Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

The internet has slowed down, sites do not open, hardly anything loads, AA11 found

This is a discussion on The internet has slowed down, sites do not open, hardly anything loads, AA11 found within the Resolved HJT Threads forums, part of the Tech Support Forum category. Laptop is less than 3 yrs old. Harddrive failed 2 months ago and no one has been able to retrieve


 
 
Thread Tools Search this Thread
Old 11-01-2015, 12:22 PM   #1
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2


Cry

Laptop is less than 3 yrs old. Harddrive failed 2 months ago and no one has been able to retrieve anything (which is another issue I'd like to explore once I can access the internet fully again). So there is hardly anything on this one. Its possible the repair place put on a bootleg version of Windows 7 Home Premium, SP 1. I don't know. I had a harddrive of 750 G; this new one is 500. 64 bit is what it was before. Maybe that part wouldn't change. (I'd upgraded to Windows 10 about 3 wks bef the other harddrive failed. Just stopped... dead.)

I'm online almost all day every day, into the night, with multiple tabs open in several browsers at once. Not as many with this new one, but pretty much the same habits. Uploading, downloading, videos etc etc. I leave the system on almost all the time, just close the lid and it sleeps overnight. It doesn't start right back up like the previous one. I have to wake it up by clicking on the Main Icon on the desktop. It looks different than it did before, which is why I suspect a possible bootleg copy of OS. Anyway, all hunky dory Thurs nite when I went to bed. When I got up Fri morning, could not get on hardly any websites. I think Windows Update restarted the system, but I'm not 100% sure about that.

I ran System Restore about 8 times. It keeps NOT restoring to an earlier time. I updated Intel Wifi driver and software, in case that was it. I made sure I had all Windows updates. Signal speed reads as 144Mbps but speed of laptop tests as less than 25kbps. I tried to go back to an earlier, earlier time, to Wednesday, and it did not give me that option. I noticed an install of AA11 in the list of System Restore options. I do not know what that is. I can't get rid of it, Spyware and Virus Scans do not find it or remove it. And the timing corresponds. It looks to have been installed at 2:35am on Thursday. Sometimes I fall asleep with the laptop on w/ the lid up. I must have done that, that night. Otherwise, I don't know how anything could have been installed or "updated."

I have been at this over 48 hrs straight and cannot figure it out on my own. Please Help! I want my internet back!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18057 BrowserJavaVersion: 11.65.2
Run by Main at 13:33:03 on 2015-11-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12187.8449 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Updated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\Av\avgrsa.exe
C:\Program Files (x86)\AVG\Av\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\Av\avgidsagent.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\AVG\Av\avgnsa.exe
C:\Program Files (x86)\AVG\Av\avgemca.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Zoom] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{0045FB1D-4B34-4E43-8491-8BD88CA74688} : NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{30FCEDB1-2657-4340-B387-BC3D38E74C39} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{BEEA2C7B-8647-4B74-B1E7-10F385A41257} : DHCPNameServer = 192.168.29.1
TCP: Interfaces\{BEEA2C7B-8647-4B74-B1E7-10F385A41257}\24F6F6B6D696C6C6 : DHCPNameServer = 12.0.0.1
TCP: Interfaces\{BEEA2C7B-8647-4B74-B1E7-10F385A41257}\358656C6265727E6566416C6C637D223E243 : DHCPNameServer = 75.75.75.75 75.75.76.76 75.75.75.75 75.75.76.76
TCP: Interfaces\{BEEA2C7B-8647-4B74-B1E7-10F385A41257}\663636E65647 : DHCPNameServer = 8.8.8.8 192.168.1.1
TCP: Interfaces\{BEEA2C7B-8647-4B74-B1E7-10F385A41257}\74275656E6F5455616D6 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{BEEA2C7B-8647-4B74-B1E7-10F385A41257}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\5amz32ik.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Users\Main\AppData\Roaming\Zoom\bin\npzoomplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-8-20 298416]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-8-14 398256]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-8-10 251312]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-8-10 42416]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2011-12-5 16152]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-8-10 197040]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-9-11 312752]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-8-10 293296]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-8-28 301488]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 AMPPALR3;Intel« Centrino« Wireless Bluetooth« + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2014-2-5 659976]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2015-10-12 3792880]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2015-10-16 1046952]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2015-10-12 596344]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135952]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 25800]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-9-3 1750712]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-9-4 2102496]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-9-4 224712]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2015-8-13 3325232]
R3 AMPPAL;Intel« Centrino« Wireless Bluetooth« + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2011-12-5 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2011-12-5 785688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2015-9-2 565352]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-13 20016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 AMPPALP;Intel« Centrino« Wireless Bluetooth« + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2015-10-12 604712]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-10-14 114688]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-9-2 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-9-2 63704]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-9-10 19456]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2015-9-2 259688]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-9-10 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-9-10 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-9-5 1255736]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-9-2 13592]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
S4 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2015-9-2 128280]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2015-9-2 161560]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-9-2 1133880]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2015-9-2 363800]
.
=============== Created Last 30 ================
.
2015-11-01 07:22:45 -------- d-----w- C:\ProgramData\Package Cache
2015-10-31 07:25:51 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D411951B-D23A-46E2-8497-CA403C36F058}\offreg.5292.dll
2015-10-30 23:08:28 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-10-30 23:08:23 11140960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D411951B-D23A-46E2-8497-CA403C36F058}\mpengine.dll
2015-10-30 19:52:15 -------- d-----w- C:\Users\Main\AppData\Local\Avg2015
2015-10-24 20:39:33 -------- d-----w- C:\Users\Main\AppData\Roaming\AVG
2015-10-24 20:28:29 -------- d-----w- C:\ProgramData\Avg
2015-10-24 20:26:25 -------- d-----w- C:\Users\Main\AppData\Local\AvgSetupLog
2015-10-20 22:13:17 -------- d-----w- C:\Users\Main\AppData\Local\Amazon
2015-10-15 15:11:11 766464 ----a-w- C:\Windows\System32\generaltel.dll
2015-10-15 15:11:11 73216 ----a-w- C:\Windows\System32\acmigration.dll
2015-10-15 15:11:11 700416 ----a-w- C:\Windows\System32\invagent.dll
2015-10-15 15:11:11 503808 ----a-w- C:\Windows\System32\devinv.dll
2015-10-15 15:11:11 25432 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-10-15 15:11:11 1291264 ----a-w- C:\Windows\System32\appraiser.dll
2015-10-15 15:11:11 1163776 ----a-w- C:\Windows\System32\aeinv.dll
2015-10-15 14:44:33 -------- d-----w- C:\Users\Main\AppData\Local\Avg
2015-10-14 14:05:47 1866752 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2015-10-14 14:05:47 1498624 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2015-10-14 14:05:41 544768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-14 14:05:41 503296 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 14:05:41 348672 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 14:05:41 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-14 14:05:41 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-14 14:05:41 110592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-14 14:05:41 10240 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-10-12 17:02:45 -------- d-----w- C:\Users\Main\AppData\Roaming\Zoom
2015-10-10 09:09:37 -------- d-----w- C:\Users\Main\AppData\Local\GWX
.
==================== Find3M ====================
.
2015-11-01 16:56:04 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2015-11-01 16:54:45 78032 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2015-11-01 16:54:45 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2015-11-01 16:54:14 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2015-10-22 03:53:20 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-10-17 04:48:29 780488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-10-17 04:48:29 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-01 1849 692672 ----a-w- C:\Windows\System32\winload.efi
2015-10-01 18:04:11 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-10-01 18:00:59 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-10-01 18:00:43 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-10-01 18:00:43 32768 ----a-w- C:\Windows\System32\appidsvc.dll
2015-10-01 18:00:06 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-10-01 18:00:06 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2015-10-01 17:50:35 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2015-10-01 17:00:54 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-09-29 03:16:51 5569472 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-09-29 03:13:50 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-09-29 03:13:50 1730496 ----a-w- C:\Windows\System32\ntdll(257).dll
2015-09-29 03:11:19 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-09-29 03:11:19 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-09-29 03:11:19 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-09-29 03:11:19 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-09-29 03:11:06 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-09-29 03:11:03 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-09-29 03:11:01 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-09-29 03:11:01 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-09-29 03:10:59 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-09-29 03:10:56 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2015-09-29 03:10:55 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-09-29 03:10:53 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-09-29 03:10:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2015-09-29 03:10:47 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-09-29 03:10:47 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-09-29 03:10:47 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-09-29 03:10:30 112640 ----a-w- C:\Windows\System32\smss.exe
2015-09-29 03:10:30 112640 ----a-w- C:\Windows\System32\smss(258).exe
2015-09-29 03:10:25 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-09-29 03:09:59 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-09-29 03:09:53 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-09-29 03:05:56 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-09-29 03:05:36 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-09-29 03:05:01 3990976 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-09-29 03:05:01 3936192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-09-29 03:02:09 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-09-29 03:02:09 1311768 ----a-w- C:\Windows\SysWow64\ntdll(263).dll
2015-09-29 02:59:20 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-09-29 02:59:17 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-09-29 02:59:16 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-09-29 02:59:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-09-29 02:59:08 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-09-29 02:59:04 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-09-29 02:58:57 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-09-29 02:58:57 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-09-29 02:58:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-09-29 02:58:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-09-29 02:58:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-09-29 02:57:53 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-09-29 02:57:53 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-09-29 02:57:52 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-09-29 02:53:44 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-09-29 02:53:28 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-09-29 01:50:29 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-09-29 01:49:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-09-29 01:49:31 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-09-29 01:43:29 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-09-29 01:43:27 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-09-29 01:40:57 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-09-29 01:40:57 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-29 01:40:57 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-29 01:40:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-09-25 18:07:19 98816 ----a-w- C:\Windows\System32\wudriver.dll
2015-09-25 18:07:19 3168768 ----a-w- C:\Windows\System32\wucltux.dll
2015-09-25 18:07:19 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2015-09-25 1854 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-09-25 1844 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-09-25 1840 37888 ----a-w- C:\Windows\System32\wuapp.exe
2015-09-25 17:59:08 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-09-25 17:59:08 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-09-25 17:58:25 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-09-16 04:36:53 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-09-16 04:36:43 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-09-16 04:22:21 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-09-16 04:21:39 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-09-16 04:21:33 417792 ----a-w- C:\Windows\System32\html.iec
2015-09-16 04:21:27 585728 ----a-w- C:\Windows\System32\vbscript.dll
2015-09-16 04:21:17 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-09-16 04:09:30 5990912 ----a-w- C:\Windows\System32\jscript9.dll
2015-09-16 04:08:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-09-16 04:08:38 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-09-16 04:08:23 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-09-16 04:01:30 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-09-16 03:50:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-09-16 03:45:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-09-16 03:33:26 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-09-16 03:33:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-09-16 03:32:33 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-09-16 03:32:24 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-09-16 03:31:57 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-09-16 03:28:33 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
.
============= FINISH: 13:33:26.79 ===============

I am including my attach log her because I do not have enough bandwidth to attach anything. I HOPE this will at least post and you get it!

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/2/2015 1:22:32 PM
System Uptime: 11/1/2015 12:53:49 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1819
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | U3E1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 410.766 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP44: 10/31/2015 9:58:05 PM - Windows Update
RP45: 11/1/2015 12:35:49 AM - Restore Operation
RP46: 11/1/2015 12:52:43 AM - Windows Update
RP47: 11/1/2015 12:54:36 AM - Restore Operation
RP48: 11/1/2015 1:12:44 AM - Windows Update
RP49: 11/1/2015 1:20:30 AM - Restore Operation
RP50: 11/1/2015 3:22:30 AM - Intel« PROSet/Wireless Software
RP51: 11/1/2015 3:55:22 AM - AA11
RP52: 11/1/2015 1:48:22 PM - Restore Operation
.
==== Installed Programs ======================
.
ÁTorrent
Adobe Flash Player 19 NPAPI
Adobe Reader XI (11.0.13)
Adobe Refresh Manager
Amazon Kindle
AVG
AVG 2016
AVG Protection
CCleaner
FMW 1
Google Chrome
Google Update Helper
HP Customer Experience Enhancements
HP FWUpdateEDO2
HP Officejet 4620 series Basic Device Software
HP Officejet 4620 series Help
HP Officejet 4620 series Product Improvement Study
HP Photo Creations
HP Support Assistant
HP Support Solutions Framework
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
IDT Audio
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel« PROSet/Wireless WiFi Software
Intel« Trusted Connect Service Client
Java 8 Update 65
Java Auto Updater
Malwarebytes Anti-Malware version 2.1.8.1057
Microsoft .NET Framework 4.5.2
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 41.0.2 (x86 en-US)
Mozilla Maintenance Service
OpenOffice 4.1.1
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Security Update for Microsoft .NET Framework 4.5.2 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)
Security Update for Microsoft .NET Framework 4.5.2 (KB3074550)
Skype Click to Call
SkypeÖ 7.10
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics Pointing Device Driver
Validity WBF DDK
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player
Zoom
.
==== Event Viewer Messages From Past Week ========
.
11/1/2015 2:38:36 AM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/1/2015 12:54:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.209.968.0).
11/1/2015 12:48:12 AM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
11/1/2015 1:32:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
11/1/2015 1:32:47 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2015 8:31:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/30/2015 4:42:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64
10/30/2015 4:41:36 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753637.
.
==== End Of File ===========================
miracleshaman is offline  
Sponsored Links
Advertisement
 
Old 11-01-2015, 04:27 PM   #2
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



Even sites that were opening before are not opening now. Hopefully, by the time you have a response I will be able to receive it! On Fri morning when this started I thought a site I wanted to get into was down. And then I realized it was me, because I cannot reliably get in anywhere! Hopefully this will post.

Also, the reference to when this all started was at 2:35am Thurs nite, so really Fri morning. Hopefully, you realized that's what I meant, or maybe it doesn't even matter. Definitely starting to freak out now! Everything in my life is online!
miracleshaman is offline  
Old 11-04-2015, 12:20 PM   #3
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



BUMP!

Its been 3 days! (And that's 5 days for me without internet, which feels like a month, at least!) Hope to get started on the fix TODAY. Please!

If there's software to download, hopefully, I can download it with my phone and copy it to my harddrive. Or if you can send it as an attachment in an email I can do the same. I won't be able to download it directly to my lappie.
miracleshaman is offline  
Sponsored Links
Advertisement
 
Old 11-05-2015, 11:43 AM   #4
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



BUMP! Please!

Is anybody monitoring this thread? Its been 4 days since my first post! I really need to get my internet access fixed! I know other people have problems too, but if I just knew if help was coming or not, it would make a HUGE difference to me. Am I waiting for help that is not going to come... or do I just have to be more patient and my turn is coming soon?

In the meantime, I ran HijackThis, as I remembered that as a diagnostic I used in 2006. Though I don't know if they are State of the Art anymore, they did recommend 2 removals of unknown urls and I did remove them, though I do not notice any improvement.

I did have slightly better access on Tues at another location than home, so I thought maybe its the connection at home that suddenly went bad. But I went back to that other same location yesterday and it was decidedly worse from the day before, and more like it is at home. So I don't know. And the signal itself at home tests as excellent. So I am pretty sure it is something on my computer that is blocking internet access.

I wish I knew if someone here was going to help or not!
miracleshaman is offline  
Old 11-06-2015, 12:03 AM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello miracleshaman,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the following steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 11-06-2015, 02:56 AM   #6
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



Tolga,

Thank you SO MUCH for getting back to me! I was starting to lose hope!
The log files you requested are attached below.


# AdwCleaner v5.018 - Logfile created 06/11/2015 at 05:27:29
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Main - MAIN-PC
# Running from : C:\Users\Main\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00A6FAF1-072E-44CF-8957-5838F569A31D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{224530A0-C9CB-4AEE-9C0F-54AC1B533211}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8C875948-9C60-4381-9248-0DF180542D53}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C900B400-CDFE-11D3-976A-00E02913A9E0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9765480-72D1-11D4-A75A-004F49045A87}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC87A650-207D-4392-A6A1-82ADBC56FA64}
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[!] Key Not Deleted : HKU\S-1-5-18\Software\Avg Secure Update

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2188 bytes] ##########


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by Main (administrator) on MAIN-PC (06-11-2015 05:36:54)
Running from C:\Users\Main\Downloads
Loaded Profiles: Main (Available Profiles: Main)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel« Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3812264 2015-10-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55349888 2015-09-04] (Skype Technologies S.A.)
HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\Run: [Zoom] => 0
HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4594552 2015-06-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{30FCEDB1-2657-4340-B387-BC3D38E74C39}: [DhcpNameServer] 10.1.10.1
Tcpip\..\Interfaces\{BEEA2C7B-8647-4B74-B1E7-10F385A41257}: [DhcpNameServer] 192.168.29.1

Internet Explorer:
==================
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\5amz32ik.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2837511580-3323462357-3090368776-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Main\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-09-22] (Zoom Video Communications, Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]

Chrome:
=======
CHR Profile: C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-30]
CHR Extension: (Google Docs) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-30]
CHR Extension: (Google Drive) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Skype Click to Call) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-30]
CHR Extension: (Gmail) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604712 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3792880 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [596344 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel« Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-09-11] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [293296 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [251312 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [301488 2015-08-28] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-06 05:36 - 2015-11-06 05:37 - 00016930 _____ C:\Users\Main\Downloads\FRST.txt
2015-11-06 05:36 - 2015-11-06 05:36 - 00000000 ____D C:\FRST
2015-11-06 05:33 - 2015-11-06 05:36 - 02198528 _____ (Farbar) C:\Users\Main\Downloads\FRST64.exe
2015-11-06 05:19 - 2015-11-06 05:27 - 00000000 ____D C:\AdwCleaner
2015-11-06 05:15 - 2015-11-06 05:16 - 01713664 _____ C:\Users\Main\Downloads\AdwCleaner.exe
2015-11-06 01:37 - 2015-11-06 01:37 - 00000000 ____D C:\Users\Main\Downloads\The.Leisure.Class.2015.HDTV.x264-2HD[ettv]
2015-11-06 01:37 - 2015-11-06 01:37 - 00000000 ____D C:\Users\Main\Downloads\Greys.Anatomy.S12E06.HDTV.x264-LOL[ettv]
2015-11-06 00:27 - 2015-11-06 00:27 - 00015081 _____ C:\Users\Main\Documents\Social Media Calendar.ods
2015-11-06 00:27 - 2015-11-06 00:27 - 00000107 ____H C:\Users\Main\Documents\.~lock.Social Media Calendar.ods#
2015-11-06 00:13 - 2015-11-06 00:13 - 00011240 _____ C:\Users\Main\Downloads\Social Media Calendar.xlsx
2015-11-05 20:32 - 2015-11-05 20:32 - 00000000 ____D C:\Users\Main\Downloads\Sleepy Hollow S02E06 HDTV x264-LOL[ettv]
2015-11-05 20:27 - 2015-11-05 20:27 - 00000000 ____D C:\Users\Main\Downloads\Sleepy Hollow S02E05 HDTV x264-KILLERS[ettv]
2015-11-05 20:24 - 2015-11-05 20:24 - 00000000 ____D C:\Users\Main\Downloads\Sleepy Hollow S02E04 HDTV x264-2HD[ettv]
2015-11-05 20:20 - 2015-11-05 20:20 - 00000000 ____D C:\Users\Main\Downloads\Sleepy Hollow S02E03 HDTV x264-2HD[ettv]
2015-11-05 20:17 - 2015-11-05 20:17 - 00000000 ____D C:\Users\Main\Downloads\Sleepy Hollow S02E02 HDTV x264-LOL[ettv]
2015-11-05 20:14 - 2015-11-05 20:14 - 00000000 ____D C:\Users\Main\Downloads\Sleepy Hollow S02E01 HDTV x264-KILLERS[ettv]
2015-11-05 11:22 - 2015-11-05 11:22 - 00000000 ____D C:\Users\Main\Downloads\backups
2015-11-05 00:38 - 2015-11-05 00:38 - 00010953 _____ C:\Users\Main\Downloads\hijackthis.log
2015-11-05 00:34 - 2015-11-05 00:34 - 00388608 _____ (Trend Micro Inc.) C:\Users\Main\Downloads\HijackThis.exe
2015-11-04 21:16 - 2015-11-04 21:16 - 00000504 _____ C:\Windows\PFRO.log
2015-11-04 19:17 - 2015-11-04 19:19 - 00000000 ____D C:\ProgramData\WRData
2015-11-03 20:24 - 2015-11-03 20:40 - 290087115 _____ C:\Users\Main\Downloads\Affirmation Video.m4v
2015-11-03 19:46 - 2015-11-03 19:46 - 00000000 ____D C:\Users\Main\Downloads\Sleepy Hollow S01E12-E13 HDTV x264-2HD[ettv]
2015-11-03 19:46 - 2015-11-03 19:46 - 00000000 ____D C:\Users\Main\Downloads\Sleepy Hollow S01E11 HDTV x264-2HD[ettv]
2015-11-03 19:43 - 2015-11-03 19:43 - 00000000 ____D C:\Users\Main\Downloads\Sleepy Hollow S01E10 HDTV x264-LOL[ettv]
2015-11-03 19:34 - 2015-11-06 05:29 - 00000504 _____ C:\Windows\setupact.log
2015-11-03 19:34 - 2015-11-03 19:34 - 00000000 _____ C:\Windows\setuperr.log
2015-11-02 13:24 - 2015-11-02 16:39 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-01 13:33 - 2015-11-01 13:33 - 00025641 _____ C:\Users\Main\Desktop\dds.txt
2015-11-01 13:33 - 2015-11-01 13:33 - 00004884 _____ C:\Users\Main\Desktop\attach.txt
2015-11-01 13:25 - 2015-11-01 13:26 - 00688992 ____R (Swearware) C:\Users\Main\Downloads\dds.scr
2015-11-01 02:22 - 2015-11-01 02:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-31 22:39 - 2015-10-31 22:39 - 00000000 ____D C:\Users\Main\Downloads\The.Dresser.2015.HDTV.x264-TLA[ettv]
2015-10-31 20:57 - 2015-10-31 20:57 - 00000000 _____ C:\Users\Main\Downloads\Intel Driver Update Utility Installer.exe
2015-10-30 18:12 - 2015-10-30 18:38 - 00021734 _____ C:\Users\Main\Documents\Initial Coaching Agreement Contract Appio.odt
2015-10-30 14:52 - 2015-10-30 14:52 - 00000000 ____D C:\Users\Main\AppData\Local\Avg2015
2015-10-30 13:19 - 2015-10-30 13:19 - 00028897 _____ C:\Users\Main\Documents\letter to Dom slightly revised.odt
2015-10-30 13:19 - 2015-10-30 13:19 - 00024949 _____ C:\Users\Main\Documents\Secret sister gift exchange.odt
2015-10-30 00:00 - 2015-10-30 00:00 - 00017739 _____ C:\Users\Main\Documents\Blank Coaching Session Prep Form.odt
2015-10-29 23:10 - 2015-10-30 18:11 - 00014283 _____ C:\Users\Main\Documents\Blank Coaching Intake Form.odt
2015-10-29 23:08 - 2015-10-30 18:35 - 00021143 _____ C:\Users\Main\Documents\Blank Coaching Agreement Contract.odt
2015-10-27 11:01 - 2015-10-27 11:12 - 00026516 _____ C:\Users\Main\Documents\Coaching Session Prep Form-for Session 18 - 10-27-2015.odt
2015-10-24 22:51 - 2015-11-02 17:08 - 00009189 _____ C:\Windows\wininit.ini
2015-10-24 18:19 - 2015-10-24 18:19 - 02894864 _____ (AVG Technologies) C:\Users\Main\Downloads\AVG_PCTuneUp_877.exe
2015-10-24 15:39 - 2015-10-30 15:52 - 00000000 ____D C:\Users\Main\AppData\Roaming\AVG
2015-10-24 15:28 - 2015-10-30 15:55 - 00000000 ____D C:\ProgramData\Avg
2015-10-24 15:26 - 2015-10-30 19:23 - 00000000 ____D C:\Users\Main\AppData\Local\AvgSetupLog
2015-10-21 12:02 - 2015-10-21 12:02 - 00001878 _____ C:\Users\Main\Desktop\Zoom.lnk
2015-10-20 17:13 - 2015-11-01 12:50 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-10-20 17:13 - 2015-10-30 15:52 - 00000000 ____D C:\Users\Main\AppData\Local\Amazon
2015-10-20 17:13 - 2015-10-20 17:13 - 00002225 _____ C:\Users\Main\Desktop\Kindle.lnk
2015-10-20 17:13 - 2015-10-20 17:13 - 00000000 ____D C:\Users\Main\Documents\My Kindle Content
2015-10-20 16:41 - 2015-10-20 17:12 - 41910592 _____ (Amazon.com) C:\Users\Main\Downloads\KindleForPC-installer-1.12.41022.exe
2015-10-20 15:31 - 2015-10-20 15:31 - 00192200 _____ C:\Users\Main\Documents\Coaching Photo.odt
2015-10-18 23:33 - 2015-10-19 14:50 - 00024767 _____ C:\Users\Main\Documents\How Do You Know When You Need Coaching.odt
2015-10-16 23:59 - 2015-11-06 01:12 - 00000000 ____D C:\Users\Main\Downloads\Created Images for FB
2015-10-15 13:51 - 2015-10-15 15:07 - 00025086 _____ C:\Users\Main\Documents\Coaching Session Prep Form-for Session 17 - 10-15-2015.odt
2015-10-15 10:11 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 10:11 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 10:11 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 10:11 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 10:11 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 10:11 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 10:11 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-15 09:45 - 2015-10-15 09:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-10-15 09:45 - 2015-10-15 09:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-10-15 09:44 - 2015-10-30 15:59 - 00000000 ____D C:\Users\Main\AppData\Local\Avg
2015-10-15 00:47 - 2015-10-15 00:47 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-14 09:10 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 09:10 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 09:10 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 09:10 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 09:10 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 09:10 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 09:10 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 09:10 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 09:10 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 09:10 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 09:10 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 09:10 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 09:10 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 09:10 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 09:10 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 09:10 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 09:10 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 09:10 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 09:10 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 09:10 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 09:10 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 09:10 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 09:10 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 09:10 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 09:10 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 09:10 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 09:10 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 09:10 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 09:10 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 09:10 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 09:10 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 09:10 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 09:10 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 09:10 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 09:10 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 09:10 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 09:10 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 09:10 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 09:10 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 09:10 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 09:10 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 09:10 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 09:10 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 09:10 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 09:10 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 09:10 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 09:10 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 09:10 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 09:10 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 09:10 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 09:10 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 09:10 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 09:10 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 09:10 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 09:10 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 09:10 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 09:10 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 09:10 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 09:10 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 09:10 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 09:10 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 09:10 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 09:10 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 09:10 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 09:05 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 09:05 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 09:05 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 09:05 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 09:00 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 09:00 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 09:00 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 09:00 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 09:00 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 09:00 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 09:00 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 09:00 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 09:00 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 09:00 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 09:00 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 09:00 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll(257).dll
2015-10-14 09:00 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 09:00 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 09:00 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 09:00 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 09:00 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 09:00 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 09:00 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 09:00 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 09:00 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 09:00 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 09:00 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 09:00 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 09:00 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 09:00 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 09:00 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 09:00 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss(258).exe
2015-10-14 09:00 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 09:00 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 09:00 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 09:00 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 09:00 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 09:00 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 09:00 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 09:00 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 09:00 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 09:00 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 09:00 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 09:00 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll(263).dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 09:00 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 09:00 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 09:00 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 09:00 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 09:00 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 09:00 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 09:00 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 09:00 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 09:00 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 09:00 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 09:00 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 09:00 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 09:00 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 09:00 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 09:00 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 09:00 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 09:00 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 09:00 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 09:00 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 09:00 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 09:00 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 09:00 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 09:00 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 09:00 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 09:00 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 09:00 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 09:00 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 09:00 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 09:00 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 09:00 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 09:00 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 09:00 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 09:00 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 09:00 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 09:00 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 09:00 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 09:00 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 09:00 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 09:00 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 09:00 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 09:00 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 09:00 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 09:00 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 09:00 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 09:00 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 09:00 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 09:00 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 09:00 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 09:00 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 09:00 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 09:00 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-12 12:07 - 2015-10-12 12:07 - 00000000 ____D C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2015-10-12 12:02 - 2015-10-30 15:52 - 00000000 ____D C:\Users\Main\AppData\Roaming\Zoom
2015-10-12 12:02 - 2015-10-12 12:02 - 00133528 _____ (Zoom Video Communications, Inc.) C:\Users\Main\Downloads\Zoom_launcher.exe
2015-10-11 13:22 - 2015-10-11 15:02 - 00000000 ____D C:\Users\Main\Documents\Get Clients in Your Backyard
2015-10-11 07:55 - 2015-11-06 05:04 - 00000000 ____D C:\Users\Main\AppData\LocalLow\uTorrent
2015-10-10 04:09 - 2015-10-10 04:09 - 00000000 ____D C:\Users\Main\AppData\Local\GWX
2015-10-09 12:02 - 2015-10-30 15:52 - 00000000 ____D C:\Users\Main\Documents\Slim Chic and Savvy

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-06 05:36 - 2009-07-14 00:13 - 00781522 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-06 05:33 - 2015-09-02 15:19 - 01969890 _____ C:\Windows\WindowsUpdate.log
2015-11-06 05:31 - 2015-09-15 18:10 - 00000000 ____D C:\Users\Main\AppData\Roaming\Skype
2015-11-06 05:29 - 2015-09-03 15:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-06 05:29 - 2015-09-02 15:16 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2015-11-06 05:29 - 2015-09-02 13:27 - 00078032 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2015-11-06 05:29 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-06 05:11 - 2015-09-03 15:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-06 05:04 - 2015-09-03 15:02 - 00000000 ____D C:\Users\Main\AppData\Roaming\uTorrent
2015-11-06 05:00 - 2015-09-02 13:40 - 00000000 ____D C:\ProgramData\MFAData
2015-11-06 04:48 - 2015-09-05 18:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-06 01:41 - 2015-09-03 15:07 - 00000000 ____D C:\Users\Main\AppData\Roaming\vlc
2015-11-05 21:00 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-05 21:00 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-05 00:35 - 2015-09-02 12:22 - 00000000 ____D C:\Users\Main\AppData\Local\VirtualStore
2015-11-04 21:17 - 2015-09-02 15:17 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.dll
2015-11-04 21:16 - 2015-09-02 15:16 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.exe
2015-11-01 12:53 - 2015-09-06 02:19 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-01 12:53 - 2015-09-05 08:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-11-01 12:53 - 2015-09-05 08:17 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-01 12:53 - 2011-04-12 03:28 - 00000000 ____D C:\Windows\ShellNew
2015-11-01 12:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-11-01 12:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-11-01 12:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-11-01 12:53 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2015-11-01 12:52 - 2015-09-03 23:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-01 12:52 - 2015-09-03 23:57 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-01 12:52 - 2015-09-02 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-01 12:52 - 2015-09-02 12:28 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-01 12:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-11-01 12:51 - 2015-09-05 18:53 - 00000000 ____D C:\Windows\system32\Macromed
2015-11-01 12:50 - 2015-09-10 09:33 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-11-01 12:50 - 2015-09-05 19:53 - 00000000 ____D C:\ProgramData\Oracle
2015-11-01 12:50 - 2015-09-02 12:47 - 00000000 ____D C:\ProgramData\Intel
2015-11-01 12:50 - 2015-09-02 12:43 - 00000000 ____D C:\Program Files\Intel
2015-11-01 12:50 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-01 12:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-01 11:54 - 2015-09-02 12:22 - 00000000 ____D C:\Users\Main
2015-11-01 02:24 - 2015-09-10 09:33 - 00000000 ____D C:\ProgramData\Intel.sav
2015-10-30 23:55 - 2015-09-17 08:22 - 00036410 _____ C:\Users\Main\Documents\Marketing Copy.odt
2015-10-30 19:56 - 2015-09-05 16:07 - 00000000 ___DC C:\Users\Main\AppData\Local\MigWiz
2015-10-30 19:56 - 2015-09-02 16:15 - 00000000 ____D C:\Windows\Panther
2015-10-30 15:55 - 2015-09-10 09:08 - 00000000 ____D C:\Users\Main\AppData\Local\Hewlett-Packard
2015-10-30 15:55 - 2015-09-05 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-30 15:55 - 2015-09-04 00:07 - 00000000 ____D C:\Users\Main\Desktop\Spyware
2015-10-30 15:55 - 2015-09-03 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-30 15:55 - 2015-09-02 13:42 - 00000000 ____D C:\Users\Main\AppData\Roaming\AVG2015
2015-10-30 15:55 - 2015-09-02 13:40 - 00000000 ____D C:\Program Files (x86)\AVG
2015-10-30 15:55 - 2015-09-02 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-30 15:54 - 2015-09-10 09:07 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2015-10-30 15:54 - 2015-09-05 18:53 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-10-30 15:52 - 2015-10-03 22:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-30 15:52 - 2015-10-03 22:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-30 15:52 - 2015-09-18 20:44 - 00000000 ____D C:\Users\Main\Documents\Fax
2015-10-30 15:52 - 2015-09-17 12:04 - 00000000 ____D C:\ProgramData\Visan
2015-10-30 15:52 - 2015-09-17 12:04 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-10-30 15:52 - 2015-09-15 18:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-30 15:52 - 2015-09-15 18:10 - 00000000 ____D C:\Users\Main\AppData\Local\Skype
2015-10-30 15:52 - 2015-09-15 18:10 - 00000000 ____D C:\ProgramData\Skype
2015-10-30 15:52 - 2015-09-10 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-10-30 15:52 - 2015-09-10 10:32 - 00000000 ____D C:\ProgramData\HP
2015-10-30 15:52 - 2015-09-10 10:32 - 00000000 ____D C:\Program Files\HP
2015-10-30 15:52 - 2015-09-10 09:34 - 00000000 ____D C:\Users\Main\AppData\Roaming\Intel
2015-10-30 15:52 - 2015-09-10 09:08 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-10-30 15:52 - 2015-09-05 19:53 - 00000000 ____D C:\Users\Main\AppData\LocalLow\Sun
2015-10-30 15:52 - 2015-09-05 18:51 - 00000000 ____D C:\Users\Main\AppData\LocalLow\Oracle
2015-10-30 15:52 - 2015-09-04 21:13 - 00000000 ____D C:\Users\Main\AppData\Roaming\OpenOffice
2015-10-30 15:52 - 2015-09-04 21:13 - 00000000 ____D C:\Users\Main\AppData\Roaming\Adobe
2015-10-30 15:52 - 2015-09-04 10:56 - 00000000 ____D C:\Users\Main\AppData\Local\Microsoft Games
2015-10-30 15:52 - 2015-09-02 13:42 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-30 15:51 - 2015-09-10 10:32 - 00000000 ____D C:\Program Files (x86)\HP
2015-10-30 15:51 - 2015-09-10 08:21 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-10-30 15:51 - 2015-09-05 19:53 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-30 14:47 - 2011-04-12 03:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-10-30 13:13 - 2015-09-10 09:13 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-10-27 10:59 - 2015-09-12 18:03 - 00013984 _____ C:\Users\Main\Documents\weight loss.ods
2015-10-26 22:22 - 2015-09-21 19:37 - 00029158 _____ C:\Users\Main\Documents\Quotes.odt
2015-10-24 15:39 - 2015-09-02 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-24 15:39 - 2015-09-02 13:41 - 00000000 ___HD C:\$AVG
2015-10-21 22:53 - 2015-09-05 19:53 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-21 22:53 - 2015-09-05 19:53 - 00000000 ____D C:\Users\Main\.oracle_jre_usage
2015-10-16 23:48 - 2015-09-05 18:53 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 23:48 - 2015-09-05 18:53 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-16 23:48 - 2015-09-05 18:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 00:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-10-15 09:49 - 2015-09-03 18:06 - 00000000 ____D C:\Windows\system32\MRT
2015-10-15 09:41 - 2015-09-03 18:06 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-15 00:47 - 2015-09-02 13:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-11 14:00 - 2015-09-11 14:00 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMain
2015-10-11 14:00 - 2015-09-11 14:00 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForMain.job
2015-10-10 04:11 - 2015-09-06 02:19 - 00000000 ___SD C:\Windows\SysWOW64\GWX

==================== Files in the root of some directories =======

2015-09-10 10:32 - 2015-09-10 10:32 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Main\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-31 02:20

==================== End of FRST.txt ===========================
miracleshaman is offline  
Old 11-06-2015, 02:59 AM   #7
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



Requested Log Files continued:


Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Main (2015-11-06 05:37:56)
Running from C:\Users\Main\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-02 17:22:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2837511580-3323462357-3090368776-500 - Administrator - Disabled)
Guest (S-1-5-21-2837511580-3323462357-3090368776-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2837511580-3323462357-3090368776-1002 - Limited - Enabled)
Main (S-1-5-21-2837511580-3323462357-3090368776-1000 - Administrator - Enabled) => C:\Users\Main

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ÁTorrent (HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\Amazon Kindle) (Version: - Amazon)
AVG (Version: 16.4.7163 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4457 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.4.7163 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{83F51BBA-48BE-4BB6-B96A-F4AAE4C462F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Intel« PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Intel« Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
SkypeÖ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Validity WBF DDK (HKLM\...\{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}) (Version: 4.3.301.0 - Validity Sensors, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Zoom (HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

02-11-2015 10:54:24 Windows Modules Installer
03-11-2015 16:45:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-09-04 00:08 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 032439.com
127.0.0.1 0Scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1000gratisproben.com┬*-┬*This website is for sale!┬*-┬*1000gratisproben Resources and Information.
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com┬*-┬*This website is for sale!┬*-┬*Sexlinks Resources and Information.
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 123 Movies | Stream Movies Online & Watch TV Series

There are 15463 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {091991C9-4697-4783-A267-F7E64CA28674} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {0BE94E10-DB4D-48BE-8BFC-68CDC5C72DD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {19F3EF0A-14C0-4DCD-A36B-088AB8C4C9C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN35G331YH => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-09-29] (Hewlett-Packard)
Task: {2940C4E1-D72C-4EEE-A6F2-B69A7647E657} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {2BAF1F4D-A7E3-451F-97CA-0A108BE1AE5D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {33F0F56D-4741-4266-913F-BEECD30B9B48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-09-29] (Hewlett-Packard)
Task: {42B9A13A-EC36-4469-9071-1F914950A973} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
Task: {698A6620-E5A3-4AF3-B99C-C35EDA7E5E8C} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7D0F7031-6187-497D-A812-9194F760CD60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {8365CDEC-C50A-4410-A3C2-BD48A7A712F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {89160C3E-E72C-4D3A-833F-B51C5A951282} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {9988175B-8C29-43B4-89AD-281326889498} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {A4137104-6AAE-49BF-BA14-951C806B3955} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {BF8D8190-B712-4AAB-92F2-7ED93D454D7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {C7FB77D1-946C-4BFC-B497-737C440B5D17} - System32\Tasks\HPCeeScheduleForMain => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {CC5D5299-1B38-4539-BD41-4ED0DD666800} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {E7A409D6-04CF-4676-8E0C-4596F2D19D22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-09-29] (Hewlett-Packard)
Task: {FB3961CB-51F9-49C5-85E3-E2424BB9B6F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {FE6B983B-CE86-4EA9-A2F9-34C3C1A42AC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMain.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2012-03-26 16:33 - 2012-03-26 16:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-09-03 23:57 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-04 08:19 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-03 23:57 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-03 23:57 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-23 10:01 - 2015-10-20 09:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-23 10:01 - 2015-10-20 09:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0Scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> 1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1 Domains Technology Blog |
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> 1000gratisproben.com┬*-┬*This website is for sale!┬*-┬*1000gratisproben Resources and Information.
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com┬*-┬*This website is for sale!┬*-┬*Sexlinks Resources and Information.
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> 123 Movies | Stream Movies Online & Watch TV Series
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> 123Simsen-Projekte

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\0scan.com -> 0Scan.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\1-2005-search.com -> 1-2005-search.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\1-domains-registrations.com -> 1 Domains Technology Blog |
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\1000gratisproben.com -> 1000gratisproben.com┬*-┬*This website is for sale!┬*-┬*1000gratisproben Resources and Information.
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\100sexlinks.com -> 100sexlinks.com┬*-┬*This website is for sale!┬*-┬*Sexlinks Resources and Information.
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\123moviedownload.com -> 123 Movies | Stream Movies Online & Watch TV Series
IE restricted site: HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\...\123simsen.com -> 123Simsen-Projekte

There are 7866 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2837511580-3323462357-3090368776-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Main\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.29.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: BTHSSecurityMgr => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F9BEA141-B030-431B-8926-D931580EDF68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF555180-1762-4489-BB06-D34D242F7E67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7076F5C3-38C7-4567-AA0A-90E14C636F5B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{0398AB25-016E-4C6C-87C8-9FA41C2550A9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{3085AC22-12BD-4F73-959B-4D0F87FE5475}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{50693F4C-2BCF-43D4-8FD0-44E8DD31ECEE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D3A70CD1-8699-458D-88B2-ACF252EFC7CA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E8AF9E95-DCA2-4265-ACFB-70AA2D30366E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{ABE3E6A4-9D47-4285-8C43-0E71A19F6EDE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{76781190-177B-400F-895A-E8B3E23A996A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{E1F37178-34C2-403F-AA50-5363CFC8F552}] => (Allow) C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ABA79FCC-4449-4F47-9613-B9FFDF2B731F}] => (Allow) C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{198A70F0-6BB4-4884-8B2B-BAA0579F5A6C}] => (Allow) C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2C4C917B-2FD5-4F33-850C-9B79BE047616}] => (Allow) C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6DF954F-601F-4C5C-A846-B19F29F6BE48}] => (Allow) C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2C22FEBE-969A-4036-B662-37DC5F642AC9}] => (Allow) C:\Users\Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E3D6F51-B127-4E91-BADE-EB5DCB9799DD}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{97C128D1-1C85-4C17-806F-41C5E79CF35F}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\FaxApplications.exe
FirewallRules: [{C2BABD8F-022A-4EFD-B9A0-9F7A789A0554}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\DigitalWizards.exe
FirewallRules: [{00F358EA-3CA8-4231-97AC-50D1A5D6F927}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\SendAFax.exe
FirewallRules: [{B3D4DA89-1A3E-4E5D-A44D-0009AE065D7F}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe
FirewallRules: [{F880D321-69A0-4ED7-98C8-55D42006018F}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4B699BC9-87C6-47BA-82AF-6FF40117D1C0}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{76365347-6963-49C5-B167-A072006801DA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F1155690-98B5-45B8-936A-8215A735B31B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F316CE46-1AD0-4A70-8B79-07084A06BE6E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{732E80E0-717A-4787-BF30-D438AC214AD6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{DEBABF88-25F1-46EF-A994-9445972ADC77}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{73BB5DB6-5665-4F75-BCE7-C9AA549E8876}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D3338A2A-30AB-4F8C-B751-0FE627AA8A3D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{62E4A7AD-729A-451C-B57C-B0A64A4CDEAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{39331C79-F1FD-4992-9B15-100AB263E125}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{5C96EA9B-C645-41B1-A1BF-F7E3616A7032}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2015 05:30:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguix.exe, version: 1.22.1.27494, time stamp: 0x5620e066
Faulting module name: libcef.dll, version: 3.2171.2069.0, time stamp: 0x5523dc73
Exception code: 0x80000003
Fault offset: 0x0013b530
Faulting process id: 0x954
Faulting application start time: 0xavguix.exe0
Faulting application path: avguix.exe1
Faulting module path: avguix.exe2
Report Id: avguix.exe3

Error: (11/06/2015 05:30:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2015 09:18:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguix.exe, version: 1.22.1.27494, time stamp: 0x5620e066
Faulting module name: libcef.dll, version: 3.2171.2069.0, time stamp: 0x5523dc73
Exception code: 0x80000003
Fault offset: 0x0013b530
Faulting process id: 0xe4c
Faulting application start time: 0xavguix.exe0
Faulting application path: avguix.exe1
Faulting module path: avguix.exe2
Report Id: avguix.exe3

Error: (11/04/2015 09:17:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2015 05:40:23 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={6812F7EA-1648-49D2-9488-D58E27914384}: The user Main-PC\Main dialed a connection named Private Internet Access L2TP which has failed. The error code returned on failure is 778.

Error: (11/03/2015 09:39:55 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={824A6325-27AE-4404-A6FE-C0FBFA14FCAA}: The user Main-PC\Main dialed a connection named Private Internet Access L2TP which has failed. The error code returned on failure is 809.

Error: (11/03/2015 09:38:58 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={92DB59B3-2593-4B6C-A942-3382C5D6EE33}: The user Main-PC\Main dialed a connection named Private Internet Access L2TP which has failed. The error code returned on failure is 809.

Error: (11/02/2015 10:54:19 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (11/01/2015 11:55:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguix.exe, version: 1.22.1.27494, time stamp: 0x5620e066
Faulting module name: libcef.dll, version: 3.2171.2069.0, time stamp: 0x5523dc73
Exception code: 0x80000003
Fault offset: 0x0013b530
Faulting process id: 0x13ec
Faulting application start time: 0xavguix.exe0
Faulting application path: avguix.exe1
Faulting module path: avguix.exe2
Report Id: avguix.exe3

Error: (11/01/2015 11:55:34 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000022.


System errors:
=============
Error: (11/06/2015 05:28:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (11/06/2015 05:28:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (11/06/2015 05:28:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (11/06/2015 05:28:14 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (11/06/2015 05:27:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/06/2015 05:27:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/06/2015 05:27:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/06/2015 05:27:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/06/2015 05:27:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel« Centrino« Wireless Bluetooth« + High Speed Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/06/2015 05:27:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2015-09-04 13:13:56.903
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-04 13:13:56.807
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-04 13:13:56.709
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-04 13:13:56.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-04 11:48:55.294
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-04 11:48:55.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-04 11:48:10.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-04 11:48:10.385
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-04 11:46:53.813
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-04 11:46:53.714
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 12187.31 MB
Available physical RAM: 9199.58 MB
Total Virtual: 24372.82 MB
Available Virtual: 21106.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:406.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2FB8E3D0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

SO GLAD to have the fix underway! I await your next set of instructions.
Thank you! Suraya
miracleshaman is offline  
Old 11-06-2015, 03:22 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello miracleshaman,

You're Welcome Thanks for the logs. Let's move on.

I see you have P2P software ( ÁTorrent) installed on your machine. Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation.

A reference for the risk of these programs is here

I would recommend that you uninstall any P2P Programs, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

========================================================

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

=========================================================


Launch Malwarebytes Anti-Malware

At the end of the installation, a database update will be performed.
On the Settings tab > Detection and Protection subtab, Detection Options section, tick the box Scan for rootkits.
Click on the Scan tab, then click on Start Scan.
A check for database updates will be performed.
After the update check completes, a scan will begin.
With some infections, you may see this message box.
'Could not load DDA driver'
Click Yes to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click 'Remove Selected'.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 11-06-2015, 07:50 AM   #9
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



I don't know if this is good news or bad news, but MalwareBytes did not find anything to remove. I repeated it 3x, and each time the same.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/6/2015
Scan Time: 6:49 AM
Logfile: MBAM scan.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.09.22.05
Rootkit Database: v2015.11.04.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Main

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345494
Time Elapsed: 14 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/6/2015
Scan Time: 6:49 AM
Logfile: MBAM scanres.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.09.22.05
Rootkit Database: v2015.11.04.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Main

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345494
Time Elapsed: 14 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/6/2015
Scan Time: 7:10 AM
Logfile: MBAM scan again.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.06.03
Rootkit Database: v2015.11.04.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Main

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318692
Time Elapsed: 10 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


So what's next?
miracleshaman is offline  
Old 11-07-2015, 08:04 AM   #10
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



There is some improvement. Some pages are opening, and video even plays somewhat, in short bursts only, with lots of starts and stops, but that's better than not at all. But the memory is like non-existent. It is still being held hostage and is not available. Or that's how it seems to me. And a key thing: virus and spyware programs are blocked from updating themselves. And the system tells me the firewall is on back now, but I do not feel secure that it is. Just because MBAM did not find any malware, we have definitely not completely fixed this yet. I look forward to continued support to get to full resolution of this problem. Thank you.
miracleshaman is offline  
Old 11-08-2015, 07:48 AM   #11
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



Tolga, it has been 2 days since I posted the last set of logs.

I apologize for my lack of patience, but I am taking several classes online and I am now 2 weeks behind because videos don't play as they should. Some play is better than none, but last night it took over 2 hrs to play a 20min video because 3-4 syllables would play and then it would stop to load a few seconds more.

Tomorrow is Monday and a new week's material will be introduced. I need to get this fixed so I can resume my programs without getting any farther behind or tearing my hair out in frustration. I'm sure you are busy with other people and your own life, but if we could move ahead with this today or early tomorrow, I would be MOST appreciative! Thank you!
miracleshaman is offline  
Old 11-08-2015, 11:13 AM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello miracleshaman,

I understand. But I was busy. Sorry for delay.

Please do the following.

Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology

Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________
tekir06 is offline  
Old 11-08-2015, 11:56 AM   #13
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



I don't have enough bandwidth to download this. Firefox it said it would take 8hrs and didn't even start. Chrome said between 7 and 13 minutes (I tried it 5x). Tho each time it started it stopped right away. IE, which I NEVER use, wouldn't even open the webpage.
miracleshaman is offline  
Old 11-08-2015, 12:28 PM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Ok. Please do the following

Please download ComboFix and Save it to your Desktop.

Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Please make sure you disable your security applications before running ComboFix. Get help here
Double-click ComboFix.exe and follow the prompts to run it.
If a message window opens to install the Microsoft Windows Recovery Console, click the yes button.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.
Please re-enable your antivirus before posting the ComboFix.txt log.
NOTE: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe
Next, go File > New Task(Run...) and type explorer then press 'Enter'. or just reboot the computer.
__________________
tekir06 is offline  
Old 11-08-2015, 01:54 PM   #15
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2


I got it to download , but it won't install the database. It keeps stopping with a message that says Can not get update. Is proxy configured? And all of a sudden, everything is worse. I'm on my phone now. Email and this forum won't open on my computer. I have a VPN and when I saw message about Proxy I thought that was blocking something so I turned it off and now it won't connect again. I will try ComboFix but I can't access the live link because TSF won't open and neither will any other stes now! Every page says the connection has timed out. I will keep trying.
miracleshaman is offline  
Old 11-08-2015, 02:35 PM   #16
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2


I uninstalled the eset scanner and I was able to open your page online to download ComboFix. But I could not post there. ComboFix is doing its thing but I don't know if I'll be able to post logs or not. Guess I'll find out when its done.
miracleshaman is offline  
Old 11-08-2015, 02:59 PM   #17
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



OK, I'm back online. Here's the ComboFix logfile. Hopefully, it will post! And when I realized Spybot was still enabled, I disabled it before I ran the scan.)

ComboFix 15-11-05.01 - Main 11/08/2015 17:28:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12187.9447 [GMT -5:00]
Running from: c:\users\Main\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2015-10-08 to 2015-11-08 )))))))))))))))))))))))))))))))
.
.
2015-11-08 22:35 . 2015-11-08 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-06 15:55 . 2015-10-20 08:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2A9691E-5E07-4C3B-A55C-158D9FD0FF93}\mpengine.dll
2015-11-06 10:36 . 2015-11-06 15:57 -------- d-----w- C:\FRST
2015-11-06 10:19 . 2015-11-06 10:27 -------- d-----w- C:\AdwCleaner
2015-11-05 00:17 . 2015-11-05 00:19 -------- d-----w- c:\programdata\WRData
2015-11-02 18:24 . 2015-11-08 22:17 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-01 07:22 . 2015-11-01 07:22 -------- d-----w- c:\programdata\Package Cache
2015-10-24 20:39 . 2015-10-30 20:52 -------- d-----w- c:\users\Main\AppData\Roaming\AVG
2015-10-24 20:28 . 2015-10-30 20:55 -------- d-----w- c:\programdata\Avg
2015-10-22 03:54 . 2015-11-01 17:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-10-21 21:16 . 2015-10-21 21:16 284080 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2015-10-21 21:15 . 2015-10-21 21:15 255408 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2015-10-20 22:13 . 2015-10-30 20:52 -------- d-----w- c:\users\Main\AppData\Local\Amazon
2015-10-19 13:03 . 2015-10-19 13:03 313776 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-10-15 15:11 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 15:11 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 15:11 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 15:11 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 15:11 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 15:11 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll
2015-10-15 15:11 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-10-15 14:45 . 2015-10-15 14:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2015-10-15 14:44 . 2015-11-07 00:59 -------- d-----w- c:\users\Main\AppData\Local\Avg
2015-10-14 14:05 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll
2015-10-14 14:05 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-10-14 14:05 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2015-10-14 14:05 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 14:05 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-14 14:05 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-14 14:05 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-14 14:05 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-14 14:05 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 14:05 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-10-12 17:02 . 2015-10-30 20:52 -------- d-----w- c:\users\Main\AppData\Roaming\Zoom
2015-10-10 09:09 . 2015-10-10 09:09 -------- d-----w- c:\users\Main\AppData\Local\GWX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-08 22:16 . 2015-09-02 20:16 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2015-11-08 22:16 . 2015-09-02 18:27 78032 ----a-w- c:\windows\SysWow64\rpcnet.dll
2015-11-05 02:17 . 2015-09-02 20:17 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2015-11-05 02:16 . 2015-09-02 20:16 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2015-10-22 03:53 . 2015-09-06 00:53 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-10-17 04:48 . 2015-09-05 23:53 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-17 04:48 . 2015-09-05 23:53 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-15 14:41 . 2015-09-03 23:06 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-10-08 12:46 . 2015-10-08 12:46 302000 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2015-10-05 14:50 . 2015-09-02 18:38 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 14:50 . 2015-09-02 18:38 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 14:50 . 2015-09-02 18:38 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-29 02:58 . 2015-10-14 14:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-04 00:25 . 2015-09-04 00:25 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-09-04 00:25 . 2015-09-04 00:25 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-09-04 00:25 . 2015-09-04 00:25 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-09-04 00:25 . 2015-09-04 00:25 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-09-04 00:25 . 2015-09-04 00:25 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-09-04 00:25 . 2015-09-04 00:25 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-09-04 00:25 . 2015-09-04 00:25 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-09-04 00:25 . 2015-09-04 00:25 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-09-04 00:25 . 2015-09-04 00:25 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-09-04 00:25 . 2015-09-04 00:25 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-09-04 00:25 . 2015-09-04 00:25 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-09-04 00:25 . 2015-09-04 00:25 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-09-04 00:25 . 2015-09-04 00:25 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-09-04 00:25 . 2015-09-04 00:25 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-09-04 00:25 . 2015-09-04 00:25 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-09-04 00:25 . 2015-09-04 00:25 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-09-04 00:25 . 2015-09-04 00:25 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-09-04 00:25 . 2015-09-04 00:25 247808 ----a-w- c:\windows\system32\msls31.dll
2015-09-04 00:25 . 2015-09-04 00:25 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-09-04 00:25 . 2015-09-04 00:25 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-09-04 00:25 . 2015-09-04 00:25 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-09-04 00:25 . 2015-09-04 00:25 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-09-04 00:25 . 2015-09-04 00:25 81408 ----a-w- c:\windows\system32\icardie.dll
2015-09-04 00:25 . 2015-09-04 00:25 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-09-04 00:25 . 2015-09-04 00:25 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-09-04 00:25 . 2015-09-04 00:25 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-09-04 00:25 . 2015-09-04 00:25 235520 ----a-w- c:\windows\system32\url.dll
2015-09-04 00:25 . 2015-09-04 00:25 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-09-04 00:25 . 2015-09-04 00:25 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-09-04 00:25 . 2015-09-04 00:25 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-09-04 00:25 . 2015-09-04 00:25 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-09-04 00:25 . 2015-09-04 00:25 143872 ----a-w- c:\windows\system32\wextract.exe
2015-09-04 00:25 . 2015-09-04 00:25 101376 ----a-w- c:\windows\system32\inseng.dll
2015-09-04 00:25 . 2015-09-04 00:25 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-09-04 00:25 . 2015-09-04 00:25 13824 ----a-w- c:\windows\system32\mshta.exe
2015-09-04 00:25 . 2015-09-04 00:25 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-09-04 00:19 . 2015-09-04 00:19 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-09-04 00:19 . 2015-09-04 00:19 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-09-04 00:19 . 2015-09-04 00:19 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-09-04 00:19 . 2015-09-04 00:19 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-09-04 00:19 . 2015-09-04 00:19 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-09-04 00:19 . 2015-09-04 00:19 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-09-04 00:19 . 2015-09-04 00:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-09-04 00:19 . 2015-09-04 00:19 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-09-04 00:19 . 2015-09-04 00:19 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-09-04 00:19 . 2015-09-04 00:19 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-09-04 00:19 . 2015-09-04 00:19 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-09-04 00:19 . 2015-09-04 00:19 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-09-04 00:19 . 2015-09-04 00:19 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-09-04 00:19 . 2015-09-04 00:19 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-09-04 00:19 . 2015-09-04 00:19 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-09-04 00:19 . 2015-09-04 00:19 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-09-04 00:19 . 2015-09-04 00:19 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-09-04 00:19 . 2015-09-04 00:19 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-09-04 00:19 . 2015-09-04 00:19 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-09-04 00:19 . 2015-09-04 00:19 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-09-04 00:19 . 2015-09-04 00:19 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-09-03 19:43 . 2015-09-02 18:27 78032 ------w- c:\windows\SysWow64\rpcnet.exe
2015-09-02 03:04 . 2015-09-09 13:01 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 13:01 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 13:01 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 13:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 13:01 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 13:01 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 13:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 13:01 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-09 13:01 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-09 13:01 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 13:01 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-09 13:01 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
miracleshaman is offline  
Old 11-09-2015, 04:24 AM   #18
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

The report seems to be missing. Please copy and paste the complete report again.
__________________
tekir06 is offline  
Old 11-09-2015, 05:50 AM   #19
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



I don't know what you mean by the report seems to be missing... its right there above your comment. But here it is again, copied right from what is already there.

ComboFix 15-11-05.01 - Main 11/08/2015 17:28:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12187.9447 [GMT -5:00]
Running from: c:\users\Main\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2015-10-08 to 2015-11-08 )))))))))))))))))))))))))))))))
.
.
2015-11-08 22:35 . 2015-11-08 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-06 15:55 . 2015-10-20 08:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2A9691E-5E07-4C3B-A55C-158D9FD0FF93}\mpengine.dll
2015-11-06 10:36 . 2015-11-06 15:57 -------- d-----w- C:\FRST
2015-11-06 10:19 . 2015-11-06 10:27 -------- d-----w- C:\AdwCleaner
2015-11-05 00:17 . 2015-11-05 00:19 -------- d-----w- c:\programdata\WRData
2015-11-02 18:24 . 2015-11-08 22:17 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-01 07:22 . 2015-11-01 07:22 -------- d-----w- c:\programdata\Package Cache
2015-10-24 20:39 . 2015-10-30 20:52 -------- d-----w- c:\users\Main\AppData\Roaming\AVG
2015-10-24 20:28 . 2015-10-30 20:55 -------- d-----w- c:\programdata\Avg
2015-10-22 03:54 . 2015-11-01 17:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-10-21 21:16 . 2015-10-21 21:16 284080 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2015-10-21 21:15 . 2015-10-21 21:15 255408 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2015-10-20 22:13 . 2015-10-30 20:52 -------- d-----w- c:\users\Main\AppData\Local\Amazon
2015-10-19 13:03 . 2015-10-19 13:03 313776 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-10-15 15:11 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 15:11 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 15:11 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 15:11 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 15:11 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 15:11 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll
2015-10-15 15:11 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-10-15 14:45 . 2015-10-15 14:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2015-10-15 14:44 . 2015-11-07 00:59 -------- d-----w- c:\users\Main\AppData\Local\Avg
2015-10-14 14:05 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll
2015-10-14 14:05 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-10-14 14:05 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2015-10-14 14:05 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 14:05 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-14 14:05 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-14 14:05 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-14 14:05 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-14 14:05 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 14:05 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-10-12 17:02 . 2015-10-30 20:52 -------- d-----w- c:\users\Main\AppData\Roaming\Zoom
2015-10-10 09:09 . 2015-10-10 09:09 -------- d-----w- c:\users\Main\AppData\Local\GWX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-08 22:16 . 2015-09-02 20:16 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2015-11-08 22:16 . 2015-09-02 18:27 78032 ----a-w- c:\windows\SysWow64\rpcnet.dll
2015-11-05 02:17 . 2015-09-02 20:17 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2015-11-05 02:16 . 2015-09-02 20:16 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2015-10-22 03:53 . 2015-09-06 00:53 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-10-17 04:48 . 2015-09-05 23:53 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-17 04:48 . 2015-09-05 23:53 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-15 14:41 . 2015-09-03 23:06 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-10-08 12:46 . 2015-10-08 12:46 302000 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2015-10-05 14:50 . 2015-09-02 18:38 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 14:50 . 2015-09-02 18:38 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 14:50 . 2015-09-02 18:38 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-29 02:58 . 2015-10-14 14:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-04 00:25 . 2015-09-04 00:25 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-09-04 00:25 . 2015-09-04 00:25 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-09-04 00:25 . 2015-09-04 00:25 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-09-04 00:25 . 2015-09-04 00:25 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-09-04 00:25 . 2015-09-04 00:25 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-09-04 00:25 . 2015-09-04 00:25 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-09-04 00:25 . 2015-09-04 00:25 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-09-04 00:25 . 2015-09-04 00:25 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-09-04 00:25 . 2015-09-04 00:25 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-09-04 00:25 . 2015-09-04 00:25 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-09-04 00:25 . 2015-09-04 00:25 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-09-04 00:25 . 2015-09-04 00:25 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-09-04 00:25 . 2015-09-04 00:25 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-09-04 00:25 . 2015-09-04 00:25 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-09-04 00:25 . 2015-09-04 00:25 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-09-04 00:25 . 2015-09-04 00:25 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-09-04 00:25 . 2015-09-04 00:25 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-09-04 00:25 . 2015-09-04 00:25 247808 ----a-w- c:\windows\system32\msls31.dll
2015-09-04 00:25 . 2015-09-04 00:25 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-09-04 00:25 . 2015-09-04 00:25 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-09-04 00:25 . 2015-09-04 00:25 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-09-04 00:25 . 2015-09-04 00:25 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-09-04 00:25 . 2015-09-04 00:25 81408 ----a-w- c:\windows\system32\icardie.dll
2015-09-04 00:25 . 2015-09-04 00:25 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-09-04 00:25 . 2015-09-04 00:25 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-09-04 00:25 . 2015-09-04 00:25 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-09-04 00:25 . 2015-09-04 00:25 235520 ----a-w- c:\windows\system32\url.dll
2015-09-04 00:25 . 2015-09-04 00:25 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-09-04 00:25 . 2015-09-04 00:25 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-09-04 00:25 . 2015-09-04 00:25 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-09-04 00:25 . 2015-09-04 00:25 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-09-04 00:25 . 2015-09-04 00:25 143872 ----a-w- c:\windows\system32\wextract.exe
2015-09-04 00:25 . 2015-09-04 00:25 101376 ----a-w- c:\windows\system32\inseng.dll
2015-09-04 00:25 . 2015-09-04 00:25 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-09-04 00:25 . 2015-09-04 00:25 13824 ----a-w- c:\windows\system32\mshta.exe
2015-09-04 00:25 . 2015-09-04 00:25 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-09-04 00:19 . 2015-09-04 00:19 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-09-04 00:19 . 2015-09-04 00:19 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-09-04 00:19 . 2015-09-04 00:19 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-09-04 00:19 . 2015-09-04 00:19 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-09-04 00:19 . 2015-09-04 00:19 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-09-04 00:19 . 2015-09-04 00:19 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-09-04 00:19 . 2015-09-04 00:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-09-04 00:19 . 2015-09-04 00:19 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-09-04 00:19 . 2015-09-04 00:19 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-09-04 00:19 . 2015-09-04 00:19 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-09-04 00:19 . 2015-09-04 00:19 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-09-04 00:19 . 2015-09-04 00:19 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-09-04 00:19 . 2015-09-04 00:19 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-09-04 00:19 . 2015-09-04 00:19 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-09-04 00:19 . 2015-09-04 00:19 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-09-04 00:19 . 2015-09-04 00:19 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-09-04 00:19 . 2015-09-04 00:19 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-09-04 00:19 . 2015-09-04 00:19 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-09-04 00:19 . 2015-09-04 00:19 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-09-04 00:19 . 2015-09-04 00:19 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-09-04 00:19 . 2015-09-04 00:19 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-09-04 00:19 . 2015-09-04 00:19 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-09-03 19:43 . 2015-09-02 18:27 78032 ------w- c:\windows\SysWow64\rpcnet.exe
2015-09-02 03:04 . 2015-09-09 13:01 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 13:01 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 13:01 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 13:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 13:01 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 13:01 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 13:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 13:01 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-09 13:01 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-09 13:01 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 13:01 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-09 13:01 2004480 ----a-w- c:\windows\system32\msxml6.dll
.

Hopefully, you can see it now, because I need to regain control of my memory and internet access, so I can watch my video-based assignments, and do my homework, let alone be able to just use the internet for any other reason.
miracleshaman is offline  
Old 11-09-2015, 06:28 AM   #20
Registered Member
 
Join Date: Dec 2006
Posts: 154
OS: XPSP2



Is there a way to continue this in a new thread? I don't have enough bandwidth to open a page this long. It takes 5 minutes to get down to the bottom to read what you want me to do next. And then to see you wanted me to post again what was already there is very frustrating. I'm looking forward to some improvement soon. Have you found anything? Has anything been removed yet? I'd love some kind of an update or analysis of what you've found so far on your next post. Thanks!
miracleshaman is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
CPU at 100% most of the time.
Hi guys, Lately I have been having a problem with my PC. On several occasions my PC has slowed right down and virtually ground to a halt. When I've checked it with Task Manager, it shows that the processor is running at 100%, and that there are over 40 processes running at once. This can happen...
Hairymartin1966 Resolved HJT Threads 35 08-09-2013 11:33 AM
[SOLVED] VGRABBER
After posting this subject in the main Forum, I followed MasterchiefXX17 instructions which I will attached the results here. Basically I first notice Vgrabber v1.5 Toolbar in my uninstall list which I was unable to remove. When I searched for Vgrabber it cannot be found but I just noticed it is...
loftytopp Virus/Trojan/Spyware Help 6 06-30-2013 05:28 AM
xp won't start up. will do in safe mode only
DDS (Ver_2012-11-07.01) - NTFS_x86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2 Run by Sophie Benshitta at 14:23:22 on 2012-11-17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2685 . AV: Kaspersky Internet Security *Enabled/Updated*...
mavensophie Resolved HJT Threads 73 11-24-2012 07:16 AM
Security center problem
I am using Windows 7 64-bit and Opera browser which does not seem affected, however Chrome browser constantly redirects to ads after first item. have not tested IE or Firefox windows security center keeps turning off, will not turn on from Action Center in services.msc Security Center says...
daveh41 Resolved HJT Threads 17 09-22-2012 11:47 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:25 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts