Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST log attached... keep seeing MalwareGen in Rkill and Avira


  • This topic is locked This topic is locked
2 replies to this topic

#1 fixmymalware2017

fixmymalware2017

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 03 February 2017 - 08:24 PM

I think the threat is gone now.. but want to check if you can.Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by zerou (administrator) on DESKTOP-HF8GIS7 (03-02-2017 20:15:13)
Running from C:\Users\zerou\Downloads
Loaded Profiles: zerou (Available Profiles: zerou)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(CyberGhost S.R.L) D:\Program Files\CyberGhost 5\Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Nenad Hrg (SoftwareOK.com)) C:\Users\zerou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DontSleep_x64.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\Scheduler.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Users\zerou\Downloads\adwcleaner_6.043.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5378\Agent.exe
(Blizzard Entertainment) D:\Program Files (x86)\Battle.net\Battle.net.8293\Battle.net.exe
() D:\Program Files (x86)\Battle.net\Battle.net.8293\Battle.net Helper.exe
() D:\Program Files (x86)\Battle.net\Battle.net.8293\Battle.net Helper.exe
(Blizzard Entertainment, Inc.) E:\Program Files (x86)\StarCraft II\Versions\Base49716\SC2_x64.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ====================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2016-12-14] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322104 2016-02-03] (Intel Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-10] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 14\MMReminderService.exe [42312 2013-09-06] (Mindjet)
HKLM-x32\...\Run: [OSDownloader] => "C:\Program Files (x86)\OSDownloader\OSDownloader.exe" AutoStart
HKLM-x32\...\Run: [FileHippo.com] => "C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe" /background




Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-24983673-948008275-1473286479-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-24983673-948008275-1473286479-1001\...\Run: [Fences] => C:\program files (x86)\stardock\fences\Fences.exe [3934168 2016-09-16] (Stardock Corporation)
HKU\S-1-5-21-24983673-948008275-1473286479-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-24983673-948008275-1473286479-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1212976 2017-01-26] (CyberGhost S.R.L.)
HKU\S-1-5-21-24983673-948008275-1473286479-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [11561488 2017-01-09] (Visicom Media Inc.)
HKU\S-1-5-21-24983673-948008275-1473286479-1001\...\Run: [DownloadAccelerator] => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
HKU\S-1-5-21-24983673-948008275-1473286479-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-24983673-948008275-1473286479-1001\...\MountPoints2: {0af75231-4e47-11e6-aa32-60a44ce8d0b1} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\Start.exe


ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-10] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\zerou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DontSleep_x64.exe [2016-08-14] (Nenad Hrg (SoftwareOK.com))
Startup: C:\Users\zerou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DontSleep_x64.ini [2017-02-03] ()
BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"1033" /heur:80 /RA:fix /pup /archives /IA:0 /KBD:1 /wow /dir:"C:\Program Files\AVAST Software\Avast"


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9fbea694-7ad1-45c3-a9f2-8e828a0592bd}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{9fbea694-7ad1-45c3-a9f2-8e828a0592bd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d1e75efc-69fa-4880-a5bd-8a7ea29dc849}: [DhcpNameServer] 192.168.1.1


Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =  
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =  
HKU\S-1-5-21-24983673-948008275-1473286479-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-24983673-948008275-1473286479-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKU\S-1-5-21-24983673-948008275-1473286479-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll [2013-09-06] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll [2016-12-16] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)


BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-12-16] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll [2016-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-24983673-948008275-1473286479-1001 ->  


FireFox:
========
FF ProfilePath: C:\Users\zerou\AppData\Roaming\Mozilla\Firefox\Profiles\1hlf0jbo.default-1484164640847 [2017-02-03]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\1hlf0jbo.default-1484164640847 -> Google 
FF Extension: (TLS 1.3 Compatibility Testing) - C:\Users\zerou\AppData\Roaming\Mozilla\Firefox\Profiles\1hlf0jbo.default-1484164640847\Extensions\tls13-compat-ff51@experiments.mozilla.org.xpi [2017-01-23]
FF SearchPlugin: C:\Users\zerou\AppData\Roaming\Mozilla\Firefox\Profiles\1hlf0jbo.default-1484164640847\searchplugins\Google .xml [2017-02-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-10]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-08-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKU\S-1-5-21-24983673-948008275-1473286479-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)


FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-11-13] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-12-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-12-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-10] (Google Inc.)


FF Plugin-x32: questrade.com/QuestradeIQEdgeDetector -> C:\Program Files (x86)\Questrade IQ Edge\npQuestradeIQEdgeDetector.dll [2016-11-02] (Questrade Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)




Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\zerou\AppData\Local\Google\Chrome\User Data\Default [2017-02-03]


CHR Extension: (YouTube) - C:\Users\zerou\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-03]
CHR Extension: (uBlock Origin) - C:\Users\zerou\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\zerou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zerou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-03]
CHR Extension: (Gmail) - C:\Users\zerou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-03]
CHR Profile: C:\Users\zerou\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx


Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - D:\Program Files (x86)\Opera\Launcher.exe


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2016-11-11] ()
S3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2016-11-12] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-10] (AVAST Software)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [300344 2017-01-18] (Avira Operations GmbH & Co. KG)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76848 2017-01-26] (CyberGhost S.R.L)
R2 CGVPNCliService; D:\Program Files\CyberGhost 5\Service.exe [65128 2016-02-12] (CyberGhost S.R.L)
S2 gupdate1d26b1f21018f6c; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-01-10] (Google Inc.)
S3 gupdatem1d26b1f21022b53; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-01-10] (Google Inc.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2016-08-15] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18488 2016-02-03] (Intel Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.)
S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
S3 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (Apple Inc.)
S3 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
S3 scc; C:\WINDOWS\SysWOW64\scc.exe [40448 2008-09-08] () [File not signed]
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2017-01-05] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2016-12-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-08-22] (Intel(R) Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-09-23] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2016-09-23] ()
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2017-01-10] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2017-01-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2017-01-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2017-01-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2017-01-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2017-01-10] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2017-01-10] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-09-05] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-10] (AVAST Software)
S3 blackberryncm; C:\WINDOWS\System32\drivers\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-18] (REALiX(tm))
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37072 2016-08-03] (Intel Corporation)
R3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-21] (Microsoft Corporation)
R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [49312 2016-08-24] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2554528 2016-12-14] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaki.inf_amd64_7096e4ac8d3f2f91\nvlddmkm.sys [14200880 2016-12-22] (NVIDIA Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2017-01-10] (Sysinternals - www.sysinternals.com)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rimvndis; C:\WINDOWS\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-12-06] (Realtek                                            )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S4 MFE_RR; \??\C:\Users\zerou\AppData\Local\Temp\mfe_rr.sys [X]
S4 qjfs; System32\drivers\ftllahr.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-02-03 20:15 - 2017-02-03 20:15 - 00003038 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (zerou)
2017-02-03 20:08 - 2017-02-03 20:08 - 00000892 _____ C:\Users\zerou\Downloads\Fixlog.txt
2017-02-03 19:31 - 2017-02-03 19:31 - 02420736 _____ (Farbar) C:\Users\zerou\Downloads\FRST64.exe
2017-02-03 19:18 - 2017-02-03 19:18 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-02-03 18:02 - 2017-02-03 18:02 - 04015056 _____ C:\Users\zerou\Downloads\adwcleaner_6.043.exe
2017-02-02 21:09 - 2017-02-02 21:09 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-02 18:01 - 2017-02-02 18:01 - 00010616 _____ C:\Users\zerou\Downloads\my-ublock-backup_2017-02-02_18.01.57.txt
2017-02-02 18:01 - 2017-02-02 18:01 - 00001220 _____ C:\Users\zerou\Downloads\my-ublock-static-filters_2017-02-02_18.01.54.txt


2017-02-02 17:09 - 2017-02-03 18:01 - 00000000 __SHD C:\ProgramData\Google
2017-02-02 14:12 - 2017-02-03 19:02 - 00000000 __SHD C:\ProgramData\kkqholss
2017-01-29 16:36 - 2017-01-29 16:56 - 3226856832 _____ C:\Users\zerou\Downloads\eng_code_post_gfx.sabs
2017-01-29 16:12 - 2017-01-21 20:49 - 04242064 _____ (Speedbit Ltd.) C:\Users\zerou\Desktop\DAP.exe
2017-01-29 16:11 - 2017-01-29 16:24 - 1845810407 _____ C:\Users\zerou\Downloads\english-20161107T011406Z.zip
2017-01-29 15:59 - 2017-01-29 17:14 - 00000000 ____D C:\Games
2017-01-29 01:41 - 2017-01-29 01:41 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-01-29 01:41 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2017-01-29 01:41 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2017-01-29 01:41 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2017-01-29 01:41 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-01-29 01:41 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2017-01-29 01:41 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-01-29 01:41 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2017-01-27 16:41 - 2017-01-27 16:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-27 16:33 - 2017-01-27 16:33 - 00346992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-26 19:52 - 2017-01-26 19:52 - 08813488 _____ (Piriform Ltd) C:\Users\zerou\Downloads\ccsetup526.exe
2017-01-26 19:52 - 2017-01-26 19:52 - 08813488 _____ (Piriform Ltd) C:\Users\zerou\Downloads\ccsetup526 (1).exe
2017-01-24 22:22 - 2017-01-24 22:22 - 00001349 _____ C:\Users\zerou\Desktop\KCleaner.lnk
2017-01-24 22:21 - 2017-01-24 22:21 - 01517640 _____ (KC Softwares ) C:\Users\zerou\Downloads\kcleaner_lite.exe


2017-01-24 17:15 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 17:15 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-23 20:27 - 2017-01-23 20:27 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\zerou\Downloads\rkill.exe
2017-01-23 19:50 - 2017-01-23 20:06 - 00002190 _____ C:\Users\zerou\Desktop\the vyvanse crash.txt
2017-01-23 06:46 - 2017-01-23 06:46 - 00001121 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-01-22 00:29 - 2017-01-22 00:29 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-01-22 00:29 - 2017-01-22 00:29 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-01-22 00:29 - 2017-01-22 00:29 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-01-22 00:29 - 2017-01-22 00:29 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-01-22 00:29 - 2017-01-22 00:29 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-01-22 00:29 - 2017-01-22 00:29 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-01-22 00:29 - 2017-01-22 00:29 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-01-22 00:29 - 2017-01-22 00:29 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-01-22 00:29 - 2017-01-22 00:29 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-01-22 00:29 - 2017-01-22 00:29 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-01-22 00:29 - 2017-01-22 00:29 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-01-22 00:29 - 2017-01-22 00:29 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-01-22 00:29 - 2017-01-22 00:29 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-01-22 00:29 - 2017-01-22 00:29 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-01-22 00:28 - 2017-01-22 00:28 - 00003364 _____ C:\WINDOWS\System32\Tasks\{2CD8C77F-F7BC-4264-A51D-E6E4823ADC1F}
2017-01-22 00:25 - 2017-01-22 00:25 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-01-22 00:25 - 2017-01-22 00:25 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-01-22 00:25 - 2017-01-22 00:25 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-01-22 00:25 - 2017-01-22 00:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-01-22 00:23 - 2017-01-22 00:23 - 00000000 ____D C:\Users\zerou\AppData\Local\openvr
2017-01-22 00:22 - 2017-02-03 19:18 - 00000000 ____D C:\Users\zerou\Downloads\CrazyHook143
2017-01-21 23:51 - 2017-01-21 23:52 - 43292473 _____ C:\Users\zerou\Downloads\CrazyHook143.rar
2017-01-21 23:50 - 2017-01-21 23:50 - 00813056 _____ C:\Users\zerou\Downloads\Captain_Claw_Game.iso
2017-01-21 22:28 - 2017-01-21 22:28 - 00004061 _____ C:\Users\zerou\Downloads\my-ublock-backup_2017-01-21_22.28.57.txt
2017-01-21 22:26 - 2017-01-21 22:26 - 00000120 _____ C:\Users\zerou\Downloads\my-ublock-static-filters_2017-01-21_22.26.36.txt
2017-01-21 21:15 - 2017-01-21 21:15 - 00000000 ____D C:\Users\Public\Desktop\Zacks
2017-01-21 21:15 - 2017-01-21 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zacks
2017-01-21 21:15 - 2004-11-03 06:06 - 03142144 ____N (Steema Software SL) C:\WINDOWS\SysWOW64\TeeChart6.ocx
2017-01-21 21:15 - 2000-07-14 22:00 - 00101888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB6STKIT.DLL
2017-01-21 21:15 - 2000-05-21 23:00 - 00244416 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFLXGRD.OCX
2017-01-21 21:15 - 2000-05-21 23:00 - 00140488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMDLG32.OCX
2017-01-21 20:49 - 2017-01-26 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2017-01-21 20:49 - 2017-01-22 20:11 - 00001282 _____ C:\Users\zerou\Desktop\My DAP Downloads.lnk
2017-01-21 20:49 - 2017-01-21 20:56 - 00000000 ____D C:\Users\zerou\Documents\My DAP Downloads
2017-01-21 20:49 - 2017-01-21 20:49 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\WINDOWS\SysWOW64\AniGIF.ocx
2017-01-20 03:46 - 2017-02-03 19:33 - 00002232 _____ C:\Users\zerou\Desktop\Rkill.txt
2017-01-20 02:07 - 2017-01-20 02:07 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-20 02:07 - 2017-01-20 02:07 - 00002359 _____ C:\Users\zerou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-19 19:44 - 2017-01-19 19:44 - 00000346 _____ C:\Users\zerou\Desktop\FOREXTraderPro.appref-ms
2017-01-19 19:44 - 2017-01-19 19:44 - 00000000 ____D C:\Users\zerou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FOREXTraderPro






2017-01-19 16:43 - 2017-01-19 16:43 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 10:55 - 2017-01-18 10:55 - 00035784 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2017-01-17 18:14 - 2017-01-17 18:15 - 00000000 ____D C:\Users\zerou\Desktop\newstuf


2017-01-17 12:54 - 2017-01-17 12:54 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task












2017-01-16 16:05 - 2017-01-16 16:05 - 00001565 _____ C:\Users\zerou\Downloads\csv701.csv
2017-01-16 15:56 - 2017-01-16 15:56 - 00002021 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-01-16 15:56 - 2017-01-16 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-01-16 15:56 - 2017-01-16 15:56 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-16 15:36 - 2017-01-16 15:36 - 00000000 ____D C:\Users\zerou\AppData\Local\tkdata
2017-01-16 15:35 - 2017-01-29 23:49 - 00001247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-16 15:35 - 2017-01-16 15:35 - 00001233 _____ C:\Users\Public\Desktop\True Key.lnk
2017-01-16 15:35 - 2017-01-16 15:35 - 00000000 ____D C:\ProgramData\TrueKey
2017-01-16 15:35 - 2017-01-16 15:35 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-01-16 15:34 - 2017-01-30 17:33 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-16 15:34 - 2017-01-16 15:34 - 00000846 _____ C:\Users\zerou\AppData\Local\recently-used.xbel
2017-01-16 15:34 - 2017-01-16 15:34 - 00000000 ____D C:\Program Files\Intel Security
2017-01-16 15:34 - 2017-01-16 15:34 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-16 15:26 - 2017-01-17 03:37 - 00000000 ____D C:\ProgramData\McAfee
2017-01-16 15:26 - 2017-01-16 15:26 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-01-16 15:25 - 2017-01-30 17:32 - 00000000 ____D C:\Program Files\TrueKey
2017-01-16 15:25 - 2017-01-16 15:26 - 00000000 ____D C:\ProgramData\Adobe
2017-01-16 15:25 - 2017-01-16 15:25 - 00002132 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-01-16 15:25 - 2017-01-16 15:25 - 00000000 ____D C:\Program Files (x86)\Adobe


2017-01-15 20:47 - 2017-01-21 21:15 - 00000000 ____D C:\ZIR
2017-01-15 20:47 - 2017-01-16 23:27 - 00000000 ____D C:\Users\zerou\Desktop\txt
2017-01-15 17:18 - 2017-01-15 17:18 - 00002779 _____ C:\Users\zerou\Desktop\StockQT.bas
2017-01-15 06:34 - 2017-01-15 06:34 - 02490880 _____ C:\Users\zerou\Downloads\microshots2010.xls
2017-01-15 06:34 - 2017-01-15 06:34 - 01174521 _____ C:\Users\zerou\Downloads\ceo.zip
2017-01-15 06:34 - 2017-01-15 06:34 - 01118720 _____ C:\Users\zerou\Downloads\fortress.xls
2017-01-15 06:33 - 2017-01-15 06:33 - 00477184 _____ C:\Users\zerou\Downloads\chartfactory.xls
2017-01-15 06:33 - 2017-01-15 06:33 - 00109056 _____ C:\Users\zerou\Downloads\quick.xls
2017-01-15 04:21 - 2017-01-15 04:21 - 01565889 _____ C:\Users\zerou\Downloads\investments_chapter10.pptx
2017-01-14 22:07 - 2017-01-14 22:11 - 59295251 _____ (Intuit Canada) C:\Users\zerou\Downloads\Unconfirmed 156497.crdownload
2017-01-14 19:26 - 2017-01-14 23:02 - 00000000 ____D C:\Users\zerou\Documents\My ProFile Data
2017-01-14 19:26 - 2017-01-14 19:27 - 00000000 ____D C:\Users\zerou\AppData\Local\Intuit
2017-01-14 19:26 - 2017-01-14 19:26 - 00000000 ____D C:\Users\zerou\AppData\Roaming\GreenPoint
2017-01-14 19:25 - 2017-01-14 19:25 - 00001914 _____ C:\Users\Public\Desktop\TurboTax Business Incorporated 2016.lnk
2017-01-14 19:25 - 2017-01-14 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax Business
2017-01-14 19:25 - 2017-01-14 19:25 - 00000000 ____D C:\Program Files (x86)\Intuit


2017-01-13 17:05 - 2017-01-13 17:05 - 00000000 ____D C:\Users\zerou\Desktop\sample
2017-01-13 10:20 - 2017-01-19 19:18 - 00000000 ____D C:\Program Files (x86)\TurboTax 2016
2017-01-13 10:20 - 2017-01-13 10:20 - 00001965 _____ C:\Users\Public\Desktop\TurboTax Canada 2016.lnk
2017-01-13 10:20 - 2017-01-13 10:20 - 00000000 ____D C:\Users\zerou\AppData\Roaming\Intuit Canada
2017-01-13 10:20 - 2017-01-13 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax
2017-01-13 10:20 - 2017-01-13 10:20 - 00000000 ____D C:\ProgramData\Intuit Canada
2017-01-13 10:19 - 2017-01-13 10:19 - 00000000 ____D C:\Users\zerou\Downloads\Intuit TurboTax Home & Business 2016 Canada Edition


2017-01-13 08:31 - 2017-01-13 09:35 - 195462829 _____ C:\Users\zerou\Downloads\Intuit TurboTax Home & Business 2016 Canada Edition.rar
2017-01-13 08:23 - 2017-01-13 10:29 - 00000000 ____D C:\Users\zerou\Documents\TurboTax
2017-01-13 08:22 - 2017-01-13 08:22 - 00000000 ____D C:\Users\zerou\AppData\Local\IsolatedStorage
2017-01-13 08:19 - 2017-01-14 19:26 - 00000000 ____D C:\Users\zerou\AppData\Roaming\Intuit
2017-01-13 08:19 - 2017-01-13 08:19 - 00000000 ____D C:\Users\zerou\Documents\TaxTron
2017-01-13 08:19 - 2017-01-13 08:19 - 00000000 ____D C:\ProgramData\TaxTron
2017-01-13 08:18 - 2017-01-14 19:26 - 00000000 ____D C:\ProgramData\Intuit
2017-01-13 08:18 - 2017-01-13 08:19 - 00000319 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-01-13 08:18 - 2017-01-13 08:18 - 00000000 ___HD C:\ProgramData\{A15FD1E0-6970-42BF-865A-BD344632CABD}
2017-01-13 08:18 - 2017-01-13 08:18 - 00000000 ____D C:\Users\zerou\AppData\Local\IIIQ
2017-01-13 08:18 - 2017-01-13 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016
2017-01-13 08:18 - 2017-01-13 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxTron
2017-01-13 08:18 - 2017-01-13 08:18 - 00000000 ____D C:\Program Files (x86)\TurboTax
2017-01-13 08:18 - 2017-01-13 08:18 - 00000000 ____D C:\Program Files (x86)\Taxtron


2017-01-13 01:55 - 2017-01-29 16:12 - 00000000 ____D C:\ProgramData\Temp
2017-01-13 00:54 - 2017-01-13 02:01 - 00001056 _____ C:\Users\Public\Desktop\ManyCam.lnk
2017-01-13 00:54 - 2017-01-13 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2017-01-13 00:47 - 2017-01-13 00:47 - 00000000 ____D C:\ProgramData\Avira
2017-01-13 00:46 - 2017-01-23 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-13 00:46 - 2017-01-13 00:46 - 00000000 ____D C:\Users\zerou\Desktop\avira
2017-01-13 00:46 - 2017-01-13 00:46 - 00000000 ____D C:\Program Files (x86)\Avira
2017-01-12 22:51 - 2017-01-29 01:42 - 00002351 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-01-12 22:51 - 2017-01-12 22:51 - 00003394 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-01-12 22:51 - 2017-01-12 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-01-12 22:41 - 2017-01-12 22:41 - 00001277 _____ C:\Users\zerou\Desktop\SUMo.lnk
2017-01-12 22:40 - 2017-01-12 22:40 - 00002073 _____ C:\Users\zerou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk
2017-01-12 22:39 - 2017-01-26 16:59 - 00000000 ____D C:\Program Files\CyberGhost 6
2017-01-12 22:39 - 2017-01-12 22:39 - 00001775 _____ C:\Users\zerou\Desktop\CyberGhost 6.lnk
2017-01-12 22:39 - 2017-01-12 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
2017-01-12 22:38 - 2017-01-12 22:40 - 00000000 ____D C:\Users\zerou\AppData\Local\CyberGhost
2017-01-12 22:38 - 2017-01-12 22:38 - 00000000 ____D C:\Program Files\TAP-Windows
2017-01-12 18:11 - 2017-01-27 20:32 - 00000000 ____D C:\ProgramData\ProductData
2017-01-12 17:48 - 2017-01-12 17:48 - 00000139 _____ C:\Users\zerou\Desktop\Software Update - SUMo.url
2017-01-12 17:44 - 2010-05-28 23:13 - 00000137 _____ C:\Users\zerou\Desktop\SUMo Home Page.URL
2017-01-11 16:41 - 2017-01-11 16:41 - 00004182 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2017-01-11 16:09 - 2016-12-22 18:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-11 16:09 - 2016-12-22 18:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 15:30 - 2017-01-11 15:31 - 56394955 _____ C:\Users\zerou\Downloads\ASUS_Manager-Update_v20402.zip
2017-01-11 15:27 - 2017-01-11 15:27 - 00000000 ____D C:\Users\zerou\AppData\Roaming\Intel Corporation
2017-01-11 15:26 - 2017-01-11 15:26 - 00000000 ____D C:\Users\zerou\Downloads\drv2
2017-01-11 15:24 - 2017-01-11 15:24 - 00000000 ____D C:\Users\zerou\Downloads\drv
2017-01-11 15:20 - 2017-01-11 15:21 - 02384852 _____ C:\Users\zerou\Downloads\Unconfirmed 238394.crdownload
2017-01-11 15:14 - 2017-01-11 15:14 - 00001263 _____ C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.6.lnk
2017-01-11 15:14 - 2017-01-11 15:14 - 00000000 ____D C:\Users\zerou\AppData\Local\Intel
2017-01-11 15:14 - 2017-01-11 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-01-11 15:14 - 2017-01-11 15:14 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-01-11 15:13 - 2017-01-11 22:46 - 00000000 ____D C:\Program Files\Intel
2017-01-11 15:13 - 2017-01-11 15:13 - 00000000 ____D C:\Users\zerou\Intel
2017-01-11 15:13 - 2017-01-11 15:13 - 00000000 ____D C:\Users\zerou\Downloads\ME_Consumer_Win8.1_10_11.0.6.1194 (1)
2017-01-11 15:13 - 2017-01-11 15:13 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-01-11 15:13 - 2016-10-18 17:14 - 00021984 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2017-01-11 15:12 - 2017-01-11 15:13 - 121126086 _____ C:\Users\zerou\Downloads\ME_Consumer_Win8.1_10_11.0.6.1194 (1).zip
2017-01-11 15:11 - 2017-01-11 15:11 - 00001277 _____ C:\Users\zerou\Desktop\DUMo.lnk
2017-01-11 15:08 - 2016-10-25 01:57 - 00000000 ____D C:\Users\zerou\Downloads\intel_mei_11.6.0.1032_driver(www.station-drivers.com)
2017-01-11 15:05 - 2017-01-11 15:06 - 121126086 _____ C:\Users\zerou\Downloads\ME_Consumer_Win8.1_10_11.0.6.1194.zip
2017-01-11 15:03 - 2017-01-12 22:41 - 00000000 ____D C:\Users\zerou\AppData\Roaming\KC Softwares
2017-01-11 15:02 - 2017-01-12 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KC Softwares
2017-01-11 15:02 - 2017-01-12 22:41 - 00000000 ____D C:\Program Files (x86)\KC Softwares
2017-01-11 15:02 - 2017-01-11 15:02 - 00000149 _____ C:\Users\zerou\Desktop\Drivers Update - DUMo.url


2017-01-11 14:57 - 2017-01-11 14:57 - 00000000 ____D C:\Users\zerou\Desktop\Old Firefox Data
2017-01-11 14:47 - 2017-01-20 03:45 - 00000000 ____D C:\Users\zerou\Downloads\FRST-OlderVersion
2017-01-11 11:23 - 2017-02-03 20:02 - 00049301 _____ C:\Users\zerou\Downloads\Addition.txt
2017-01-11 11:22 - 2017-02-03 20:15 - 00029272 _____ C:\Users\zerou\Downloads\FRST.txt
2017-01-11 11:22 - 2017-02-03 20:15 - 00000000 ____D C:\FRST
2017-01-10 20:14 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 20:14 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 20:14 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 20:14 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 20:14 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 20:14 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 20:14 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll


2017-01-10 20:14 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 20:14 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 20:14 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 20:14 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 20:14 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 20:14 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 20:14 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 20:14 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 20:14 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 20:14 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 20:14 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 20:14 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 20:14 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 20:14 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 20:14 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll


2017-01-10 20:14 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 20:14 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 20:14 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 20:14 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 20:14 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 20:14 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 20:14 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 20:14 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 20:14 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 20:14 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 20:14 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 20:14 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 20:14 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 20:14 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 20:14 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 20:14 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 20:14 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 20:14 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 20:14 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 20:14 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 20:14 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 20:14 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 20:14 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 20:14 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 20:14 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 20:14 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 20:14 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 20:14 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 20:14 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 20:14 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 20:14 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 20:14 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 20:14 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 20:14 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 20:13 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe


2017-01-10 20:13 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 20:13 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 20:13 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 20:13 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 20:13 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 20:13 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 20:13 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 20:13 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 20:13 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 20:13 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 20:13 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 20:13 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 20:13 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 20:13 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 20:13 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 20:13 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 20:13 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 20:13 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 20:13 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 20:13 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 20:13 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 20:13 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 20:13 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 20:13 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 20:13 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 20:13 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 20:13 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 20:13 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 20:13 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 20:13 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 20:13 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 20:13 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 20:13 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 20:13 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 20:13 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 20:13 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll


2017-01-10 20:13 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 20:13 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 20:13 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 20:13 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 20:13 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe


2017-01-10 20:13 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 20:13 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 20:13 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 20:13 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 20:13 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 20:13 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 20:13 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 20:13 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 20:13 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 20:13 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 20:13 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 20:13 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 20:13 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 20:13 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 20:13 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 20:13 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 20:13 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 20:13 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 20:13 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 20:13 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 20:13 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 20:13 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 20:13 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 20:13 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 20:13 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 20:13 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 20:13 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 20:13 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 20:13 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 20:13 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 20:13 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 20:13 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 20:13 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 20:13 - 2016-12-13 23:42 - 00384000 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-01-10 20:13 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 20:13 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 20:13 - 2016-12-13 23:41 - 00362496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2017-01-10 20:13 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 20:13 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 20:13 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 20:13 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 20:13 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 20:13 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 20:13 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 20:13 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 20:13 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 20:13 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 20:13 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 20:13 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 20:13 - 2016-12-13 23:35 - 02220032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2017-01-10 20:13 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 20:13 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 20:13 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 20:13 - 2016-12-13 23:25 - 02795520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-01-10 20:13 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 20:13 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 20:13 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 20:13 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 20:13 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 20:13 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 20:13 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 20:13 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 20:13 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll


2017-01-10 20:13 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 20:13 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 20:13 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 18:30 - 2017-01-10 18:30 - 00002277 _____ C:\Users\zerou\Downloads\uBlock₀ — Dashboard.html
2017-01-10 18:30 - 2017-01-10 18:30 - 00000000 ____D C:\Users\zerou\Downloads\uBlock₀ — Dashboard_files


2017-01-10 18:18 - 2017-01-11 14:50 - 00001056 _____ C:\Users\zerou\Desktop\GreenBrowser.lnk
2017-01-10 18:18 - 2017-01-10 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GreenBrowser
2017-01-10 18:18 - 2017-01-10 18:18 - 00000000 ____D C:\Program Files (x86)\GreenBrowser
2017-01-10 18:15 - 2017-01-11 14:51 - 00001132 _____ C:\Users\Public\Desktop\Midori.lnk
2017-01-10 18:15 - 2017-01-10 18:16 - 00000000 ____D C:\Users\zerou\AppData\Local\midori
2017-01-10 18:15 - 2017-01-10 18:16 - 00000000 ____D C:\Users\zerou\.dbus-keyrings
2017-01-10 18:15 - 2017-01-10 18:15 - 00000000 ____D C:\Users\zerou\AppData\Local\webkit
2017-01-10 18:15 - 2017-01-10 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Midori
2017-01-10 18:15 - 2017-01-10 18:15 - 00000000 ____D C:\Program Files (x86)\Midori
2017-01-10 18:08 - 2017-01-11 14:51 - 00001224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk




2017-01-10 17:50 - 2017-01-10 17:50 - 00092344 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-01-10 17:49 - 2017-01-10 17:49 - 00000000 ____D C:\Users\zerou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2017-01-10 17:25 - 2017-01-10 17:25 - 00998093 _____ C:\Users\zerou\Downloads\ProcessMonitor.zip
2017-01-10 17:05 - 2017-01-10 17:05 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-10 16:45 - 2017-01-10 16:45 - 00371282 _____ C:\Users\zerou\Downloads\gmer.zip
2017-01-10 16:45 - 2017-01-10 16:45 - 00231390 _____ C:\Users\zerou\Downloads\RootkitRevealer.zip
2017-01-10 16:44 - 2017-01-10 16:45 - 00464491 _____ C:\Users\zerou\Downloads\RootRepeal.zip
2017-01-10 15:48 - 2017-01-10 15:48 - 00000008 __RSH C:\Users\zerou\ntuser.pol
2017-01-10 15:48 - 2017-01-10 15:48 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-10 13:13 - 2017-01-11 14:51 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-01-10 13:13 - 2017-01-10 13:13 - 00004020 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1484040620
2017-01-10 05:01 - 2017-01-10 05:02 - 00135094 _____ C:\TDSSKiller.3.1.0.12_10.01.2017_05.01.13_log.txt
2017-01-10 04:58 - 2017-01-10 04:58 - 00250064 _____ (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\28764466.sys
2017-01-10 04:58 - 2017-01-10 04:58 - 00002040 _____ C:\TDSSKiller.3.1.0.12_10.01.2017_04.58.31_log.txt
2017-01-10 04:54 - 2017-01-10 04:54 - 00000562 _____ C:\TDSSKiller.3.1.0.12_10.01.2017_04.54.20_log.txt
2017-01-10 04:43 - 2017-01-11 14:50 - 00001679 _____ C:\Users\zerou\Desktop\Autoruns64.exe.lnk
2017-01-10 04:30 - 2017-01-11 14:51 - 00001204 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-01-10 04:29 - 2017-01-10 04:29 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-01-10 04:27 - 2017-01-11 14:51 - 00002023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-01-10 04:27 - 2017-01-11 14:51 - 00002005 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-10 04:27 - 2017-01-10 16:13 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-10 04:27 - 2017-01-10 04:27 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-01-10 04:27 - 2017-01-10 04:27 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-01-10 04:27 - 2017-01-10 04:27 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-01-10 04:27 - 2017-01-10 04:27 - 00000000 ____D C:\Users\zerou\AppData\Roaming\AVAST Software
2017-01-10 04:27 - 2017-01-10 04:26 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-01-10 04:27 - 2017-01-10 04:26 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-01-10 04:27 - 2017-01-10 04:26 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-01-10 04:27 - 2017-01-10 04:26 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-01-10 04:27 - 2017-01-10 04:26 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-01-10 04:26 - 2017-01-10 04:26 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-01-10 04:25 - 2017-02-01 22:39 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-10 04:20 - 2017-01-10 20:28 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-10 04:18 - 2017-01-10 04:18 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2017-01-10 04:15 - 2017-01-20 03:46 - 00000000 ____D C:\Users\zerou\Desktop\rkill
2017-01-10 04:07 - 2017-01-10 04:07 - 00003656 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-01-10 03:54 - 2017-01-12 15:07 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-10 03:54 - 2017-01-12 15:07 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-10 03:48 - 2017-01-10 03:48 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-01-10 03:23 - 2017-01-10 03:23 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-09 03:59 - 2017-01-09 03:59 - 00007862 _____ C:\Users\zerou\Downloads\csv52377.csv
2017-01-07 18:36 - 2017-01-07 18:36 - 00000020 _____ C:\Users\zerou\Desktop\shutdown_3_hrs.bat
2017-01-07 04:28 - 2017-01-07 04:29 - 22512715 _____ C:\Users\zerou\Downloads\Stardock_Fences_v_2.12.613.rar
2017-01-07 04:27 - 2017-01-31 23:09 - 00000000 ____D C:\Users\zerou\Desktop\XLS
2017-01-07 04:27 - 2017-01-07 04:27 - 00000000 ____D C:\Users\zerou\Desktop\DOC
2017-01-07 03:50 - 2017-01-07 03:50 - 00000000 ____D C:\Users\zerou\Downloads\Passport_10.3.03.2163_SQW100-1-2-3-4
2017-01-07 03:49 - 2017-01-07 03:49 - 1573092722 _____ C:\Users\zerou\Downloads\Passport_10.3.03.2163_SQW100-1-2-3-4.7z
2017-01-07 03:37 - 2017-01-07 03:37 - 00000465 _____ C:\Users\zerou\Downloads\Passport_10.3.03.2163_SQW100-1-2-3-4.7z.asc


2017-01-07 03:32 - 2017-01-07 03:32 - 00000000 ____D C:\Users\zerou\Downloads\mp3
2017-01-07 03:31 - 2017-01-07 03:31 - 00000000 ____D C:\Users\zerou\Downloads\Q10fresh
2017-01-05 05:41 - 2017-01-05 05:41 - 00000000 ____D C:\Users\zerou\Downloads\ManyCam @ T-291
2017-01-04 23:00 - 2017-01-04 23:00 - 00000000 ____H C:\asc_rdflag


2017-01-04 16:40 - 2017-01-04 16:40 - 00000000 ____D C:\Users\zerou\Downloads\EXTrACT
2017-01-04 16:22 - 2017-01-04 16:22 - 07877213 _____ C:\Users\zerou\Downloads\bb_remember__2017-01-03_22-21-19-462.zip
2017-01-04 16:22 - 2017-01-04 16:22 - 00000000 ____D C:\Users\zerou\Downloads\HTMLExtract


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-02-03 20:16 - 2016-07-14 23:36 - 02381930 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-03 20:14 - 2016-12-14 22:52 - 00000000 ____D C:\Users\zerou
2017-02-03 20:14 - 2016-11-12 16:27 - 00000000 ____D C:\AdwCleaner
2017-02-03 20:13 - 2016-11-19 03:36 - 00000000 ____D C:\Users\zerou\AppData\Local\Battle.net
2017-02-03 20:10 - 2016-12-14 23:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-03 20:08 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-03 20:03 - 2016-07-20 03:28 - 00000000 ____D C:\Users\zerou\AppData\Roaming\Everything
2017-02-03 18:56 - 2016-08-14 17:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-03 17:54 - 2016-12-14 22:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-03 17:30 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-03 17:30 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-03 07:02 - 2016-07-16 11:51 - 00000000 ____D C:\Users\zerou\AppData\Roaming\BitComet
2017-02-02 22:53 - 2016-07-31 20:15 - 00000000 ____D C:\Users\zerou\AppData\Roaming\vlc




2017-02-01 22:39 - 2016-12-22 02:50 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-01 22:29 - 2016-07-22 02:28 - 00000000 ____D C:\Users\zerou\AppData\Roaming\Kodi


2017-02-01 04:37 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-31 21:24 - 2016-12-15 00:07 - 00000000 ____D C:\Users\zerou\AppData\Local\Deployment
2017-01-29 23:44 - 2016-08-25 00:28 - 00000441 _____ C:\Users\zerou\Documents\wwe network.txt
2017-01-27 16:41 - 2016-08-14 21:54 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-26 19:52 - 2016-08-15 00:00 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk




2017-01-26 00:19 - 2016-11-28 00:07 - 00000000 ____D C:\Users\zerou\AppData\Local\ManyCam
2017-01-24 17:35 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 04:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-23 01:47 - 2016-11-15 05:43 - 00000000 ____D C:\Users\zerou\AppData\LocalLow\Mozilla
2017-01-23 01:34 - 2016-11-15 05:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-23 01:34 - 2016-08-10 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-22 18:46 - 2016-09-23 16:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-20 02:07 - 2016-07-14 23:34 - 00000000 ___RD C:\Users\zerou\OneDrive
2017-01-20 00:20 - 2016-11-15 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-01-17 12:44 - 2016-11-10 01:01 - 00036344 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-01-17 12:39 - 2016-12-05 19:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-17 07:17 - 2016-12-14 23:03 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-01-17 07:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-16 19:14 - 2016-11-29 21:42 - 00000000 ____D C:\Users\zerou\Desktop\invoice
2017-01-16 15:46 - 2016-07-14 23:32 - 00000000 ____D C:\Users\zerou\AppData\Local\Packages
2017-01-16 15:34 - 2016-11-27 21:42 - 00000000 ____D C:\Users\zerou\.gimp-2.8
2017-01-16 15:26 - 2016-11-20 22:59 - 00000000 ____D C:\Users\zerou\AppData\Local\Adobe
2017-01-16 15:26 - 2016-11-15 00:28 - 00000000 ____D C:\Users\zerou\AppData\LocalLow\Adobe
2017-01-16 15:26 - 2016-07-14 23:32 - 00000000 ____D C:\Users\zerou\AppData\Roaming\Adobe
2017-01-16 13:52 - 2016-12-13 18:06 - 00000000 ____D C:\Users\zerou\AppData\LocalLow\Temp
2017-01-15 23:41 - 2016-11-19 03:39 - 00000000 ____D C:\Users\zerou\Documents\StarCraft II
2017-01-15 22:16 - 2016-08-24 04:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-01-15 03:44 - 2016-12-14 23:03 - 00003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-15 03:44 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-15 03:44 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-14 19:24 - 2016-07-15 13:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-13 02:01 - 2016-11-28 00:07 - 00000000 ____D C:\Users\zerou\AppData\Roaming\ManyCam
2017-01-13 02:01 - 2016-11-28 00:07 - 00000000 ____D C:\Program Files (x86)\ManyCam
2017-01-12 22:51 - 2016-09-18 19:31 - 00000000 ____D C:\Program Files (x86)\IObit
2017-01-12 20:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Branding
2017-01-11 16:41 - 2016-11-15 05:39 - 00000000 ____D C:\Users\zerou\Documents\My RoboForm Data
2017-01-11 16:41 - 2016-11-15 05:39 - 00000000 ____D C:\Program Files (x86)\Siber Systems
2017-01-11 16:34 - 2016-04-27 01:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 16:27 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 16:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 16:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 16:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 16:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 16:22 - 2016-07-20 03:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-11 16:16 - 2015-10-30 02:24 - 00000167 _____ C:\WINDOWS\win.ini
2017-01-11 16:15 - 2016-07-15 14:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 16:10 - 2016-07-15 14:46 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 15:34 - 2016-12-14 23:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-01-11 15:32 - 2016-09-23 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-01-11 15:31 - 2016-11-11 02:32 - 00000000 ____D C:\Users\zerou\Downloads\ASUS_Manager-Update_v20402
2017-01-11 15:27 - 2016-12-13 16:17 - 01568014 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-01-11 15:26 - 2016-09-23 16:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-01-11 15:17 - 2016-09-23 16:09 - 00000000 ____D C:\ProgramData\Intel
2017-01-11 15:17 - 2016-09-23 16:09 - 00000000 ____D C:\Program Files (x86)\Intel
2017-01-11 15:14 - 2016-12-14 23:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-01-11 15:06 - 2016-11-15 05:42 - 00000000 ____D C:\Program Files (x86)\Stardock
2017-01-11 15:03 - 2016-07-14 23:32 - 00000000 ____D C:\Users\zerou\AppData\Local\VirtualStore
2017-01-11 14:58 - 2016-08-19 11:08 - 00000000 ____D C:\Program Files\KMSpico
2017-01-11 14:51 - 2016-12-30 19:12 - 00001082 _____ C:\Users\Public\Desktop\BlackBerry Blend.lnk
2017-01-11 14:51 - 2016-12-30 19:11 - 00001172 _____ C:\Users\Public\Desktop\BlackBerry Link.lnk
2017-01-11 14:51 - 2016-12-23 23:20 - 00001735 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017 RC.lnk
2017-01-11 14:51 - 2016-12-23 23:18 - 00001497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 RC.lnk
2017-01-11 14:51 - 2016-12-23 23:17 - 00002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-01-11 14:51 - 2016-12-23 07:01 - 00001134 _____ C:\Users\Public\Desktop\Macro Recorder.lnk
2017-01-11 14:51 - 2016-12-22 02:50 - 00001206 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-11 14:51 - 2016-12-20 22:04 - 00001048 _____ C:\Users\Public\Desktop\eMule.lnk
2017-01-11 14:51 - 2016-12-14 22:57 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-11 14:51 - 2016-12-13 16:14 - 00002278 _____ C:\Users\Public\Desktop\VectorVest 7.lnk
2017-01-11 14:51 - 2016-12-13 05:45 - 00001299 _____ C:\Users\Public\Desktop\Questrade IQ Edge Practice.lnk
2017-01-11 14:51 - 2016-12-13 05:28 - 00001178 _____ C:\Users\Public\Desktop\Questrade IQ Edge.lnk
2017-01-11 14:51 - 2016-12-11 18:32 - 00002064 _____ C:\Users\Public\Desktop\Questrade MetaTrader.lnk
2017-01-11 14:51 - 2016-12-09 16:40 - 00001129 _____ C:\Users\Public\Desktop\DivX Player.lnk
2017-01-11 14:51 - 2016-12-09 16:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2017-01-11 14:51 - 2016-12-01 01:46 - 00001579 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-01-11 14:51 - 2016-11-24 02:52 - 00001417 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-01-11 14:51 - 2016-11-23 13:34 - 00000891 _____ C:\Users\Public\Desktop\BitComet.lnk
2017-01-11 14:51 - 2016-11-20 02:41 - 00002092 _____ C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2017-01-11 14:51 - 2016-11-15 05:42 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-01-11 14:51 - 2016-11-15 05:32 - 00001078 _____ C:\Users\Public\Desktop\Notepad++.lnk
2017-01-11 14:51 - 2016-11-15 04:44 - 00001015 _____ C:\Users\Public\Desktop\Winja.lnk
2017-01-11 14:51 - 2016-11-13 15:11 - 00001223 _____ C:\Users\Public\Desktop\Ultra File Search Std.lnk
2017-01-11 14:51 - 2016-11-12 16:28 - 00000769 _____ C:\Users\Public\Desktop\Force Byte Detector.lnk
2017-01-11 14:51 - 2016-11-12 11:42 - 00001220 _____ C:\Users\Public\Desktop\Quick Boost.lnk
2017-01-11 14:51 - 2016-11-12 11:42 - 00001208 _____ C:\Users\Public\Desktop\JetBoost.lnk
2017-01-11 14:51 - 2016-11-11 23:00 - 00003035 _____ C:\Users\zerou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hosts File Editor.lnk
2017-01-11 14:51 - 2016-09-03 17:10 - 00000875 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-01-11 14:51 - 2016-09-02 09:42 - 00000952 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2017-01-11 14:51 - 2016-08-23 22:53 - 00002757 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center.lnk
2017-01-11 14:51 - 2016-08-15 00:57 - 00001952 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-01-11 14:51 - 2016-08-14 21:51 - 00001456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-11 14:51 - 2016-08-14 21:51 - 00001438 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-01-11 14:51 - 2016-08-14 17:37 - 00001161 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-01-11 14:51 - 2016-07-31 18:34 - 00002914 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Mindjet 14.lnk
2017-01-11 14:51 - 2016-07-31 18:34 - 00002902 _____ C:\Users\Public\Desktop\Mindjet 14.lnk
2017-01-11 14:50 - 2016-12-28 19:05 - 00000754 _____ C:\Users\zerou\Desktop\Downloads.lnk




2017-01-11 14:50 - 2016-12-10 04:41 - 00000433 _____ C:\Users\zerou\Desktop\SMFT2.lnk
2017-01-11 14:50 - 2016-11-26 04:58 - 00002285 _____ C:\Users\zerou\Desktop\Citra Edge.lnk
2017-01-11 14:50 - 2016-11-19 22:09 - 00001320 _____ C:\Users\zerou\Desktop\Battle.net Launcher.exe - Shortcut.lnk
2017-01-11 14:50 - 2016-11-17 01:13 - 00001644 _____ C:\Users\zerou\Desktop\flux.exe - Shortcut (2).lnk
2017-01-11 14:50 - 2016-11-15 05:48 - 00002095 _____ C:\Users\zerou\Desktop\Customize Fences.lnk
2017-01-11 14:50 - 2016-11-15 05:44 - 00001477 _____ C:\Users\zerou\Desktop\DivX Movies.lnk
2017-01-11 14:50 - 2016-11-10 01:13 - 00001537 _____ C:\Users\zerou\Desktop\procexp.exe - Shortcut.lnk
2017-01-11 14:50 - 2016-11-10 01:06 - 00001184 _____ C:\Users\zerou\Desktop\Resource Monitor.lnk
2017-01-11 14:50 - 2016-09-03 17:24 - 00001151 _____ C:\Users\zerou\Desktop\MSI Afterburner.lnk
2017-01-11 14:50 - 2016-09-03 17:23 - 00001028 _____ C:\Users\zerou\Desktop\TechPowerUp GPU-Z.lnk
2017-01-11 14:50 - 2016-08-20 20:32 - 00001644 _____ C:\Users\zerou\Desktop\flux.exe - Shortcut.lnk
2017-01-11 14:50 - 2016-07-22 02:30 - 00001155 _____ C:\Users\zerou\Desktop\Kodi.exe - Shortcut.lnk
2017-01-11 14:50 - 2016-07-20 03:19 - 00001209 _____ C:\Users\zerou\Desktop\Everything.exe - Shortcut.lnk
2017-01-11 14:50 - 2016-07-15 13:48 - 00001506 _____ C:\Users\zerou\Desktop\chrome.exe - Shortcut.lnk
2017-01-10 21:38 - 2016-11-15 05:37 - 00000000 ____D C:\Users\zerou\Documents\My Filehippo Downloads
2017-01-10 21:38 - 2016-11-13 15:19 - 00000000 ____D C:\Users\zerou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-10 21:38 - 2016-11-13 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-10 21:38 - 2016-11-13 15:19 - 00000000 ____D C:\Program Files\WinRAR
2017-01-10 18:36 - 2016-08-15 00:00 - 00000000 ____D C:\Program Files\CCleaner
2017-01-10 18:29 - 2016-08-24 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSDownloader
2017-01-10 18:08 - 2016-11-15 05:42 - 00000000 ____D C:\ProgramData\Stardock
2017-01-10 17:56 - 2016-11-15 05:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2017-01-10 17:38 - 2016-12-14 23:03 - 00003636 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2017-01-10 16:57 - 2016-08-19 16:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-10 16:57 - 2016-08-19 16:31 - 00000000 ____D C:\Users\zerou\Desktop\mbar
2017-01-10 15:56 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-10 04:29 - 2016-11-10 02:04 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-10 04:29 - 2016-11-10 02:04 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-10 04:07 - 2016-08-24 12:00 - 00004356 _____ C:\WINDOWS\system32\.crusader
2017-01-10 03:54 - 2016-09-10 10:21 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-10 03:47 - 2016-09-18 19:30 - 00000000 ____D C:\ProgramData\IObit
2017-01-10 03:30 - 2016-12-15 00:14 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-01-10 03:24 - 2016-07-20 10:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-10 03:23 - 2015-10-30 02:24 - 00003722 _____ C:\WINDOWS\system32\Drivers\etc\hosts.hitmanpro
2017-01-06 00:00 - 2016-11-28 00:07 - 00000000 ____D C:\ProgramData\ManyCam
2017-01-04 23:01 - 2016-12-22 13:13 - 113934336 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2017-01-04 23:01 - 2016-12-22 13:13 - 01191936 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2017-01-04 23:00 - 2016-12-22 13:13 - 00065536 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2017-01-04 23:00 - 2016-12-22 13:13 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak


==================== Files in the root of some directories =======


2016-09-03 17:38 - 2016-09-03 18:05 - 1065984 _____ () C:\Users\zerou\AppData\Local\file__0.localstorage
2017-01-16 15:34 - 2017-01-16 15:34 - 0000846 _____ () C:\Users\zerou\AppData\Local\recently-used.xbel
2016-11-10 01:01 - 2016-11-11 02:34 - 0007632 _____ () C:\Users\zerou\AppData\Local\Resmon.ResmonCfg
2016-12-14 22:49 - 2016-12-14 22:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-12 16:28 - 2016-12-22 02:48 - 0873472 _____ () C:\ProgramData\FBDLive.db
2017-01-13 08:18 - 2017-01-13 08:19 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-11-12 16:28 - 2016-12-22 02:48 - 0000004 _____ () C:\ProgramData\update.ini


Some files in TEMP:
====================
2017-02-02 14:07 - 2017-02-02 14:07 - 16312432 _____ () C:\Users\zerou\AppData\Local\Temp\Bit1FC.tmp.exe


==================== Bamital & volsnap ======================






C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-01-28 02:37


==================== End of FRST.txt ============================

Attached Files


Edited by EltonAguiar, 03 February 2017 - 08:28 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:29 PM

Posted 04 February 2017 - 09:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Users\zerou\Downloads\adwcleaner_6.043.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
FF HKU\S-1-5-21-24983673-948008275-1473286479-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\zerou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S4 MFE_RR; \??\C:\Users\zerou\AppData\Local\Temp\mfe_rr.sys [X]
S4 qjfs; System32\drivers\ftllahr.sys 
Task: {49EE1F08-B17E-428D-9A5B-F048B4AA5CC7} - \USER_ESRV_SVC_QUEENCREEK -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\Temp:$DATA [16]
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [564]
C:\Users\zerou\AppData\Local\Temp\Bit1FC.tmp.exe

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)

Please let me know what problem persists with this computer.


p.s.
If Rkill and Avira are still reporting items please run the programs and post the logs for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:29 PM

Posted 10 February 2017 - 10:19 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users