Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected trojan and network is slow


  • Please log in to reply
8 replies to this topic

#1 noker

noker

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 19 August 2016 - 03:15 AM

Hi,

 

First time posting here and if anyone could help me it would be greatly appreciated. I ran AVG today and detected/removed a trojan but I believe there is still something on my computer, it is running slower than usual and takes a lot longer to reach websites.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by New (administrator) on NEW_PC (19-08-2016 17:43:45)
Running from E:\Downloads
Loaded Profiles: New (Available Profiles: New & MSSQLSERVER)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-28] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-12] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\...\Run: [Facebook Update] => C:\Users\New\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-02] (Facebook Inc.)
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\...\Run: [LCLC Control Panel] => C:\Program Files (x86)\Thermaltake\Fan Control Software\Fan Control Software.exe [870400 2012-03-29] (Thermaltake)
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\...\Run: [LoLReplay2] => C:\Program Files (x86)\LoLReplay2\LoLReplay2.exe [22064128 2016-07-16] (Aequus Gaming)
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\...\MountPoints2: F - "F:\INSTALL.EXE" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2014-12-06]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3790800915-1267840748-829986460-1001] => http=;ftp=;https=;
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95346D8A-4144-4FA1-A9CD-49840B72AA22}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{CF21B842-3810-42C2-83D2-32E2DDF03BC7}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{FCAB4500-8C82-4CBA-B383-DE8FE1442650}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-15] (Oracle Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-15] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
 
FireFox:
========
FF ProfilePath: C:\Users\New\AppData\Roaming\Mozilla\Firefox\Profiles\3raonyra.default-1437358637127
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-16] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-04] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [2013-11-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-06] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3790800915-1267840748-829986460-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\New\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-06-27] [not signed]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2016-06-27] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-06-27] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\New\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (uBlock Origin) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-09]
CHR Extension: (Google Search) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Sheets) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Google Docs Offline) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR Extension: (Chrome Media Router) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5267456 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-12] ()
S4 HitachiBackupService; C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe [56832 2011-05-18] (Hitachi GST) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MSSQLSERVER; E:\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-12] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [376832 2013-01-09] (SafeNet, Inc.) [File not signed]
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259872 2013-01-09] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc.)
S3 SQLSERVERAGENT; E:\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-12] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [X]
S4 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X]
S4 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [X]
S3 OVPNService; "C:\Users\New\AppData\Local\TotalVPN\OVPN.Service.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ASEUSBCC; C:\Windows\system32\drivers\AseUSBCC.sys [16384 2011-12-13] (Silicon Laboratories)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314112 2016-06-30] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [261888 2016-07-19] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313088 2016-07-20] (AVG Technologies CZ, s.r.o.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 hmip; C:\Windows\system32\Drivers\hmip64.sys [38760 2013-06-19] (Hide My IP)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2013-12-18] (AnchorFree Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvoclk64; C:\Windows\system32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-11-13] (Anchorfree Inc.)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-19 17:43 - 2016-08-19 17:43 - 00000000 ____D C:\FRST
2016-08-19 15:56 - 2016-08-19 16:15 - 00000000 ____D C:\AdwCleaner
2016-08-19 15:30 - 2016-08-19 15:30 - 00000000 ___HD C:\$AVG
2016-08-19 15:30 - 2016-08-19 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-08-19 15:29 - 2016-08-19 16:17 - 00000000 ____D C:\ProgramData\MFAData
2016-08-19 15:29 - 2016-08-19 15:29 - 00000000 ____D C:\Users\New\AppData\Local\MFAData
2016-08-19 15:28 - 2016-08-19 15:28 - 00001004 _____ C:\Users\Public\Desktop\AVG.lnk
2016-08-19 15:28 - 2016-08-19 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-08-19 15:27 - 2016-08-19 15:30 - 00000000 ____D C:\Program Files (x86)\AVG
2016-08-19 15:25 - 2016-08-19 15:29 - 00000000 ____D C:\Users\New\AppData\Local\AvgSetupLog
2016-08-18 13:10 - 2016-08-18 13:15 - 00045470 _____ C:\Users\New\Documents\Lachlan Dromgold project pitch.pptx
2016-08-16 22:01 - 2016-08-16 22:00 - 00000030 _____ C:\AVScanner.ini
2016-08-16 22:00 - 2016-08-16 22:00 - 00000000 ____D C:\ProgramData\McAfee
2016-08-16 21:46 - 2016-08-16 21:46 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-08-16 21:44 - 2016-08-16 21:44 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-08-16 21:35 - 2016-08-16 21:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-08-16 21:35 - 2016-08-16 21:35 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-08-16 21:32 - 2016-08-16 21:32 - 00000000 ____D C:\Users\New\AppData\Local\VSIXInstaller
2016-08-16 21:32 - 2016-08-16 21:32 - 00000000 ____D C:\ProgramData\NuGet
2016-08-16 21:32 - 2016-08-16 21:32 - 00000000 ____D C:\Program Files\IIS Express
2016-08-16 21:32 - 2016-08-16 21:32 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-08-16 21:32 - 2016-08-16 21:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-08-16 21:32 - 2016-08-16 21:32 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-08-16 21:30 - 2016-08-16 21:30 - 00030400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-08-16 21:30 - 2016-08-16 21:30 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-08-13 23:34 - 2016-08-13 23:34 - 00000000 ____H C:\Users\New\Documents\Default.rdp
2016-08-10 12:27 - 2016-06-19 06:06 - 00590688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-08-10 12:27 - 2016-06-19 06:06 - 00072408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2016-08-10 12:27 - 2016-06-12 05:52 - 00379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 12:27 - 2016-06-12 05:52 - 00057184 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-08-10 12:27 - 2016-06-12 04:05 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpresult.exe
2016-08-10 12:27 - 2016-06-12 03:14 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpresult.exe
2016-08-10 12:27 - 2016-06-12 02:50 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 12:27 - 2016-06-12 02:46 - 00482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2016-08-10 12:27 - 2016-06-12 02:44 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-08-10 12:27 - 2016-06-12 02:37 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-08-10 12:27 - 2016-06-12 02:24 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 12:27 - 2016-06-12 02:20 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-08-10 12:27 - 2016-06-12 02:16 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-08-10 12:27 - 2016-06-11 13:44 - 00107984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-08-10 12:27 - 2016-06-11 13:44 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-08-10 12:27 - 2016-06-11 06:07 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-08-10 12:27 - 2016-06-11 06:03 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-08-10 12:27 - 2016-06-11 05:04 - 03547136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 12:27 - 2016-06-11 04:11 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-08-10 12:27 - 2016-06-11 04:11 - 01487992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 12:27 - 2016-06-11 04:11 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 12:27 - 2016-06-11 04:11 - 00125024 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2016-08-10 12:27 - 2016-06-11 04:10 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2016-08-10 12:27 - 2016-06-11 04:07 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-08-10 12:27 - 2016-06-11 04:04 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-08-10 12:27 - 2016-06-10 05:32 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-08-10 12:27 - 2016-06-10 04:18 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-08-10 12:27 - 2016-06-08 04:10 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\hbaapi.dll
2016-08-10 12:27 - 2016-06-08 03:13 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hbaapi.dll
2016-08-10 12:27 - 2016-06-04 10:38 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-08-10 12:27 - 2016-06-04 10:37 - 01970968 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-08-10 12:27 - 2016-05-29 17:08 - 22361344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 12:27 - 2016-05-29 04:31 - 19788688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 12:27 - 2016-05-19 07:54 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2016-08-10 12:27 - 2016-05-19 07:15 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2016-08-10 12:27 - 2016-05-19 06:56 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2016-08-10 12:27 - 2016-05-19 06:33 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2016-08-10 12:27 - 2016-05-19 06:28 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-08-10 12:27 - 2016-05-19 06:16 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-08-10 12:27 - 2016-05-15 06:26 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 12:27 - 2016-05-14 15:19 - 01134768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-08-10 12:27 - 2016-05-14 09:08 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-08-10 12:27 - 2016-05-14 09:08 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-08-10 12:27 - 2016-05-14 09:08 - 00032512 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-08-10 12:27 - 2016-05-14 08:24 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-08-10 12:27 - 2016-05-14 07:42 - 03667968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 12:27 - 2016-05-14 07:30 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-08-10 12:27 - 2016-05-14 07:29 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-08-10 12:27 - 2016-05-14 07:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-08-10 12:27 - 2016-05-14 07:27 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-08-10 12:27 - 2016-05-14 07:26 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-08-10 12:27 - 2016-05-14 07:26 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 12:27 - 2016-05-14 07:18 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-08-10 12:27 - 2016-05-14 07:18 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-08-10 12:27 - 2016-05-14 07:16 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 12:27 - 2016-05-14 07:16 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-08-10 12:27 - 2016-05-13 04:36 - 00034600 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserAccountBroker.exe
2016-08-10 12:27 - 2016-05-13 03:39 - 00030984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserAccountBroker.exe
2016-08-10 12:27 - 2016-05-07 07:59 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-08-10 12:27 - 2016-05-07 03:13 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-08-10 12:27 - 2016-05-06 04:28 - 01661072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 12:27 - 2016-05-06 03:39 - 01212256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 12:27 - 2016-05-06 03:18 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2016-08-10 12:27 - 2016-05-06 03:02 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-08-10 12:27 - 2016-05-06 02:37 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2016-08-10 12:27 - 2016-05-06 02:34 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-08-10 12:27 - 2016-05-06 02:29 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-08-10 12:27 - 2016-05-06 01:28 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-08-10 12:27 - 2016-05-06 01:16 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-08-10 12:27 - 2016-04-16 23:56 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-08-10 12:27 - 2016-04-10 15:35 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-08-10 12:27 - 2016-04-10 08:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-08-10 12:27 - 2016-04-10 08:14 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Geolocation.dll
2016-08-10 12:27 - 2016-04-10 08:10 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-08-10 12:27 - 2016-04-10 08:09 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-08-10 12:27 - 2016-04-10 08:02 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2016-08-10 12:27 - 2016-04-10 07:59 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll
2016-08-10 12:27 - 2016-04-10 07:59 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-08-10 12:27 - 2016-04-10 07:56 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-08-10 12:27 - 2016-04-10 07:55 - 00881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-08-10 12:27 - 2016-04-10 07:52 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2016-08-10 12:27 - 2016-04-08 02:06 - 00927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-08-10 12:27 - 2016-04-07 07:21 - 00114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2016-08-10 12:27 - 2016-04-07 04:20 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 12:27 - 2016-04-07 04:17 - 18825216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 12:27 - 2016-04-07 02:25 - 15158272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 12:27 - 2016-04-06 08:37 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2016-08-10 12:27 - 2016-04-02 23:58 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-08-10 12:27 - 2016-04-02 03:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-08-10 12:27 - 2016-04-02 02:53 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-08-10 12:27 - 2016-04-02 02:50 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-08-10 12:27 - 2016-02-05 02:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-08-10 12:27 - 2016-02-05 02:49 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-08-10 12:27 - 2016-02-05 02:39 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-08-10 12:20 - 2016-08-02 16:54 - 25808384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 12:20 - 2016-08-02 16:32 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 12:20 - 2016-08-02 16:31 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-08-10 12:20 - 2016-08-02 16:20 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-08-10 12:20 - 2016-08-02 16:18 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 12:20 - 2016-08-02 16:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-08-10 12:20 - 2016-08-02 15:55 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-08-10 12:20 - 2016-08-02 15:54 - 20343808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 12:20 - 2016-08-02 15:51 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-08-10 12:20 - 2016-08-02 15:47 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 12:20 - 2016-08-02 15:46 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-08-10 12:20 - 2016-08-02 15:41 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-08-10 12:20 - 2016-08-02 15:40 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-08-10 12:20 - 2016-08-02 15:39 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 12:20 - 2016-08-02 15:38 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 12:20 - 2016-08-02 15:38 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 12:20 - 2016-08-02 15:36 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 12:20 - 2016-08-02 15:28 - 15412224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 12:20 - 2016-08-02 15:23 - 02868224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 12:20 - 2016-08-02 15:21 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 12:20 - 2016-08-02 15:20 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-08-10 12:20 - 2016-08-02 15:15 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 12:20 - 2016-08-02 15:15 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 12:20 - 2016-08-02 15:14 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 12:20 - 2016-08-02 15:11 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 12:20 - 2016-08-02 15:10 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 12:20 - 2016-08-02 14:59 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 12:20 - 2016-08-02 14:56 - 02393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 12:20 - 2016-08-02 14:53 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 12:20 - 2016-08-02 14:51 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 12:20 - 2016-07-09 10:09 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-08-10 12:20 - 2016-07-09 10:08 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-08-10 12:20 - 2016-07-09 00:32 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 12:20 - 2016-07-09 00:25 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 12:20 - 2016-07-09 00:22 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 12:20 - 2016-07-09 00:19 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-08-10 12:20 - 2016-07-09 00:18 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-10 12:20 - 2016-07-09 00:17 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-08-10 12:20 - 2016-07-08 08:33 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-08-10 12:20 - 2016-07-08 07:53 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-08-10 12:20 - 2016-07-08 06:06 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-08-10 12:20 - 2016-07-07 00:26 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 12:20 - 2016-07-07 00:26 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-08-10 12:20 - 2016-07-07 00:23 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-08-10 12:20 - 2016-07-07 00:21 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 12:20 - 2016-05-19 09:18 - 00563024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 12:20 - 2016-05-19 09:18 - 00397232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-08-10 12:20 - 2016-05-19 09:16 - 00178016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 12:20 - 2016-05-19 08:28 - 00340880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-08-10 12:16 - 2016-07-13 00:08 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-02 19:29 - 2016-08-02 19:29 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-02 19:29 - 2016-08-02 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-02 19:29 - 2016-08-02 19:29 - 00000000 ____D C:\Program Files\iTunes
2016-08-02 19:29 - 2016-08-02 19:29 - 00000000 ____D C:\Program Files\iPod
2016-08-02 19:29 - 2016-08-02 19:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-01 12:31 - 2016-08-01 12:31 - 00001043 _____ C:\Users\Public\Desktop\LoLReplay2.lnk
2016-07-27 00:26 - 2016-07-27 00:26 - 00000000 ____D C:\Users\New\AppData\Local\PokemonGo
2016-07-27 00:14 - 2016-07-27 00:14 - 00000000 ____D C:\Users\New\Desktop\New Folder
2016-07-24 08:12 - 2016-07-24 08:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-07-24 08:12 - 2016-07-24 08:12 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-07-24 08:09 - 2016-07-24 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-07-20 21:15 - 2016-07-20 21:15 - 00000000 ____D C:\Users\New\.nuget
2016-07-20 08:46 - 2016-07-20 08:46 - 00313088 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys
2016-07-20 03:49 - 2016-07-20 03:49 - 00000000 ____D C:\WINDOWS\EOONotify
2016-07-20 00:48 - 2016-07-20 00:48 - 00000000 ____D C:\Users\New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2016-07-20 00:48 - 2016-07-20 00:48 - 00000000 ____D C:\Users\New\AppData\Local\Package Cache
2016-07-20 00:19 - 2016-08-01 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoLReplay2
2016-07-20 00:10 - 2016-08-19 16:46 - 00000000 ____D C:\Users\New\Documents\LoLReplay2
2016-07-20 00:10 - 2016-08-01 12:31 - 00000000 ____D C:\Program Files (x86)\LoLReplay2
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-19 17:40 - 2013-11-13 01:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-19 17:38 - 2015-07-21 04:03 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-19 16:51 - 2013-06-06 11:50 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3790800915-1267840748-829986460-1001
2016-08-19 16:46 - 2015-07-21 04:03 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-19 16:46 - 2014-02-15 12:47 - 00000000 __RDO C:\Users\New\SkyDrive
2016-08-19 16:17 - 2013-12-04 15:01 - 00000435 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-08-19 16:17 - 2013-10-02 04:12 - 00000934 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3790800915-1267840748-829986460-1001UA.job
2016-08-19 16:16 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-19 16:16 - 2013-06-06 12:07 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-19 16:05 - 2015-11-18 23:33 - 00000000 ____D C:\Users\New\AppData\Local\Avg
2016-08-19 15:33 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-19 15:30 - 2015-11-18 23:37 - 00000000 ____D C:\Users\New\AppData\Roaming\AVG
2016-08-19 15:30 - 2015-11-18 23:36 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-19 15:30 - 2015-11-18 23:34 - 00000000 ____D C:\ProgramData\Avg
2016-08-19 15:30 - 2012-07-26 18:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-19 04:17 - 2013-10-02 04:12 - 00000912 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3790800915-1267840748-829986460-1001Core.job
2016-08-18 13:19 - 2013-09-30 14:11 - 00389846 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-18 13:19 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Inf
2016-08-18 04:40 - 2012-07-26 17:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-18 00:01 - 2014-01-11 21:27 - 00000000 ____D C:\Users\New\AppData\Roaming\Skype
2016-08-16 22:00 - 2013-11-13 01:53 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-08-16 22:00 - 2013-06-11 21:57 - 00000000 ____D C:\Users\New\AppData\Local\Adobe
2016-08-16 21:59 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-16 21:59 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-16 21:53 - 2013-10-01 04:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-16 21:53 - 2013-08-23 01:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-16 21:53 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-16 21:44 - 2015-09-26 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-08-16 21:44 - 2014-08-18 04:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2016-08-16 21:44 - 2014-08-18 04:49 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-08-16 21:43 - 2015-09-26 14:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-08-16 21:38 - 2014-10-23 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-08-16 21:32 - 2015-09-26 14:10 - 00001554 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-08-16 21:28 - 2015-09-26 14:06 - 00001555 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-08-16 21:28 - 2014-08-18 05:00 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2016-08-16 21:17 - 2013-06-12 07:28 - 00000000 ____D C:\Users\New\AppData\Roaming\vlc
2016-08-16 21:09 - 2015-09-26 14:21 - 00000000 ____D C:\Users\New\Documents\Visual Studio 2015
2016-08-16 20:54 - 2013-07-15 00:51 - 00000000 ____D C:\Users\New\AppData\Roaming\TS3Client
2016-08-16 19:07 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-13 23:16 - 2013-06-11 21:57 - 00000000 ____D C:\Users\New\AppData\Roaming\uTorrent
2016-08-13 01:11 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 00:14 - 2013-08-23 00:44 - 05132168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-13 00:13 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-08-13 00:13 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-13 00:13 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-13 00:06 - 2016-06-22 00:04 - 00000000 ____D C:\Users\New\AppData\Local\Battle.net
2016-08-12 03:35 - 2013-08-23 01:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-12 03:35 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-10 19:23 - 2016-07-18 00:12 - 00000000 ____D C:\Users\New\AppData\Local\Nox
2016-08-10 19:11 - 2016-07-18 00:14 - 00000000 ____D C:\Users\New\.android
2016-08-10 19:11 - 2016-07-18 00:13 - 00000000 ____D C:\Users\New\vmlogs
2016-08-10 19:11 - 2016-07-18 00:13 - 00000000 ____D C:\Users\New\.BigNox
2016-08-10 17:42 - 2013-08-14 21:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 17:39 - 2013-06-12 00:22 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 08:56 - 2016-06-22 00:06 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-08-05 07:38 - 2015-07-21 04:03 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 00:13 - 2015-11-16 18:44 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-04 21:55 - 2016-06-22 00:02 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-03 19:57 - 2014-10-31 19:28 - 00000000 ____D C:\Users\MSSQLSERVER
2016-08-03 14:42 - 2013-11-19 16:23 - 00000000 ____D C:\Users\New
2016-08-02 19:29 - 2014-02-08 09:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-07-29 08:33 - 2015-07-21 04:03 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 08:33 - 2015-07-21 04:03 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 05:25 - 2013-06-11 21:47 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-24 08:12 - 2014-02-08 09:50 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-24 08:09 - 2013-06-12 16:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-07-22 20:27 - 2013-07-15 00:50 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2016-07-22 00:37 - 2013-11-26 21:34 - 00000000 ____D C:\Users\New\AppData\Roaming\Notepad++
2016-07-21 18:05 - 2013-06-19 23:17 - 00000000 ____D C:\Users\New\AppData\Local\ElevatedDiagnostics
2016-07-21 10:48 - 2014-01-11 21:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-21 10:48 - 2014-01-11 21:27 - 00000000 ____D C:\ProgramData\Skype
2016-07-20 03:49 - 2015-07-21 14:38 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-07-20 03:49 - 2015-07-21 14:38 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-07-20 00:09 - 2013-06-12 00:16 - 00000000 ____D C:\Users\New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-20 00:09 - 2013-06-11 21:46 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-20 00:02 - 2016-05-19 22:17 - 00000000 ____D C:\ProgramData\Altova
2016-07-20 00:00 - 2014-11-23 18:13 - 00000000 ____D C:\ProgramData\LG Software
 
==================== Files in the root of some directories =======
 
2014-05-22 20:35 - 2014-05-22 20:35 - 0000132 _____ () C:\Users\New\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-02-11 23:36 - 2016-02-11 23:36 - 0000132 _____ () C:\Users\New\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-06-10 16:18 - 2014-06-10 16:18 - 0092578 _____ () C:\Users\New\AppData\Roaming\CodecsLE_Install.log
2014-05-06 11:47 - 2014-06-12 13:25 - 4904024 _____ () C:\Users\New\AppData\Roaming\EditorTranscode_Install.log
2013-06-22 02:40 - 2014-01-05 20:00 - 0054651 _____ () C:\Users\New\AppData\Roaming\net.telestream.wirecast.xml
2013-06-22 02:41 - 2013-06-22 02:41 - 0014120 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_destination.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0005028 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_main.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0014543 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0014186 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0004755 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0003123 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_NO_DACAST_AFFILIATE_ID_brandingimage_destination.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0004149 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFIALITE_ID_brandingimage_destination.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0003439 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_destination.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0003825 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_main.png
2014-01-05 18:10 - 2014-01-05 18:10 - 0005621 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0001451 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_NO_SHOWCASTER_AFFILIATE_ID_brandingimage_destination.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0007122 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png
2014-01-05 18:10 - 2014-01-05 18:10 - 0010619 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0016966 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2013-06-22 02:41 - 2013-06-22 02:41 - 0008986 _____ () C:\Users\New\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFIALITE_ID_brandingimage_destination.png
2013-06-12 19:59 - 2014-02-13 22:14 - 0004608 _____ () C:\Users\New\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-14 17:53 - 2014-11-14 17:53 - 0000000 _____ () C:\Users\New\AppData\Local\debuggee.mdmp
2013-06-06 12:25 - 2014-02-23 15:10 - 2128896 _____ () C:\Users\New\AppData\Local\file__0.localstorage
2014-11-14 17:56 - 2014-11-14 17:56 - 0028672 _____ () C:\Users\New\AppData\Local\SqlCe35AddinStore.sdf
 
Files to move or delete:
====================
C:\Users\New\random_1.dat
 
 
Some files in TEMP:
====================
C:\Users\New\AppData\Local\Temp\avguirn_081742187536.exe
C:\Users\New\AppData\Local\Temp\BluestacksUninstaller.exe
C:\Users\New\AppData\Local\Temp\HD-LibraryHandler.dll
C:\Users\New\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\New\AppData\Local\Temp\libeay32.dll
C:\Users\New\AppData\Local\Temp\msvcr120.dll
C:\Users\New\AppData\Local\Temp\SkypeSetup.exe
C:\Users\New\AppData\Local\Temp\sqlite3.dll
C:\Users\New\AppData\Local\Temp\vlc-2.2.4-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-16 22:14
 
==================== End of FRST.txt ============================

Attached Files


Edited by noker, 19 August 2016 - 03:53 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 20 August 2016 - 10:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2014-12-06]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2016-06-27] [not signed]
CHR Extension: (Chrome Web Store Payments) - C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [X]
S4 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X]
S4 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [X]
S3 OVPNService; "C:\Users\New\AppData\Local\TotalVPN\OVPN.Service.exe" [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com
C:\Users\New\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Fc9tqod9pZWWvVBRsI2YwOrYQ1Q [2398]
AlternateDataStreams: C:\ProgramData\Microsoft:40FuSbqFpB1NlaL9H9eAQDtJieX [2352]
AlternateDataStreams: C:\ProgramData\Microsoft:dSPpaw1x2VtKbCj4c6haHm [2488]
AlternateDataStreams: C:\ProgramData\Microsoft:KDpF2PbzJ2Tdf91jAJJFJrD6I [1964]
AlternateDataStreams: C:\ProgramData\Microsoft:tvunkws3ZOGjy3NY5 [2192]
AlternateDataStreams: C:\ProgramData\Microsoft:w4imDFZgUFQnRTqIwc1YR1Zgro [2274]
AlternateDataStreams: C:\ProgramData\Microsoft:w9wcfg3dqSXJd0GBK2jbjw [2414]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [150]
AlternateDataStreams: C:\Users\New\AppData\Local:54pKGDGJi076KRGCnb9pm [2280]
AlternateDataStreams: C:\Users\New\AppData\Local:BhI6N1PWNzVutiP6zyujG [2128]
AlternateDataStreams: C:\Users\New\AppData\Local\L2onlwN3cfhPt:6DlRMuB0h7oZZxThc3UdcOfWS [2402]
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\Software\Classes\exefile:  <===== ATTENTION
HKU\S-1-5-21-3790800915-1267840748-829986460-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me now what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 27 August 2016 - 10:17 AM

Are you still with me?

#4 noker

noker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 28 August 2016 - 06:19 AM

Sorry I have been away here is the fixlog

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 28 August 2016 - 08:56 AM

Are you still having issues with this computer?

#6 noker

noker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 28 August 2016 - 09:01 AM

Yes still having issues with computer speed and network speed.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 28 August 2016 - 12:48 PM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#8 noker

noker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 29 August 2016 - 11:32 AM

Still no change in my pc

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 30 August 2016 - 07:52 AM


This failed update may be causing this issue.

Error: (08/19/2016 05:17:28 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Office 64-bit Components 2010 - Update 'Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


Navigate to this page and run the update suggested.
https://www.microsoft.com/en-us/download/details.aspx?id=48067

Restart the computer normally.


If the problem persists I suggest you start a new topic in the Networking forum.
http://www.bleepingcomputer.com/forums/f/21/networking/

An expert should able to help you better than I can on this issue.

The speed issue is not caused by malware.

I will leave this topic open for 6 days. Should you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users