Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Malware on my PC

This is a discussion on Malware on my PC within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hey Guys, I have recently had malware on my PC and I need some help in removing it. I think


Closed Thread
 
Thread Tools Search this Thread
Old 10-08-2016, 03:21 PM   #1
Registered Member
 
Join Date: Aug 2009
Location: United Kingdom
Posts: 360
OS: Windows 7 Ultimate



Hey Guys,

I have recently had malware on my PC and I need some help in removing it. I think I know how I managed to get this installed (or the program which installed it). I also know that "uSearch Bar = hxxp://public-box.ru/start
uSearch Page = hxxp://public-box.ru/start" and other 'websites' are the issue. The malware has basically slowed down my system and loads up ads when I launch Google Chrome / Mozilla Firefox, like the screenshot below (I stopped it before connection).

So far it has launched

hxxp://public-box.ru/start
hxxp://mxttrf.com/ads?key=098f0e6f509da7994d2455501678371e&ch=&width=0&height=0

They both seem to redirect to different types of malware sites/popups/spam/pornography sites

The program which I installed was a bad version of GTA SA:MP - s0beit hack software, mine was in Russian and I stupidly 'disabled' my anti-virus for around 5 minutes to install it which was a very bad idea.



Please inform me if you need any additional information, or re-scans as I do not know if this is successful. I am not sure if I do/do not have access to a Windows reinstall disc

I use Avast Anti-virus.



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18450 BrowserJavaVersion: 11.77.2
Run by Konrad at 23:02:23 on 2016-10-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6038.1782 [GMT 1:00]
.
AV: Avast Antivirus *Enabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
c:\program files\soluto\soluto.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
c:\Windows\Prey\wpxsvc.exe
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Users\Konrad\AppData\Local\Viber\Viber.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\puush\puush.exe
C:\Users\Konrad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\nacl64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\nacl64.exe
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Soluto\SolutoRemoteService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Konrad\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Users\Konrad\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Prey\current\bin\node.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?trackid=sp-006
uSearch Bar = hxxp://public-box.ru/start
uSearch Page = hxxp://public-box.ru/start
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
uProxyServer = proxy01.aylesbury.ac.uk:8080
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [AdobeBridge] <no file>
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{39B6B3BE-B41C-40A5-B9D0-4AD70326972A} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{39B6B3BE-B41C-40A5-B9D0-4AD70326972A}\6796277696E6D65646961633538353235313 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{58B4591B-A821-4102-88B1-338261BBD7C0} : DHCPNameServer = 82.132.254.2 82.132.254.3
TCP: Interfaces\{5E731D65-A90C-4DE5-BDD9-1437EE8E6222} : NameServer = 0.0.0.0
TCP: Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E} : NameServer = 8.8.8.8
TCP: Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E}\23837496C626562747 : NameServer = 8.8.8.8
TCP: Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E}\23837496C626562747 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E}\358656C6C697723702E4564777F627B6 : NameServer = 8.8.8.8
TCP: Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E}\358656C6C697723702E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E}\56465727F616D6 : NameServer = 8.8.8.8
TCP: Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E}\56465727F616D6 : DHCPNameServer = 10.1.121.90 10.1.121.91
TCP: Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E}\E4F64745865614E64627F6964695F657142756C4F6F6B696E67664F627 : NameServer = 8.8.8.8
TCP: Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E}\E4F64745865614E64627F6964695F657142756C4F6F6B696E67664F627 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{CA76966B-0BF3-4F1E-B580-245768E0EFB5} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~2\contin~1\sprote~1.dll, C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 87.248.214.183 static1.cdn.Ubi.com
Hosts: 95.140.224.199 static2.cdn.Ubi.com
Hosts: 87.248.214.183 static3.cdn.Ubi.com
Hosts: 87.248.214.183 static4.cdn.Ubi.com
Hosts: 95.140.224.199 static5.cdn.Ubi.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\x4zn239g.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Konrad\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Konrad\AppData\Local\SkypePlugin\7.25.0.32\npGatewayNpapi-x64.dll
FF - plugin: C:\Users\Konrad\AppData\Local\SkypePlugin\7.25.0.32\npGatewayNpapi.dll
FF - plugin: C:\Users\Konrad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll
.
============= SERVICES / DRIVERS ===============
.
P3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-1-17 9216]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-8 74544]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-8 292704]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2015-9-24 31352]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-14 55856]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-14 21184]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2014-12-16 54728]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-4-14 21616]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2016-3-23 37144]
R1 aswNetSec;aswNetSec;C:\Windows\System32\drivers\aswNetSec.sys [2016-9-12 453192]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-2-12 969184]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-2-12 513632]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 50976]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2015-9-24 299312]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-14 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-12 108816]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-10-15 163416]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-9-12 197128]
R2 avast! Firewall;Avast Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-9-12 223600]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-5-3 23816]
R2 CronService;Cron Service;C:\Windows\Prey\wpxsvc.exe [2015-10-10 611854]
R2 DbxSvc;DbxSvc;C:\Windows\System32\DbxSvc.exe [2016-9-30 38000]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2015-5-22 2573520]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2015-5-22 201936]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-9-24 1155192]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-9-24 1872504]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-9-24 5544568]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-11-14 182848]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-11-14 856128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-9-24 410744]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2015-9-30 21160]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-14 2656280]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-4-14 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
R3 aswNetNd6;Avast Firewall NDIS6 Helper;C:\Windows\System32\drivers\aswNetNd6.sys [2016-9-12 28312]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-4-14 176096]
R3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2015-2-26 23760]
R3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2015-5-22 24240]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2013-8-17 66728]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-14 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-15 410008]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-15 102808]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-4-14 95744]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-4-14 212992]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-9-24 19576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-9-24 50472]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2012-4-14 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-14 565352]
R3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-11-14 1942016]
R3 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-27 5052224]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-8-20 143144]
S2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-8-27 237272]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
S3 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-10-15 37656]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2013-8-29 1930240]
S3 CM_VENDER_CMD;CM_VENDER_CMD;C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [2014-7-30 17104]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-8-20 143144]
S3 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2014-8-18 5179760]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-9-29 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-4-14 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-4-14 291648]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2012-1-12 2119688]
S3 ptun0901;TAP Adapter V9 for Private Tunnel;C:\Windows\System32\drivers\ptun0901.sys [2016-4-21 27136]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2016-10-8 31800]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2014-5-23 32768]
S3 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-9-17 16000]
S3 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-9-17 157776]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-11-13 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-20 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
S3 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2011-12-16 246688]
S3 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
S3 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-10-08 21:44:59 -------- d-----w- C:\Users\Konrad\AppData\Local\VS Revo Group
2016-10-08 21:44:52 -------- d-----w- C:\ProgramData\VS Revo Group
2016-10-08 21:44:51 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2016-10-08 21:44:50 -------- d-----w- C:\Program Files\VS Revo Group
2016-10-02 11:21:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-10-02 11:21:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-09-30 08:05:10 74352 ----a-w- C:\Windows\System32\drivers\dbx-dev.sys
2016-09-30 08:05:10 74352 ----a-w- C:\Windows\System32\drivers\dbx-canary.sys
2016-09-30 08:05:10 38000 ----a-w- C:\Windows\System32\DbxSvc.exe
2016-09-30 08:05:06 74352 ----a-w- C:\Windows\System32\drivers\dbx-stable.sys
2016-09-29 11:44:14 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-09-29 11:44:12 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-09-29 11:44:10 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-09-29 11:42:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2016-09-29 11:41:34 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-09-29 11:41:34 3218432 ----a-w- C:\Windows\System32\win32k.sys
2016-09-29 11:41:34 1009152 ----a-w- C:\Windows\System32\user32.dll
2016-09-29 11:41:32 877056 ----a-w- C:\Windows\System32\oleaut32.dll
2016-09-29 11:41:31 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2016-09-28 11:20:13 -------- d-----w- C:\Users\Konrad\AppData\Local\Viber
2016-09-12 13:51:43 453192 ----a-w- C:\Windows\System32\drivers\aswNetSec.sys
2016-09-12 13:44:45 53208 ----a-w- C:\Windows\avastSS.scr
2016-09-12 13:43:39 28312 ----a-w- C:\Windows\System32\drivers\aswNetNd6.sys
2016-09-09 09:38:34 11847048 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4CA422E3-AE79-4B4E-BD4A-140F646C5272}\mpengine.dll
.
==================== Find3M ====================
.
2016-10-07 20:05:00 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-09-13 19:20:13 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-09-13 19:20:13 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-09-13 18:27:31 969184 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2016-09-12 13:45:20 163416 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2016-09-12 13:45:19 292704 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2016-09-12 13:45:18 74544 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2016-09-12 13:45:18 37656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2016-09-12 13:45:18 108816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2016-09-12 13:45:17 103064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2016-09-12 13:43:58 37144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2016-09-02 15:40:18 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-09-02 15:35:48 706280 ----a-w- C:\Windows\System32\winload.efi
2016-09-02 15:35:47 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-09-02 15:35:47 5548264 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-09-02 15:35:47 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-09-02 15:34:22 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-09-02 15:31:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-09-02 15:31:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-09-02 15:31:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-09-02 15:31:02 215552 ----a-w- C:\Windows\System32\winsrv.dll
2016-09-02 15:31:02 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-09-02 15:31:01 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-09-02 15:31:00 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-09-02 15:31:00 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-09-02 15:31:00 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-09-02 15:31:00 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-09-02 15:21:25 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-09-02 15:21:25 3944680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-09-02 15:18:23 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-09-02 15:02:33 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-09-02 15:02:29 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-09-02 15:02:29 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-09-02 15:01:47 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-09-02 14:58:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-09-02 14:57:53 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-09-02 14:55:12 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-09-02 14:54:40 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-09-02 14:54:38 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-09-02 14:53:56 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-09-02 14:53:52 112640 ----a-w- C:\Windows\System32\smss.exe
2016-09-02 14:53:18 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-09-02 14:49:51 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-09-02 14:49:49 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-09-02 14:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-09-02 14:49:49 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-09-02 14:49:04 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-09-02 14:48:57 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-09-02 14:48:57 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-02 14:48:57 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-02 14:48:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-09-01 03:18:32 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-09-01 02:48:10 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-09-01 02:46:36 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-09-01 02:46:11 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-09-01 02:46:04 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-09-01 02:44:20 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-09-01 02:24:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-09-01 02:23:43 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-09-01 01:59:47 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-09-01 01:29:35 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-09-01 01:29:30 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-09-01 01:24:36 4607488 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-09-01 00:43:05 2445824 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-09-01 00:40:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-09-01 00:40:38 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-09-01 00:25:20 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-09-01 00:24:36 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-09-01 00:24:29 417792 ----a-w- C:\Windows\System32\html.iec
2016-09-01 00:24:09 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-09-01 00:24:02 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-09-01 00:11:19 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-09-01 00:11:18 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-09-01 00:10:55 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-09-01 0008 6047232 ----a-w- C:\Windows\System32\jscript9.dll
2016-09-01 00:03:41 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-08-31 23:51:30 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-08-31 23:27:32 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-08-31 23:26:53 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-08-31 23:10:42 2921472 ----a-w- C:\Windows\System32\wininet.dll
2016-07-26 13:24:24 504488 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 23:05:35.77 ===============
Attached Files
File Type: txt attach.txt (23.3 KB, 392 views)
konradgoat is offline  
Sponsored Links
Advertisement
 
Old 10-09-2016, 12:52 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

It appears you had(have?) some corruption on your disk drive back in January:

Quote:
01/10/2016 13:13:52, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
01/10/2016 13:00:40, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
Have you already addressed this? If not, we'll have to address that later.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-10-2016, 01:50 PM   #3
Registered Member
 
Join Date: Aug 2009
Location: United Kingdom
Posts: 360
OS: Windows 7 Ultimate



Quote:
Originally Posted by chemist View Post
------------------------------------------------------
It appears you had(have?) some corruption on your disk drive back in January:

01/10/2016 13:13:52, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
01/10/2016 13:00:40, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

Have you already addressed this? If not, we'll have to address that later.
------------------------------------------------------
I will perform the requested tasks tomorrow. With the above, is that UK date format as I am based in the UK.
konradgoat is offline  
Sponsored Links
Advertisement
 
Old 10-11-2016, 05:02 AM   #4
Registered Member
 
Join Date: Aug 2009
Location: United Kingdom
Posts: 360
OS: Windows 7 Ultimate



FRST


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2016
Ran by Konrad (administrator) on KONRADS-LAPTOP (11-10-2016 12:37:06)
Running from C:\Users\Konrad\Desktop
Loaded Profiles: Konrad (Available Profiles: Konrad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\puush\puush.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Users\Konrad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\nacl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(GlavSoft LLC.) C:\Program Files\Soluto\SolutoRemoteService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1710568 2015-08-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25422456 2016-10-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Run: [Google Update] => C:\Users\Konrad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] ()
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Run: [MusicManager] => C:\Users\Konrad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29544576 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Run: [GoogleChromeAutoLaunch_8C8E02FCC9EE5A921802778B643384D5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [966760 2016-09-25] (Google Inc.)
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\MountPoints2: {2d61272a-6b74-11e5-88a3-848f69d0ca79} - E:\OnePlus_USB_Drivers_Setup.exe
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\MountPoints2: {2ff22d40-c397-11e5-a7af-848f69d0ca79} - E:\OnePlus_setup.exe /s
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\...\MountPoints2: {caba26ea-d3fd-11e2-94ea-848f69d0ca79} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [155792 2015-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155792 2015-09-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-12] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-03-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-03-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-03-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-03-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-07] (Dropbox, Inc.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2450798707-1284015858-288600777-1001] => proxy01.aylesbury.ac.uk:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39B6B3BE-B41C-40A5-B9D0-4AD70326972A}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{58B4591B-A821-4102-88B1-338261BBD7C0}: [DhcpNameServer] 82.132.254.2 82.132.254.3
Tcpip\..\Interfaces\{5E731D65-A90C-4DE5-BDD9-1437EE8E6222}: [NameServer] 0.0.0.0
Tcpip\..\Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8394EC30-360A-482C-B4FD-780A46EFDF0E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CA76966B-0BF3-4F1E-B580-245768E0EFB5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://public-box.ru/start
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://public-box.ru/start
HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {D4D2132D-F0D8-461D-B6D9-81C0BAB8672E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D4D2132D-F0D8-461D-B6D9-81C0BAB8672E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D4D2132D-F0D8-461D-B6D9-81C0BAB8672E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2450798707-1284015858-288600777-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2450798707-1284015858-288600777-1001 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2450798707-1284015858-288600777-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2450798707-1284015858-288600777-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-12] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Konrad\AppData\Roaming\Zotero\Zotero\Profiles\lceb8be7.default [2014-10-09]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\[email protected] [2014-04-27] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\[email protected] [2014-04-27] [not signed]
FF ProfilePath: C:\Users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\x4zn239g.default [2016-10-11]
FF NewTab: Mozilla\Firefox\Profiles\x4zn239g.default -> hxxp://www.google.com/firefox
FF DefaultSearchEngine,S: Mozilla\Firefox\Profiles\x4zn239g.default ->
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\x4zn239g.default ->
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\x4zn239g.default -> Google
FF SearchEngineOrder.1,S: Mozilla\Firefox\Profiles\x4zn239g.default ->
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\x4zn239g.default -> Google
FF SelectedSearchEngine,S: Mozilla\Firefox\Profiles\x4zn239g.default ->
FF Keyword.URL: Mozilla\Firefox\Profiles\x4zn239g.default -> hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Extension: (Pushbullet) - C:\Users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\x4zn239g.default\Extensions\[email protected] [2016-09-01]
FF Extension: (LastPass) - C:\Users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\x4zn239g.default\Extensions\[email protected] [2016-09-04]
FF Extension: (Adblock Plus) - C:\Users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\x4zn239g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-09-06]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-09-27] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-09-27] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-12]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-09-18] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2450798707-1284015858-288600777-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Konrad\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2450798707-1284015858-288600777-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Konrad\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2450798707-1284015858-288600777-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Konrad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-16] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2450798707-1284015858-288600777-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-09-18] (Pando Networks)
FF Plugin HKU\S-1-5-21-2450798707-1284015858-288600777-1001: SkypePlugin -> C:\Users\Konrad\AppData\Local\SkypePlugin\7.25.0.32\npGatewayNpapi.dll [2016-09-01] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2450798707-1284015858-288600777-1001: SkypePlugin64 -> C:\Users\Konrad\AppData\Local\SkypePlugin\7.25.0.32\npGatewayNpapi-x64.dll [2016-09-01] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2450798707-1284015858-288600777-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-08-20] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://g.uk.msn.com/USCON/2
CHR StartupUrls: Default -> "hxxp://www.facebook.com/","hxxp://mail.google.com/","hxxp://www.google.co.uk/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default [2016-10-11]
CHR Extension: (Angry Birds) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-13]
CHR Extension: (Google Drive) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Surgeon Simulator) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbhjgfeaaddcgbinlgbnfhdmgjoclpkb [2015-04-18]
CHR Extension: (3D Flight Simulator) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhffmffkfnolleobomempelngogdmod [2015-04-18]
CHR Extension: (Skype Calling) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-06-15]
CHR Extension: (YouTube) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-26]
CHR Extension: (Pushbullet) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-08-11]
CHR Extension: (Google Search) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Rail Simulator) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkghogephhhmljcbeofglnlpifafbpef [2015-04-18]
CHR Extension: (WillItRunOut Retirement Simulator) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\emojncnadlkkopnpioiojfmcjidfmjig [2015-04-18]
CHR Extension: (Avast SafePrice) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-11]
CHR Extension: (Google Play Music) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-10-01]
CHR Extension: (Google Docs Offline) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (A Journey through Middle-earth) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-11-26]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-10-10]
CHR Extension: (Avast Online Security) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-06]
CHR Extension: (Helium Backup) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpglbgbpeobllokpmeagpoagjbfknanl [2016-10-03]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2015-04-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-08-26]
CHR Extension: (OkayFreedom) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfnbbbkabnehoejfhcbbhdicagcoobji [2016-06-15]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-09-12]
CHR Extension: (AllCast Receiver) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbljnpdahefgnopeohlaeohgkiidnoe [2016-09-28]
CHR Extension: (Grammarly for Chrome) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-10-01]
CHR Extension: (StayFocusd) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-10-17]
CHR Extension: (Skype) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-09-28]
CHR Extension: (Qmee) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2016-06-01]
CHR Extension: (Google Hangouts) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-09-01]
CHR Extension: (Slinky Modern) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nilnodhmmonndffbejancdeiggflcehi [2015-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]
CHR HKU\S-1-5-21-2450798707-1284015858-288600777-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-12] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-09-12] (AVAST Software)
R2 CronService; c:\Windows\Prey\wpxsvc.exe [611854 2015-10-10] (Fork, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-07] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [41576 2016-10-07] (Dropbox, Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S3 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5179760 2014-06-18] (Binary Fortress Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
U3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-01-05] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-03-31] (Electronic Arts)
R3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-07-10] ()
S3 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
S3 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182848 2013-11-14] (Soluto)
R3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-11-14] (GlavSoft LLC.) [File not signed]
S3 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [319384 2011-12-15] (WDC)
S3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [246688 2011-12-16] (Western Digital)
S3 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1977224 2011-12-15] (Western Digital )
S3 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338264 2011-12-15] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-12] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-09-12] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [453192 2016-09-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-12] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows (R) Win 7 DDK provider)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299312 2015-09-14] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-11-13] (Anchorfree Inc.)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Konrad\Downloads\RealTemp_370\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-11 12:37 - 2016-10-11 12:45 - 00043979 _____ C:\Users\Konrad\Desktop\FRST.txt
2016-10-11 12:36 - 2016-10-11 12:37 - 00000000 ____D C:\FRST
2016-10-11 12:14 - 2016-10-11 12:22 - 00000000 ____D C:\AdwCleaner
2016-10-11 12:13 - 2016-10-11 12:13 - 02407424 _____ (Farbar) C:\Users\Konrad\Desktop\FRST64.exe
2016-10-11 12:12 - 2016-10-11 12:12 - 03874368 _____ C:\Users\Konrad\Desktop\AdwCleaner.exe
2016-10-11 12:09 - 2016-10-11 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-09 18:28 - 2016-10-09 18:28 - 00000000 _____ C:\Users\Konrad\AppData\Local\{92494479-F871-43D8-9B84-E98DA5F7CCB1}
2016-10-09 16:51 - 2016-10-09 16:51 - 00318913 _____ C:\Users\Konrad\Documents\Conrad_Gauthier_CV_Thomson2016.pdf
2016-10-08 23:02 - 2016-10-08 23:02 - 00688992 ____R (Swearware) C:\Users\Konrad\Downloads\dds(1).scr
2016-10-08 22:44 - 2016-10-08 22:44 - 11374528 _____ (VS Revo Group ) C:\Users\Konrad\Downloads\RevoUninProSetup.exe
2016-10-08 22:44 - 2016-10-08 22:44 - 00001039 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-10-08 22:44 - 2016-10-08 22:44 - 00000000 ____D C:\Users\Konrad\AppData\Local\VS Revo Group
2016-10-08 22:44 - 2016-10-08 22:44 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-10-08 22:44 - 2016-10-08 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-10-08 22:44 - 2016-10-08 22:44 - 00000000 ____D C:\Program Files\VS Revo Group
2016-10-08 22:44 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-10-08 13:12 - 2016-10-08 13:12 - 00184481 _____ C:\Users\Konrad\Downloads\SCC_COMUNICADOS_PI_Batch0100151115480b48eab52600.pdf
2016-10-08 13:12 - 2016-10-08 13:12 - 00156591 _____ C:\Users\Konrad\Downloads\SCC_COMUNICADOS_PI_Batch010015111576c3b256833100.pdf
2016-10-07 21:03 - 2016-10-07 21:03 - 22851472 _____ (Malwarebytes ) C:\Users\Konrad\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-07 18:45 - 2016-10-07 18:45 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-07 18:45 - 2016-10-07 18:45 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-07 18:45 - 2016-10-07 18:45 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-07 18:45 - 2016-10-07 18:45 - 00041576 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-04 17:31 - 2016-10-04 17:31 - 00029914 _____ C:\Users\Konrad\Downloads\449883.pdf
2016-10-04 12:51 - 2016-10-04 12:51 - 00016706 _____ C:\Users\Konrad\Downloads\Dissertation supervisor list.xlsx
2016-10-04 11:05 - 2016-10-08 23:05 - 00037886 _____ C:\Users\Konrad\Desktop\dds.txt
2016-10-04 11:05 - 2016-10-08 23:05 - 00023864 _____ C:\Users\Konrad\Desktop\attach.txt
2016-10-04 11:00 - 2016-10-04 11:00 - 00688992 ____R (Swearware) C:\Users\Konrad\Downloads\dds.scr
2016-10-02 12:21 - 2016-08-05 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-02 12:21 - 2016-08-05 16:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-10-01 21:43 - 2016-10-01 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-10-01 21:43 - 2016-10-01 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-10-01 13:34 - 2016-06-06 17:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-01 13:34 - 2016-06-06 17:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-01 13:34 - 2016-06-06 17:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-01 13:34 - 2016-06-06 17:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-01 13:34 - 2016-06-06 16:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-01 13:34 - 2016-06-06 16:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-01 13:34 - 2016-06-06 16:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-01 13:34 - 2016-06-06 16:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-01 13:34 - 2016-05-13 23:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-10-01 13:34 - 2016-05-13 23:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-10-01 13:34 - 2016-05-13 23:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-10-01 13:34 - 2016-05-13 23:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-10-01 13:34 - 2016-05-13 22:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-10-01 13:34 - 2016-05-13 22:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-10-01 13:34 - 2016-05-13 22:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-10-01 13:34 - 2016-05-13 22:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-10-01 13:34 - 2016-05-13 22:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-10-01 13:34 - 2016-05-13 22:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-10-01 13:34 - 2016-05-13 22:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-10-01 13:34 - 2016-05-13 22:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-10-01 13:34 - 2016-05-13 22:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-10-01 13:34 - 2016-05-13 22:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-10-01 13:34 - 2016-05-13 22:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-10-01 13:34 - 2016-05-13 22:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-10-01 13:34 - 2016-05-12 18:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-10-01 13:34 - 2016-05-12 16:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-10-01 13:34 - 2016-05-12 16:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-10-01 13:34 - 2016-05-04 18:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-10-01 13:34 - 2016-05-04 18:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-10-01 13:34 - 2016-05-04 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-10-01 13:34 - 2016-05-04 18:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-01 13:34 - 2016-05-04 18:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-10-01 13:34 - 2016-05-04 18:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-10-01 13:34 - 2016-05-04 18:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-10-01 13:34 - 2016-05-04 18:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-10-01 13:34 - 2016-05-04 18:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-01 13:34 - 2016-05-04 18:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-10-01 13:34 - 2016-05-04 16:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-10-01 13:34 - 2016-05-04 15:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-29 12:44 - 2016-08-12 17:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-29 12:44 - 2016-08-12 17:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-29 12:44 - 2016-08-12 17:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-29 12:43 - 2016-09-01 20:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-29 12:43 - 2016-09-01 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-29 12:43 - 2016-09-01 04:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-29 12:43 - 2016-09-01 04:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-29 12:43 - 2016-09-01 03:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-29 12:43 - 2016-09-01 03:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-29 12:43 - 2016-09-01 03:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-29 12:43 - 2016-09-01 03:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-29 12:43 - 2016-09-01 03:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-29 12:43 - 2016-09-01 03:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-29 12:43 - 2016-09-01 03:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-29 12:43 - 2016-09-01 03:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-29 12:43 - 2016-09-01 03:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-29 12:43 - 2016-09-01 03:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-29 12:43 - 2016-09-01 03:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-29 12:43 - 2016-09-01 03:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-29 12:43 - 2016-09-01 03:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-29 12:43 - 2016-09-01 02:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-29 12:43 - 2016-09-01 02:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-29 12:43 - 2016-09-01 02:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-29 12:43 - 2016-09-01 02:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-29 12:43 - 2016-09-01 02:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-29 12:43 - 2016-09-01 02:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-29 12:43 - 2016-09-01 02:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-29 12:43 - 2016-09-01 02:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-29 12:43 - 2016-09-01 02:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-29 12:43 - 2016-09-01 02:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-29 12:43 - 2016-09-01 02:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-29 12:43 - 2016-09-01 02:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-29 12:43 - 2016-09-01 01:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-29 12:43 - 2016-09-01 01:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-29 12:43 - 2016-09-01 01:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-29 12:43 - 2016-09-01 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-29 12:43 - 2016-09-01 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-29 12:43 - 2016-09-01 01:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-29 12:43 - 2016-09-01 01:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-29 12:43 - 2016-09-01 01:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-29 12:43 - 2016-09-01 01:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-29 12:43 - 2016-09-01 01:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-29 12:43 - 2016-09-01 01:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-29 12:43 - 2016-09-01 01:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-29 12:43 - 2016-09-01 01:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-29 12:43 - 2016-09-01 01:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-29 12:43 - 2016-09-01 01:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-29 12:43 - 2016-09-01 01:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-29 12:43 - 2016-09-01 01:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-29 12:43 - 2016-09-01 01:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-29 12:43 - 2016-09-01 01:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-29 12:43 - 2016-09-01 01:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-29 12:43 - 2016-09-01 01:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-29 12:43 - 2016-09-01 00:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-29 12:43 - 2016-09-01 00:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-29 12:43 - 2016-09-01 00:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-29 12:43 - 2016-09-01 00:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-29 12:43 - 2016-09-01 00:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-29 12:43 - 2016-09-01 00:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-29 12:43 - 2016-09-01 00:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-29 12:43 - 2016-09-01 00:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-29 12:43 - 2016-09-01 00:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-29 12:43 - 2016-09-01 00:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-29 12:43 - 2016-09-01 00:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-29 12:43 - 2016-09-01 00:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-29 12:43 - 2016-09-01 00:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-29 12:43 - 2016-09-01 00:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-29 12:43 - 2016-08-31 23:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-29 12:43 - 2016-08-31 23:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-29 12:43 - 2016-07-07 16:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-29 12:42 - 2016-09-02 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-29 12:42 - 2016-09-02 16:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-29 12:42 - 2016-09-02 16:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-29 12:42 - 2016-09-02 16:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-29 12:42 - 2016-09-02 16:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-29 12:42 - 2016-09-02 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-29 12:42 - 2016-09-02 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-29 12:42 - 2016-09-02 16:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-29 12:42 - 2016-09-02 16:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-29 12:42 - 2016-09-02 16:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-29 12:42 - 2016-09-02 16:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-29 12:42 - 2016-09-02 16:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-29 12:42 - 2016-09-02 16:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-29 12:42 - 2016-09-02 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-29 12:42 - 2016-09-02 16:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-29 12:42 - 2016-09-02 16:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-29 12:42 - 2016-09-02 16:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-29 12:42 - 2016-09-02 16:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 16:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-29 12:42 - 2016-09-02 16:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-29 12:42 - 2016-09-02 16:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-29 12:42 - 2016-09-02 16:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-29 12:42 - 2016-09-02 15:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-29 12:42 - 2016-09-02 15:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-29 12:42 - 2016-09-02 15:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-29 12:42 - 2016-09-02 15:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-29 12:42 - 2016-09-02 15:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-29 12:42 - 2016-09-02 15:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-29 12:42 - 2016-09-02 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-29 12:42 - 2016-09-02 15:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-29 12:42 - 2016-09-02 15:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-29 12:42 - 2016-09-02 15:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-29 12:42 - 2016-09-02 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-29 12:42 - 2016-09-02 15:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-29 12:42 - 2016-09-02 15:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-29 12:42 - 2016-09-02 15:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 15:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-29 12:42 - 2016-09-02 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-29 12:42 - 2016-07-07 16:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-29 12:42 - 2016-07-07 16:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-29 12:42 - 2016-07-07 16:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-29 12:42 - 2016-07-01 16:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-29 12:42 - 2016-07-01 16:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-29 12:42 - 2016-07-01 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-29 12:42 - 2016-07-01 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-29 12:41 - 2016-08-16 18:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-29 12:41 - 2016-08-16 03:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-29 12:41 - 2016-08-16 03:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-29 12:41 - 2016-08-06 16:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-29 12:41 - 2016-08-06 16:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-28 13:32 - 2016-09-28 13:32 - 17824256 _____ C:\Users\Konrad\Downloads\Lecture 1 - Introduction.ppt
2016-09-28 13:31 - 2016-09-28 13:32 - 12244574 _____ C:\Users\Konrad\Downloads\AI601 Lecture Week 1 260916.pptx
2016-09-28 12:20 - 2016-09-28 12:20 - 00000000 ____D C:\Users\Konrad\AppData\Local\Viber
2016-09-27 15:22 - 2016-10-11 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-12 21:36 - 2016-09-12 21:36 - 00139434 _____ C:\Users\Konrad\Downloads\7fda416d-61aa-4644-a913-2c2a3c45c085.pdf
2016-09-12 19:54 - 2016-09-30 20:00 - 00003902 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458691553
2016-09-12 14:59 - 2016-09-12 14:59 - 00001884 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-09-12 14:59 - 2016-09-12 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-09-12 14:51 - 2016-09-12 14:43 - 00453192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-09-12 14:45 - 2016-09-12 14:45 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-09-12 14:44 - 2016-09-12 14:44 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-09-12 14:43 - 2016-09-12 14:43 - 00028312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-11 12:45 - 2012-04-18 19:41 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-11 12:45 - 2012-04-18 16:54 - 00000000 ____D C:\Users\Konrad\AppData\Roaming\Spotify
2016-10-11 12:43 - 2012-04-18 16:54 - 00000000 ____D C:\Users\Konrad\AppData\Local\Spotify
2016-10-11 12:40 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-11 12:40 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-11 12:34 - 2012-04-22 12:30 - 00000000 ___RD C:\Users\Konrad\Dropbox
2016-10-11 12:29 - 2015-08-20 18:18 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-10-11 12:28 - 2012-05-12 09:59 - 00000442 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-10-11 12:27 - 2012-05-09 20:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-11 12:26 - 2015-08-20 18:18 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-10-11 12:26 - 2012-04-14 02:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-11 12:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-11 12:20 - 2012-04-14 01:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-11 12:17 - 2012-05-09 20:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-11 12:16 - 2012-04-18 16:46 - 00000000 ____D C:\Users\Konrad\AppData\Local\Adobe
2016-10-11 12:14 - 2012-04-18 16:50 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450798707-1284015858-288600777-1001UA.job
2016-10-11 12:10 - 2015-06-21 13:20 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-10 23:36 - 2012-04-18 17:04 - 00000000 ____D C:\Users\Konrad\AppData\Roaming\TS3Client
2016-10-10 22:14 - 2012-04-18 16:50 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450798707-1284015858-288600777-1001Core.job
2016-10-10 21:48 - 2012-04-18 17:04 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-10-09 23:30 - 2012-04-18 17:36 - 00000000 ____D C:\Users\Konrad\AppData\Roaming\.minecraft
2016-10-09 23:12 - 2009-07-14 06:13 - 00890506 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-09 23:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-10-09 12:13 - 2016-09-03 13:11 - 00000000 ____D C:\Users\Konrad\AppData\Roaming\Skype
2016-10-08 21:59 - 2015-10-16 21:15 - 00000000 ____D C:\Users\Konrad\AppData\Roaming\ViberPC
2016-10-07 21:05 - 2014-11-03 21:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-07 21:03 - 2014-11-03 21:28 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-07 21:03 - 2014-11-03 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-07 21:03 - 2014-11-03 21:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-07 18:24 - 2015-08-20 18:18 - 00003904 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-10-07 18:24 - 2015-08-20 18:18 - 00003652 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-10-03 16:05 - 2015-11-26 13:20 - 00000000 ____D C:\Users\Konrad\Documents\Euro Truck Simulator 2
2016-10-03 16:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-03 15:55 - 2012-12-26 16:44 - 00000000 ____D C:\ProgramData\Origin
2016-10-03 15:46 - 2013-02-12 20:46 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-10-01 21:43 - 2016-03-23 01:06 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-10-01 21:43 - 2016-03-23 01:06 - 00001141 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-10-01 21:43 - 2015-04-18 14:32 - 00002327 _____ C:\Users\Konrad\Desktop\Chrome App Launcher.lnk
2016-10-01 21:43 - 2014-01-03 19:26 - 00002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-01 21:43 - 2014-01-03 19:26 - 00002243 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-01 21:43 - 2013-01-06 21:03 - 00001219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-10-01 21:43 - 2013-01-06 21:03 - 00001207 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-01 13:18 - 2013-01-06 21:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-01 12:50 - 2009-07-14 05:45 - 05177368 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-01 12:49 - 2013-03-14 14:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-01 12:49 - 2013-03-14 14:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-30 20:07 - 2013-03-14 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-28 13:42 - 2015-01-03 15:41 - 00001340 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2016-09-27 11:53 - 2013-02-12 20:46 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-09-27 11:46 - 2015-05-20 22:39 - 00000000 ____D C:\Users\Konrad\AppData\Local\Dropbox
2016-09-13 20:20 - 2012-04-14 01:00 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 20:20 - 2012-04-14 01:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 20:20 - 2012-04-14 01:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 20:20 - 2012-04-14 01:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 20:20 - 2012-04-14 01:00 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 19:27 - 2013-02-12 20:46 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-09-12 14:45 - 2014-10-15 18:06 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-09-12 14:45 - 2014-10-15 18:06 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-09-12 14:45 - 2013-03-08 11:08 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-09-12 14:45 - 2013-03-08 11:08 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-09-12 14:45 - 2013-02-12 20:46 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-09-12 14:45 - 2013-02-12 20:46 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-09-12 14:43 - 2016-03-23 01:05 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

==================== Files in the root of some directories =======

2013-06-26 20:07 - 2014-06-22 15:57 - 0003701 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-07-27 19:37 - 2016-02-15 21:32 - 0000132 _____ () C:\Users\Konrad\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-09-18 20:00 - 2012-10-16 10:16 - 0001774 _____ () C:\Users\Konrad\AppData\Roaming\KONRADS-LAPTOP.MTBF.txt
2014-08-05 11:57 - 2014-08-05 11:57 - 0000050 _____ () C:\Users\Konrad\AppData\Roaming\mbam.context.scan
2012-11-13 19:38 - 2012-11-13 19:38 - 0579274 _____ () C:\Users\Konrad\AppData\Roaming\technic-launcher.jar
2012-09-18 20:00 - 2012-10-16 10:26 - 0000936 _____ () C:\Users\Konrad\AppData\Roaming\__AvidCloudManager.log
2012-09-18 20:00 - 2012-10-08 11:44 - 0000780 _____ () C:\Users\Konrad\AppData\Roaming\__AvidCloudManagerPrevious.log
2012-07-26 14:59 - 2014-09-01 23:11 - 0001456 _____ () C:\Users\Konrad\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-04-19 12:33 - 2016-03-15 19:18 - 0022016 _____ () C:\Users\Konrad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-25 12:48 - 2016-06-24 23:16 - 0007607 _____ () C:\Users\Konrad\AppData\Local\Resmon.ResmonCfg
2013-06-12 16:41 - 2013-06-12 16:41 - 0000080 _____ () C:\Users\Konrad\AppData\Local\X-Plane Installer.prf
2013-06-12 16:42 - 2013-06-12 16:48 - 0000015 _____ () C:\Users\Konrad\AppData\Local\X-Plane_drm.prf
2013-06-12 15:24 - 2013-06-12 15:24 - 0000042 _____ () C:\Users\Konrad\AppData\Local\x-plane_install_10.txt
2016-01-06 12:57 - 2016-01-06 12:57 - 0000000 _____ () C:\Users\Konrad\AppData\Local\{029CBF4B-1AD7-43E9-9171-F16BA1297EDF}
2016-10-09 18:28 - 2016-10-09 18:28 - 0000000 _____ () C:\Users\Konrad\AppData\Local\{92494479-F871-43D8-9B84-E98DA5F7CCB1}
2014-12-16 14:18 - 2014-12-16 14:18 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Konrad\AppData\Local\Temp\6354.exe
C:\Users\Konrad\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Konrad\AppData\Local\Temp\libeay32.dll
C:\Users\Konrad\AppData\Local\Temp\msvcr120.dll
C:\Users\Konrad\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Konrad\AppData\Local\Temp\sqlite3.dll
C:\Users\Konrad\AppData\Local\Temp\{68686116-3AD6-4FD7-B48E-2242B073E9E8}-DropboxClient_7.3.25.exe
C:\Users\Konrad\AppData\Local\Temp\{80302A9E-FD75-4B02-A218-F2FB0E592D89}-DropboxClient_8.3.16.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-25 14:44

==================== End of FRST.txt ============================


---------------------------------------------------------------------------------------

In relation to your disk drive corruption question, I have not touched anything but believe the date is for October rather than November.
Attached Files
File Type: txt Addition.txt (108.6 KB, 69 views)
konradgoat is offline  
Old 10-11-2016, 05:03 AM   #5
Registered Member
 
Join Date: Aug 2009
Location: United Kingdom
Posts: 360
OS: Windows 7 Ultimate



AdwCleaner

# AdwCleaner v6.021 - Logfile created 11/10/2016 at 12:22:15
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-07.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Konrad - KONRADS-LAPTOP
# Running from : C:\Users\Konrad\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\ContinueToSave
[-] Folder deleted: C:\Users\Konrad\AppData\Roaming\newSI_608
[-] Folder deleted: C:\Users\Konrad\AppData\Local\AVG Secure Search
[-] Folder deleted: C:\Users\Konrad\AppData\Local\Conduit
[-] Folder deleted: C:\Users\Konrad\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\Konrad\AppData\LocalLow\AVG Secure Search
[-] Folder deleted: C:\Users\Konrad\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\Konrad\AppData\Roaming\Babylon
[-] Folder deleted: C:\Users\Konrad\AppData\Roaming\NCdownloader
[-] Folder deleted: C:\Users\Konrad\AppData\Roaming\OpenCandy
[-] Folder deleted: C:\Users\Konrad\AppData\Roaming\SetMyHomePage
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\Babylon
[-] Folder deleted: C:\ProgramData\StarApp
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Babylon
[#] Folder deleted on reboot: C:\ProgramData\Application Data\StarApp
[-] Folder deleted: C:\Program Files (x86)\1ClickDownload
[-] Folder deleted: C:\Program Files (x86)\AVG Secure Search
[-] Folder deleted: C:\Program Files (x86)\Conduit
[#] Folder deleted on reboot: C:\Program Files (x86)\continuetosave
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search


***** [ Files ] *****

[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[-] File deleted: C:\Users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\x4zn239g.default\invalidprefs.js
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\x4zn239g.default\searchplugins\conduit-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\5eed8d1b36eba41
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT3072253
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT3220468
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[-] Key deleted: HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\speedupmypc
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\speedupmypc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Key deleted: HKU\.DEFAULT\Software\AVG Secure Search
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\1ClickDownload
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\AVG Secure Search
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\BabylonToolbar
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\DataMngr
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\DataMngr_Toolbar
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\IGearSettings
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\SetMyHomePage
[#] Key deleted on reboot: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\Datamngr
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\Spark
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\AppDataLow\SProtector
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Secure Search
[#] Key deleted on reboot: HKCU\Software\1ClickDownload
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\AVG Secure Search
[#] Key deleted on reboot: HKCU\Software\BabylonToolbar
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\DataMngr
[#] Key deleted on reboot: HKCU\Software\DataMngr_Toolbar
[#] Key deleted on reboot: HKCU\Software\IGearSettings
[#] Key deleted on reboot: HKCU\Software\SetMyHomePage
[#] Key deleted on reboot: HKCU\Software\Datamngr
[#] Key deleted on reboot: HKCU\Software\Spark
[#] Key deleted on reboot: HKCU\Software\AppDataLow\SProtector
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKLM\SOFTWARE\AVG Secure Search
[-] Key deleted: HKLM\SOFTWARE\AVG Security Toolbar
[-] Key deleted: HKLM\SOFTWARE\Babylon
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\DataMngr
[-] Key deleted: HKLM\SOFTWARE\SP Global
[-] Key deleted: HKLM\SOFTWARE\SProtector
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[#] Key deleted on reboot: HKLM\SOFTWARE\Uniblue\DriverScanner
[-] Key deleted: HKLM\SOFTWARE\systweak
[#] Key deleted on reboot: HKLM\SOFTWARE\Datamngr
[#] Key deleted on reboot: [x64] HKCU\Software\1ClickDownload
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\AVG Secure Search
[#] Key deleted on reboot: [x64] HKCU\Software\BabylonToolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\DataMngr
[#] Key deleted on reboot: [x64] HKCU\Software\DataMngr_Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\IGearSettings
[#] Key deleted on reboot: [x64] HKCU\Software\SetMyHomePage
[#] Key deleted on reboot: [x64] HKCU\Software\Datamngr
[#] Key deleted on reboot: [x64] HKCU\Software\Spark
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\SProtector
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2450798707-1284015858-288600777-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] c:\windows\syswow64\nvinit.dll C:\Windows\SysWOW64\nvinit.dll
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key deleted: HKLM\SOFTWARE\Classes\s
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "aol_toolbar.default.homepage.check" - false
[-] Chrome preferences cleaned: "aol_toolbar.default.search.check" - false
[-] Chrome preferences cleaned: "browser.search.hiddenOneOffs" - "Yahoo,Bing,Amazon.com,Conduit Search,DuckDuckGo,eBay,Twitter"
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.prtkDS" - 0
[-] Chrome preferences cleaned: "extensions.BabylonToolbar.prtkHmpg" - 0
[-] Chrome preferences cleaned: "sweetim.toolbar.previous.browser.search.defaultenginename" - ""
[-] Chrome preferences cleaned: "sweetim.toolbar.previous.browser.search.selectedEngine" - ""
[-] Chrome preferences cleaned: "sweetim.toolbar.previous.browser.startup.homepage" - ""
[-] Chrome preferences cleaned: "sweetim.toolbar.previous.keyword.URL" - ""
[-] Chrome preferences cleaned: "sweetim.toolbar.scripts.1.domain-blacklist" - ""
[-] Chrome preferences cleaned: "sweetim.toolbar.searchguard.UserRejectedGuard_DS" - ""
[-] Chrome preferences cleaned: "sweetim.toolbar.searchguard.UserRejectedGuard_HP" - ""
[-] Chrome preferences cleaned: "sweetim.toolbar.searchguard.enable" - ""
[-] [C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ejpbbhjlbipncjklfjjaedaieimbmdda
[-] [C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ndibdjnfmopecpmkdieinmbadjfpblof


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [15434 Bytes] - [11/10/2016 12:22:15]
C:\AdwCleaner\AdwCleaner[S0].txt - [15338 Bytes] - [11/10/2016 12:18:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [15582 Bytes] ##########
konradgoat is offline  
Old 10-11-2016, 01:20 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You are running illegal copies of Adobe softwares.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-11-2016, 01:41 PM   #7
Registered Member
 
Join Date: Aug 2009
Location: United Kingdom
Posts: 360
OS: Windows 7 Ultimate



I am sorry about that, I am planning to remove these as I used to use these quite often and I am able to get legal copies which I plan to install once my computer is clean.
konradgoat is offline  
Old 10-12-2016, 08:29 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Until they are removed, we can provide no help. Sorry.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-14-2016, 02:05 PM   #9
Registered Member
 
Join Date: Aug 2009
Location: United Kingdom
Posts: 360
OS: Windows 7 Ultimate



Quote:
Originally Posted by chemist View Post
Until they are removed, we can provide no help. Sorry.
I have removed the Malware/Adware myself using the following tools. I am no longer facing issues:

Avast Internet Security AntiVirus
AdwCleaner
Malwarebytes Anti-Malware
HitmanPro
Zemana AntiMalware
konradgoat is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Android Malware Hides as Microsoft Word File, Steals and Emails User Data to Attacker
Android Malware Hides as Microsoft Word File, Steals and Emails User Data to Attacker - Softpedia
JMH3143 Computer Security News 0 10-30-2015 10:39 PM
CoreBot malware evolves overnight into virulent banking Trojan
CoreBot malware evolves overnight into virulent banking Trojan | ZDNet
JMH3143 Computer Security News 0 09-11-2015 07:35 PM
Jun27 New Banking Malware Uses Network Sniffing for Data Theft
New Banking Malware Uses Network Sniffing for Data Theft | Security Intelligence Blog | Trend Micro
JMH3143 Computer Security News 0 06-28-2014 05:37 PM
Police arrest three over ransom malware attacks
The UK’s Police Central e-Crime Unit (PCeU) has announced the arrest of three of three people in connection with alleged ransom malware attacks against PC users. In what counts as the first significant arrests for this type of malware made in the UK, the two men and a woman were picked up in...
Glaswegian Computer Security News 0 12-13-2012 01:00 PM
Customised malware attacks grow increasingly widespread
The rising popularity of custom malware and the inability of antivirus software to keep pace poses potent challenges for enterprises trying to keep their systems secure. It's no secret that the goal of modern malware writers is to create attack software that is stealthy and flows undetected for...
Glaswegian Computer Security News 0 03-21-2011 01:35 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:58 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts