDelete
2016-01-29 06:30 - 2016-01-29 06:31 - 55915216 _____ (Microsoft Corporation) C:\Users\Transfer\Downloads\IE11-Windows6.1-x64-en-us.exe
2016-01-23 13:08 - 2016-01-23 14:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-23 13:07 - 2016-01-23 14:26 - 00000000 ____D C:\Users\Transfer\Desktop\mbar
2016-01-23 13:06 - 2016-01-23 13:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Transfer\Downloads\mbar-1.09.3.1001.exe
2016-01-23 12:42 - 2016-01-29 17:18 - 00000000 ____D C:\Qoobox
2016-01-23 12:42 - 2016-01-29 17:15 - 00000000 ____D C:\windows\erdnt
2016-01-22 15:15 - 2016-01-22 15:15 - 00260528 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2016-01-21 18:07 - 2016-01-21 18:07 - 00002609 _____ C:\Users\Transfer\Downloads\Export.Zip
2016-01-21 15:32 - 2016-01-21 15:34 - 00000000 ____D C:\Users\Transfer\Desktop\Master gardener
2016-01-21 03:02 - 2016-01-21 03:02 - 00016384 _____ C:\windows\SysWOW64\ ��
2016-01-20 08:01 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-01-20 08:01 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-01-20 08:01 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-20 08:01 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-20 08:01 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-20 08:01 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-20 08:01 - 2015-12-08 15:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-01-20 08:01 - 2015-12-08 15:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-01-20 08:01 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-01-20 08:01 - 2015-12-08 15:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 01393152 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-20 08:01 - 2015-12-08 13:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-20 08:01 - 2015-12-08 13:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-01-20 08:01 - 2015-12-08 13:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-01-20 08:01 - 2015-12-08 13:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-20 08:01 - 2015-12-08 13:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-01-20 08:01 - 2015-12-08 13:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-01-20 08:01 - 2015-12-08 12:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-01-20 08:01 - 2015-12-08 12:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-01-20 08:01 - 2015-12-08 12:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-01-20 08:01 - 2015-11-16 14:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-20 08:01 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2016-01-20 08:01 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2016-01-20 08:01 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2016-01-20 08:01 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2016-01-20 08:01 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2016-01-20 08:01 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2016-01-20 08:01 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2016-01-20 08:01 - 2015-10-01 12:06 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-01-20 08:01 - 2015-10-01 12:04 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-01-20 08:01 - 2015-10-01 12:00 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-01-20 08:01 - 2015-10-01 12:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-01-20 08:01 - 2015-10-01 12:00 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-01-20 08:01 - 2015-10-01 12:00 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-01-20 08:01 - 2015-10-01 12:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-01-20 08:01 - 2015-10-01 11:50 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-01-20 08:01 - 2015-10-01 11:00 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-01-20 08:01 - 2015-07-22 18:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-01-20 08:01 - 2015-07-22 18:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2016-01-20 08:01 - 2015-07-22 11:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2016-01-20 08:01 - 2015-07-22 10:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-01-20 08:01 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-01-20 08:01 - 2015-07-15 12:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2016-01-20 08:01 - 2015-07-15 12:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2016-01-20 08:01 - 2015-07-15 12:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2016-01-20 08:00 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-20 08:00 - 2015-12-08 15:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-20 08:00 - 2015-12-08 13:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-20 08:00 - 2015-12-08 13:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-20 08:00 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-01-20 08:00 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-01-20 08:00 - 2015-11-13 17:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-01-20 08:00 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-01-20 08:00 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-01-20 08:00 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
2016-01-20 08:00 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2016-01-20 08:00 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2016-01-20 08:00 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2016-01-20 08:00 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2016-01-20 08:00 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2016-01-20 08:00 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2016-01-20 08:00 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-01-20 08:00 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2016-01-20 08:00 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-01-20 08:00 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2016-01-20 08:00 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2016-01-20 08:00 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-01-20 08:00 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-01-20 08:00 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2016-01-20 08:00 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2016-01-20 08:00 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2016-01-20 08:00 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2016-01-20 08:00 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2016-01-20 08:00 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2016-01-20 08:00 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2016-01-20 08:00 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2016-01-20 08:00 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-01-20 08:00 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-01-20 08:00 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-01-20 08:00 - 2015-08-27 12:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2016-01-20 08:00 - 2015-08-27 12:18 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-01-20 08:00 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2016-01-20 08:00 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-01-20 08:00 - 2015-08-27 11:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2016-01-20 08:00 - 2015-08-27 11:58 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-01-20 08:00 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2016-01-20 08:00 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-01-20 08:00 - 2015-08-05 11:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2016-01-20 08:00 - 2015-07-09 11:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2016-01-20 08:00 - 2015-07-09 11:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2016-01-20 08:00 - 2015-07-09 11:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2016-01-20 08:00 - 2015-07-09 11:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2016-01-20 08:00 - 2015-06-25 04:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-01-20 08:00 - 2015-06-25 04:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-01-20 07:52 - 2015-09-01 21:04 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-01-20 07:52 - 2015-09-01 21:04 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-01-20 07:52 - 2015-09-01 21:04 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-01-20 07:52 - 2015-09-01 21:04 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-01-20 07:52 - 2015-09-01 20:48 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-01-20 07:52 - 2015-09-01 20:48 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-01-20 07:52 - 2015-09-01 20:48 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-01-20 07:52 - 2015-09-01 20:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-01-20 07:52 - 2015-09-01 19:47 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-01-20 07:52 - 2015-09-01 19:33 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-01-20 06:41 - 2016-01-20 06:41 - 00016384 _____ C:\windows\SysWOW64\xȨ
2016-01-20 06:09 - 2015-12-16 12:55 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-01-20 06:09 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-01-20 06:09 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-01-20 06:09 - 2015-12-16 12:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-01-20 06:09 - 2015-12-16 12:48 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2016-01-20 06:09 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2016-01-20 06:09 - 2015-12-16 12:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2016-01-20 06:09 - 2015-12-16 12:47 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-01-20 06:09 - 2015-12-16 08:38 - 00419928 _____ C:\windows\SysWOW64\locale.nls
2016-01-20 06:09 - 2015-12-16 08:37 - 00419928 _____ C:\windows\system32\locale.nls
2016-01-20 06:09 - 2015-08-05 11:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2016-01-20 06:09 - 2015-08-05 11:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-01-20 05:12 - 2016-01-20 05:12 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\Sun
2016-01-20 05:12 - 2016-01-20 05:12 - 00000000 ____D C:\Users\Transfer\.oracle_jre_usage
2016-01-20 05:02 - 2016-01-20 05:02 - 00016384 _____ C:\windows\SysWOW64\@�=
2016-01-19 21:51 - 2016-01-19 21:51 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-19 21:51 - 2016-01-19 21:51 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-17 06:00 - 2016-01-14 20:21 - 00001081 _____ C:\Users\Transfer\Desktop\JRT.txt
2016-02-17 05:54 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-17 05:52 - 2015-03-12 10:32 - 00000000 ____D C:\AdwCleaner
2016-02-17 05:52 - 2014-01-13 11:39 - 00000000 ____D C:\ProgramData\MFAData
2016-02-17 04:49 - 2015-03-24 12:30 - 00000000 ____D C:\Users\Transfer\EMAIL STORAGE
2016-02-17 04:42 - 2009-07-13 22:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-17 04:42 - 2009-07-13 22:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-17 04:38 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2016-02-17 04:32 - 2015-03-23 21:23 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2016-02-16 19:34 - 2013-03-19 13:40 - 00000000 ____D C:\Users\Regina
2016-02-16 18:29 - 2014-05-22 03:47 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-16 15:20 - 2014-05-29 08:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-16 15:20 - 2014-01-06 17:51 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\TeamViewer
2016-02-16 15:20 - 2013-03-20 18:07 - 00000000 ____D C:\Users\Transfer\AppData\Local\CrashDumps
2016-02-16 15:19 - 2014-11-15 06:54 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-16 10:26 - 2016-01-09 21:54 - 00003930 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{F668C72C-529A-40C8-B61E-2D034B452B16}
2016-02-15 22:50 - 2013-02-24 20:01 - 00000000 ____D C:\Users\Transfer\Documents\1nursery information
2016-02-15 17:24 - 2013-03-20 17:51 - 00000000 ____D C:\Users\Transfer\AppData\Local\ElevatedDiagnostics
2016-02-15 16:07 - 2009-07-13 23:13 - 00796934 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-15 06:02 - 2013-05-04 20:20 - 00000000 ____D C:\ProgramData\Adobe
2016-02-15 05:13 - 2016-01-06 10:52 - 00007629 _____ C:\Users\Transfer\AppData\Local\Resmon.ResmonCfg
2016-02-13 14:31 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2016-02-13 06:38 - 2014-02-12 10:43 - 00367280 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-13 06:35 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-13 05:58 - 2013-08-14 02:01 - 00000000 ____D C:\windows\system32\MRT
2016-02-13 05:51 - 2013-03-20 18:30 - 146614896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-02-12 07:15 - 2015-06-30 08:27 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-12 07:15 - 2014-02-06 13:18 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\AVG
2016-02-12 07:13 - 2014-02-06 13:16 - 00000000 ____D C:\ProgramData\AVG
2016-02-08 04:57 - 2013-03-12 13:15 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-02-07 08:33 - 2013-04-13 17:24 - 00019968 ___SH C:\Users\Transfer\Thumbs.db
2016-02-07 07:41 - 2013-04-28 17:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-02-07 07:39 - 2013-05-09 09:53 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-02-06 23:18 - 2013-05-07 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-06 11:06 - 2014-12-10 22:46 - 00000000 ____D C:\windows\system32\appraiser
2016-02-06 11:06 - 2014-04-23 03:38 - 00000000 ___SD C:\windows\system32\CompatTel
2016-02-06 10:46 - 2011-02-11 11:15 - 00789056 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-02-03 22:40 - 2014-08-20 12:55 - 00000000 ____D C:\Users\Transfer\AppData\Local\Adobe
2016-02-03 22:39 - 2013-08-20 08:23 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-03 22:22 - 2016-01-12 15:55 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-02 21:19 - 2015-08-27 15:37 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0e110a3d52c2f.job
2016-02-02 21:19 - 2015-08-27 15:37 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e110a33cd41e.job
2016-02-02 21:07 - 2015-12-12 15:27 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-02-02 18:34 - 2013-06-28 21:46 - 00000000 ____D C:\Users\Transfer\Documents\My Garden Information
2016-02-02 16:55 - 2013-03-24 18:52 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-02 04:17 - 2015-08-27 15:37 - 00003906 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0e110a3d52c2f
2016-02-02 04:17 - 2015-08-27 15:37 - 00003654 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0e110a33cd41e
2016-02-02 04:15 - 2015-01-07 17:12 - 00000000 ____D C:\windows\pss
2016-01-31 21:10 - 2013-03-18 06:56 - 00000000 ____D C:\Users\Transfer\Desktop\idea book
2016-01-31 21:02 - 2013-06-15 19:26 - 00000000 ____D C:\Users\Transfer\.gimp-2.8
2016-01-31 18:39 - 2014-02-11 21:15 - 00093088 _____ C:\Users\Transfer\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-31 18:32 - 2013-03-20 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-31 18:32 - 2013-03-20 18:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-01-31 18:30 - 2010-11-21 01:16 - 00000000 ____D C:\windows\ShellNew
2016-01-31 15:47 - 2009-07-13 20:34 - 00450099 ____R C:\windows\system32\Drivers\etc\hosts.20160216-193954.backup
2016-01-31 10:58 - 2013-03-24 12:25 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-30 18:53 - 2013-02-27 10:09 - 00000000 ____D C:\Users\Transfer\Documents\Canon Utilities
2016-01-29 17:18 - 2013-03-19 21:13 - 00000000 ____D C:\Users\Administrator
2016-01-29 17:14 - 2009-07-13 20:34 - 00000215 _____ C:\windows\system.ini
2016-01-29 06:43 - 2013-03-20 04:35 - 00001415 _____ C:\Users\Transfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-28 23:30 - 2013-03-27 13:02 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-01-28 23:11 - 2013-08-27 17:50 - 00000000 ____D C:\Users\Transfer\AppData\Local\PokerStars.NET
2016-01-28 23:11 - 2013-08-20 12:20 - 00000000 ____D C:\Users\Transfer\AppData\LocalLow\Adobe
2016-01-28 23:11 - 2013-04-28 17:27 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\Apple Computer
2016-01-28 23:11 - 2013-03-20 04:45 - 00000000 ____D C:\Users\Transfer\AppData\Roaming\Adobe
2016-01-28 23:07 - 2014-06-05 07:45 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-28 23:07 - 2014-03-03 09:02 - 00000000 ____D C:\ProgramData\PTC
2016-01-28 23:07 - 2013-03-24 18:51 - 00000000 ____D C:\Users\Transfer\AppData\Local\Google
2016-01-28 23:07 - 2013-03-19 17:35 - 00000000 ____D C:\Users\Transfer\AppData\Local\Apple Computer
2016-01-28 23:07 - 2013-03-12 13:27 - 00000000 ____D C:\ProgramData\TouchSmartData
2016-01-28 23:05 - 2013-05-07 18:18 - 00000000 ____D C:\ProgramData\Blio
2016-01-28 23:05 - 2013-03-12 13:16 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-28 21:32 - 2009-07-13 23:32 - 00000000 ____D C:\windows\Downloaded Program Files
2016-01-23 13:07 - 2014-05-22 03:47 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-01-20 06:39 - 2009-07-13 21:20 - 00000000 ____D C:\windows\PolicyDefinitions
2016-01-20 06:13 - 2013-03-12 13:30 - 00001420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-01-20 05:13 - 2015-03-08 04:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-20 05:13 - 2013-12-31 19:01 - 00000000 ____D C:\ProgramData\Oracle
2016-01-20 05:12 - 2015-03-08 04:47 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-20 05:12 - 2013-05-06 10:46 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-20 05:12 - 2013-03-19 17:26 - 00000000 ____D C:\Users\Transfer
2016-01-20 05:02 - 2015-03-23 21:23 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2016-01-19 04:11 - 2015-03-23 21:23 - 00853200 _____ (SurfRight B.V.) C:\windows\system32\hmpalert.dll
2016-01-19 04:11 - 2015-03-23 21:23 - 00769744 _____ (SurfRight B.V.) C:\windows\SysWOW64\hmpalert.dll
2016-01-19 04:11 - 2015-03-23 21:23 - 00176464 _____ (SurfRight B.V.) C:\windows\system32\Drivers\hmpalert.sys

==================== Files in the root of some directories =======

2015-07-30 11:52 - 2015-07-30 11:52 - 0000850 _____ () C:\Users\Transfer\AppData\Local\recently-used.xbel
2016-01-06 10:52 - 2016-02-15 05:13 - 0007629 _____ () C:\Users\Transfer\AppData\Local\Resmon.ResmonCfg
2015-09-09 18:03 - 2015-09-28 11:09 - 2632704 _____ () C:\ProgramData\excalibur.db
2015-09-09 18:03 - 2015-09-09 18:03 - 0032768 _____ () C:\ProgramData\excalibur.db-shm
2015-09-09 18:03 - 2015-09-28 11:09 - 1058512 _____ () C:\ProgramData\excalibur.db-wal
2014-11-06 20:52 - 2014-11-06 20:52 - 0000272 _____ () C:\ProgramData\INSTALL_TOR.URL
2013-11-17 11:23 - 2013-11-17 11:23 - 0000104 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Transfer\hpothb07.dat

Some files in TEMP:
====================
C:\Users\Transfer\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-08 00:49

==================== End of FRST.txt ============================



#8 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:06:59 AM

Posted 17 February 2016 - 07:45 AM

just went to turn avg back on and evidently it was scanning when I turned it off before. It now says it found 19 threats and wants to restart computer. Last night, ran it 2 times, full computer scan, checking everything it would allow me to and I got nothing at all. As of right now, I just closed the program without restarting computer. Do you want me to restart it and see if AVG cleans it?



#9 satchfan

satchfan

  • Malware Response Team
  • 2,665 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:59 PM

Posted 17 February 2016 - 07:52 AM

Do you want me to restart it and see if AVG cleans it?

No but can you show me what was found?

 

 

I see that you have run ComboFix. While you may see ComboFix being used quite often, it should never be run unsupervised (as stated in the disclaimer that is first displayed by ComboFix when you run it)

All diagnostic and “fixing” programs/tools are used to search for or target specific malware. Throwing these randomly at your computer in the hope of a quick cure may render your machine a doorstop.

Please send the log from when you ran it. ComboFix logs are located at c:\combofix.txt, older logs are at c:\qoobox\combofix2.txt, c:\qoobox\ComboFix3.txt etc

===================================================

Do you know what these are?

C:\windows\SysWOW64\��2
C:\windows\SysWOW64\��I
C:\windows\SysWOW64\��c
C:\windows\SysWOW64\�ˌ
C:\windows\SysWOW64\�ˀ


I am busy for the next hour or so but will check your logs and reply as soon as I can.

Nina


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:06:59 AM

Posted 17 February 2016 - 08:44 AM

Unsanctioned Combofix Log from Jan. 29 attached :oopsign: My Bad.

ComboFix 16-01-24.01 - Transfer 01/29/2016  17:04:53.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6032.3636 [GMT -6:00]
Running from: c:\users\Transfer\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: AVG update module *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: AVG update module *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: AVG update module *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Transfer\AppData\Local\Spot
c:\users\Transfer\AppData\Local\Spot\score.xml
c:\users\Transfer\AppData\Local\TapTap
c:\users\Transfer\AppData\Local\TapTap\score.xml
c:\users\Transfer\AppData\Local\Z@!-789be195-d7b8-4f18-a7fd-4811a9691337.tmp
c:\users\Transfer\AppData\Local\Z@S!-f6317ad7-996c-4127-9fd5-3de159c9e982.tmp
c:\users\Transfer\AppData\Roaming\FrameworkUpdate7
C:\Windows6.0-KB935685-v2-x64.msu
C:\Windows6.0-KB976538-v2-x64.msu
.
.
(((((((((((((((((((((((((   Files Created from 2015-12-28 to 2016-01-29  )))))))))))))))))))))))))))))))
.
.
2016-01-29 23:14 . 2016-01-29 23:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-29 23:14 . 2016-01-29 23:14 -------- d-----w- c:\users\Regina\AppData\Local\temp
2016-01-29 22:35 . 2016-01-29 22:35 -------- d-----w- C:\SUPERDelete
2016-01-29 03:32 . 2016-01-29 03:32 -------- d-----w- c:\program files (x86)\ESET
2016-01-26 09:24 . 2015-12-16 16:15 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECEBBA35-EF21-49E0-99FF-4985539B0E95}\mpengine.dll
2016-01-23 19:08 . 2016-01-23 20:26 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-01-20 14:00 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-01-20 13:52 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll
2016-01-20 13:52 . 2015-09-02 03:04 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-01-20 13:52 . 2015-09-02 03:04 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-01-20 13:52 . 2015-09-02 03:04 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-01-20 13:52 . 2015-09-02 02:48 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-01-20 13:52 . 2015-09-02 02:48 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-01-20 13:52 . 2015-09-02 02:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-01-20 13:52 . 2015-09-02 02:47 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-01-20 13:52 . 2015-09-02 01:47 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-01-20 13:52 . 2015-09-02 01:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-01-20 12:09 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll
2016-01-20 12:09 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2016-01-20 12:09 . 2015-12-16 18:55 69120 ----a-w- c:\windows\system32\nlsbres.dll
2016-01-20 12:09 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2016-01-20 12:09 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2016-01-20 12:09 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2016-01-20 12:09 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2016-01-20 12:09 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2016-01-20 12:09 . 2015-12-16 18:47 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll
2016-01-20 11:13 . 2016-01-20 11:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-01-20 11:12 . 2016-01-20 11:12 -------- d-----w- c:\users\Transfer\.oracle_jre_usage
2016-01-20 03:51 . 2016-01-20 03:51 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-20 03:51 . 2016-01-20 03:51 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-23 19:08 . 2014-05-22 09:47 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-23 19:07 . 2014-05-22 09:47 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-01-22 02:10 . 2013-03-21 00:30 143671360 ----a-w- c:\windows\system32\MRT.exe
2016-01-20 11:12 . 2015-03-08 10:47 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-01-19 10:11 . 2015-03-24 03:23 853200 ----a-w- c:\windows\system32\hmpalert.dll
2016-01-19 10:11 . 2015-03-24 03:23 769744 ----a-w- c:\windows\SysWow64\hmpalert.dll
2016-01-19 10:11 . 2015-03-24 03:23 176464 ----a-w- c:\windows\system32\drivers\hmpalert.sys
2015-12-30 18:37 . 2016-01-20 14:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-28 11:38 . 2015-12-28 12:06 47104 ----a-w- c:\windows\SysWow64\ssmypics.scr
2015-12-10 01:58 . 2015-12-10 01:58 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2015-12-02 19:18 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-12-01 01:43 . 2015-12-01 01:43 53248 ----a-r- c:\users\Transfer\AppData\Roaming\Microsoft\Installer\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2015-05-29 21:35 1030864 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2015-05-29 21:35 1030864 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2015-05-29 21:35 1030864 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-24 10:31 223432 ----a-w- c:\users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-24 10:31 223432 ----a-w- c:\users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-24 10:31 223432 ----a-w- c:\users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2015-05-29 21:35 1030864 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2015-05-29 21:35 1030864 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2015-05-29 21:35 1030864 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware2\SUPERAntiSpyware.exe" [2015-05-22 7799576]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-12-08 8590760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2015-12-15 4431848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-05-15 60712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-06-17 421888]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2015-05-29 1065680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-14 1085656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-12-23 596528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Philips GoGear VIBE Device Manager.lnk - c:\philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe -silent [2014-12-27 1701224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 hmpnet;hmpnet;c:\windows\system32\drivers\hmpnet.sys;c:\windows\SYSNATIVE\drivers\hmpnet.sys [x]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware2\SASCORE64.EXE;c:\program files\SUPERAntiSpyware2\SASCORE64.EXE [x]
R4 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R4 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
R4 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R4 Unchecky;Unchecky;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe [x]
R4 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe;c:\windows\SysWOW64\WebUpdateSvc4.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware2\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware2\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware2\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware2\SASKUTIL64.SYS [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 hmpalertsvc;HitmanPro.Alert service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S3 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PSMNBUS;Pantech Unified USB Composite Device Ver1 Driver;c:\windows\system32\DRIVERS\PSMNBUS.sys;c:\windows\SYSNATIVE\DRIVERS\PSMNBUS.sys [x]
S3 PSMNMDM;Pantech Unified USB Modem Ver1 Drivers;c:\windows\system32\DRIVERS\PSMNMDM.sys;c:\windows\SYSNATIVE\DRIVERS\PSMNMDM.sys [x]
S3 PSMNVSP;Pantech Unified USB Serial Port Ver1;c:\windows\system32\DRIVERS\PSMNVSP.sys;c:\windows\SYSNATIVE\DRIVERS\PSMNVSP.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-28 00:54 1090376 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 21:37]
.
2016-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e110a33cd41e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 21:37]
.
2015-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 21:37]
.
2016-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0e110a3d52c2f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 21:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2015-05-29 21:28 1304784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2015-05-29 21:28 1304784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2015-05-29 21:28 1304784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-24 10:31 262344 ----a-w- c:\users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-24 10:31 262344 ----a-w- c:\users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-24 10:31 262344 ----a-w- c:\users\Transfer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-06-16 14:59 2335448 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-06-16 14:59 2335448 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-06-16 14:59 2335448 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2015-05-29 21:28 1304784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2015-05-29 21:28 1304784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2015-05-29 21:28 1304784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-25 1425408]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-11 441968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-11 172144]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-11 399984]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-04-11 37888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-07-11 170280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?gws_rd=ssl
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: cnet.com\download
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
------- File Associations -------
.
.scr=CryptoPreventSCR
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Software Update Wizard (Redist) - c:\windows\system32\wuwuninst.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-01-29  17:18:11
ComboFix-quarantined-files.txt  2016-01-29 23:18
.
Pre-Run: 717,921,447,936 bytes free
Post-Run: 716,520,521,728 bytes free
.
- - End Of File - - 97FC96EA5562D09140FF232B69359716
5FB38429D5D77768867C76DCBDB35194

 
I looked for older combofix files named TXT  in c:\qoobox\ here is what I found. No actual TXT files

 
2016-01-29 23:16:36 . 2016-01-29 23:16:36              232 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24}.reg.dat
2016-01-29 23:16:33 . 2016-01-29 23:16:33              229 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3}.reg.dat
2016-01-29 23:11:23 . 2016-01-29 23:11:23            4,047 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2016-01-23 18:51:51 . 2016-01-29 23:02:48              153 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2015-02-23 14:02:56 . 2015-01-29 15:13:52           10,240 ----a-w-  C:\Qoobox\Quarantine\C\Users\Transfer\AppData\Local\Z@S!-f6317ad7-996c-4127-9fd5-3de159c9e982.tmp.vir
2015-02-23 14:02:56 . 2015-01-29 15:13:52            9,216 ----a-w-  C:\Qoobox\Quarantine\C\Users\Transfer\AppData\Local\Z@!-789be195-d7b8-4f18-a7fd-4811a9691337.tmp.vir
2013-05-08 00:15:17 . 2013-05-08 00:15:17               28 ----a-w-  C:\Qoobox\Quarantine\C\Users\Transfer\AppData\Local\Spot\score.xml.vir
2013-05-07 23:56:34 . 2013-05-07 23:56:34               28 ----a-w-  C:\Qoobox\Quarantine\C\Users\Transfer\AppData\Local\TapTap\score.xml.vir
2013-02-25 03:44:41 . 2010-03-12 03:52:32          851,967 ----a-w-  C:\Qoobox\Quarantine\C\Windows6.0-KB976538-v2-x64.msu.vir
2012-02-24 16:37:35 . 2007-04-11 13:50:16          202,436 ----a-w-  C:\Qoobox\Quarantine\C\Windows6.0-KB935685-v2-x64.msu.vir



#11 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:06:59 AM

Posted 17 February 2016 - 09:00 AM

I looked at the SysWOW64 folder on my computer. Don't have a clue about that but some dates seem relevant to when issues started with computer and others are from when I bought the computer and set it up in 2009. Tried to copy the list and paste it here but it doesn't work.



#12 satchfan

satchfan

  • Malware Response Team
  • 2,665 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:59 PM

Posted 17 February 2016 - 09:21 AM

I see you have Picassa installed. Are you using the GPhotos screensaver file that got installed with a Picasa update?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:06:59 AM

Posted 17 February 2016 - 10:22 AM

no I use the windows photo gallery one that came with windows.

 

OK lets change that to someonething :nono: changed it to Google but I just changed it back!!!!


Edited by trashywoman, 17 February 2016 - 10:37 AM.


#14 trashywoman

trashywoman
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Illinois
  • Local time:06:59 AM

Posted 17 February 2016 - 10:28 AM

cant get a log from avg of info on files it found. I don't like the new avg free with that ZEN thing. The window will not open big to allow you to see everything at once. When I tried to export report it put it in an excel file ?. Anyway I was able to paste that into a text document.  It seems the things it found were all tracking cookies. I went ahead and deleted them.

 

Scheduled Scan
Medium severity;"19";"0";"19"
Scanned:;"Scan Whole Computer"
Started:;"2/17/2016, 6:00:57 AM"
Finished:;"2/17/2016, 6:39:21 AM"
Number of items:;"469857"
Launched by:;"SYSTEM"

Name;"Description";"Status";"Status";"Priority"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\8G0GM155.txt;"Found Tracking cookie.Yieldmanager";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\BPFZP3T2.txt;"Found Tracking cookie.Realmedia";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\YIY6JA80.txt;"Found Tracking cookie.Revsci";"Unresolved";"Unresolved";"Medium"
C:\Users\Transfer\AppData\Roaming\Microsoft\Windows\Cookies\Low\45NH5Y42.txt;"Found Tracking cookie.Ru4";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\3A34AVQ9.txt;"Found Tracking cookie.Estat";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\OGNYTIV9.txt;"Found Tracking cookie.Tacoda";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\BI5IIUT2.txt;"Found Tracking cookie.Advertising";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\N094E6N4.txt;"Found Tracking cookie.Clickbank";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\PIEWRGOB.txt;"Found Tracking cookie.Serving-sys";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\L53N30ZA.txt;"Found Tracking cookie.Atdmt";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\PKG8VA8B.txt;"Found Tracking cookie.Casalemedia";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\1DIZLWI4.txt;"Found Tracking cookie.Pointroll";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z4F5C1NI.txt;"Found Tracking cookie.Questionmarket";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZXJDBA6M.txt;"Found Tracking cookie.Zedo";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\L82AGF97.txt;"Found Tracking cookie.Ru4";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\A62MY7X1.txt;"Found Tracking cookie.Webtrends";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\7II4U35U.txt;"Found Tracking cookie.Tribalfusion";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3RUL77S.txt;"Found Tracking cookie.Fastclick";"Unresolved";"Unresolved";"Medium"
C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Cookies\Low\N1P9CQRU.txt;"Found Tracking cookie.2o7";"Unresolved";"Unresolved";"Medium"



#15 satchfan

satchfan

  • Malware Response Team
  • 2,665 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:59 PM

Posted 17 February 2016 - 10:50 AM

I don't like the new avg free with that ZEN thing.

 

I personally don't like AVG at all. There are better free AVs around which I can advise you about when we finish up.

 

I have omitted the files I questioned you about for now as I've asked other malware members if they have ever seen them before - I haven't.

 

There's not a lot showing up in the FRST log but we'll tidy up what I have found and run another scan. Incidentally, you'll that I have a CNet entry included: CNet is not a good place to download from as they bundle their downloads with invasive and annoying browser toolbars and other software.

 

================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.


Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-926090934-439431683-2122779614-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\SysWOW64\GPhotos.scr [4575232 2015-02-13] (Google Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-926090934-439431683-2122779614-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 hmpnet; system32\drivers\hmpnet.sys [X]
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B655DAAC-FC26-4707-82DB-84B470B90F48} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D5363CAF-CE63-4A7E-9D6A-1C571A194B2E} - System32\Tasks\{BC32BFDD-2B2F-4194-A49C-80274B8A7BD4} => pcalua.exe -a "J:\first aid utility.exe" -d J:\
Task: {F6BDD003-CFE0-4ECA-86E3-ED622504AD99} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-926090934-439431683-2122779614-1004\...\cnet.com -> download.cnet.com
C:\windows\SysWOW64\GPhotos.scr
C:\Users\Transfer\hpothb07.dat
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7/8, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Logs to include with next post:

Fixlog.txt
zoek-results.log


Thanks

Satchfan


Edited by satchfan, 17 February 2016 - 10:51 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users