Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017 Ran by Monkey (administrator) on MONKEY-PC (26-02-2017 15:07:00) Running from C:\Users\Monkey\Downloads Loaded Profiles: Monkey (Available Profiles: Monkey) Platform: Windows 7 Ultimate (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-11-14] (Dell Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-13] (Synaptics Incorporated) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-12-09] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1521115235-458228028-669826753-1000\...\Run: [GoogleChromeAutoLaunch_2DFF1AA5B90BEA6D45DCD82164BF15E6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.) ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => -> No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 103.245.69.5 45.112.0.5 Tcpip\..\Interfaces\{2661D3F7-60F6-4E42-94B7-6A391F93C2C1}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{C040B0B9-DD37-4C08-BC60-EEE154FA202A}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{C693CE1F-D9B8-4E48-804C-2DC07FB1D568}: [DhcpNameServer] 103.245.69.5 45.112.0.5 Tcpip\..\Interfaces\{E22AA2DC-01BF-4145-81A0-684EA8807130}: [DhcpNameServer] 103.245.69.5 45.112.0.5 Tcpip\..\Interfaces\{EC0ADC0B-2DBC-444C-8FCC-F2C88ED51CEB}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\S-1-5-21-1521115235-458228028-669826753-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={D0E6528A-E89A-4D90-8B52-9A617AB4168D}&mid=becc194646ef47cca8226dcc1020707f-d92cea63d541b109351f5bac06ea728dbc26f236&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516pii&pr=fr&d=2016-11-26 12:08:44&v=4.3.6.255&pid=wtu&sg=&sap=hp SearchScopes: HKU\S-1-5-21-1521115235-458228028-669826753-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={D0E6528A-E89A-4D90-8B52-9A617AB4168D}&mid=becc194646ef47cca8226dcc1020707f-d92cea63d541b109351f5bac06ea728dbc26f236&lang=en&ds=AVG&coid=avgtbavg&cmpid=1216tb&pr=fr&d=2016-11-26 12:08:44&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1521115235-458228028-669826753-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={D0E6528A-E89A-4D90-8B52-9A617AB4168D}&mid=becc194646ef47cca8226dcc1020707f-d92cea63d541b109351f5bac06ea728dbc26f236&lang=en&ds=AVG&coid=avgtbavg&cmpid=1216tb&pr=fr&d=2016-11-26 12:08:44&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-02-17] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-05-20] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-12-09] (AVG) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-05-20] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-10] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Monkey\AppData\Roaming\Mozilla\Firefox\Profiles\r4e5a9nm.default [2017-02-22] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r4e5a9nm.default -> AVG Secure Search FF Extension: (AVG Web TuneUp) - C:\Users\Monkey\AppData\Roaming\Mozilla\Firefox\Profiles\r4e5a9nm.default\Extensions\avg@toolbar.xpi [2016-12-09] FF Extension: (Collection of all the available BDA Tuning Model Tuning Space objects on this system) - C:\Users\Monkey\AppData\Roaming\Mozilla\Firefox\Profiles\r4e5a9nm.default\Extensions\{D01B2509-CED5-0EED-4F8B-DE83D44650A8} [2016-10-29] [not signed] FF SearchPlugin: C:\Users\Monkey\AppData\Roaming\Mozilla\Firefox\Profiles\r4e5a9nm.default\searchplugins\avg-secure-search.xml [2016-12-09] FF HKU\S-1-5-21-1521115235-458228028-669826753-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-12-09] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN) FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-10] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\new_plugin\npjp2.dll [No File] FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-10] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-02-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-02-13] (Microsoft Corporation) Chrome: ======= CHR DefaultSearchURL: Default -> hxxp://search.mysearch.com/web?q={searchTerms} CHR DefaultSearchKeyword: Default -> http://search.mysearch.com CHR DefaultSuggestURL: Default -> hxxp://search.mysearch.com/ss?sstype=prefix&li=ff&q={searchTerms} CHR Profile: C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default [2017-02-26] CHR Extension: (MySearch) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp [2017-02-11] CHR Extension: (Google Docs) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-26] CHR Extension: (Google Drive) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-26] CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2017-02-25] CHR Extension: (Page Analytics (by Google)) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2016-12-28] CHR Extension: (Google Docs Offline) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-26] CHR Extension: (AdBlock) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25] CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-02-24] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-26] CHR Extension: (Seen On Screen) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemfifkoelgbkgpcbhjlebmcdmffgjff [2017-02-11] CHR Extension: (Save to Pocket) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-02-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Chrome Media Router) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09] CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 vToolbarUpdater40.3.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe [1349704 2016-12-09] (AVG Secure Search) S3 wampapache; c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe [20549 2010-12-31] (Apache Software Foundation) [File not signed] S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [8133120 2010-12-31] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-12-09] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.) R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated) S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-26 15:07 - 2017-02-26 15:07 - 00017361 _____ C:\Users\Monkey\Downloads\FRST.txt 2017-02-26 15:06 - 2017-02-26 15:07 - 00000000 ____D C:\FRST 2017-02-26 15:05 - 2017-02-26 15:06 - 02423296 _____ (Farbar) C:\Users\Monkey\Downloads\FRST64.exe 2017-02-24 20:34 - 2017-02-24 20:34 - 02509303 _____ C:\Users\Monkey\Downloads\POM_Lecture_3.zip 2017-02-24 20:28 - 2017-02-24 20:28 - 00111520 _____ C:\Users\Monkey\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-23 15:48 - 2017-02-23 15:50 - 04999008 _____ C:\Windows\system32\FNTCACHE.DAT 2017-02-16 20:16 - 2017-02-16 20:16 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Reallusion 2017-02-12 15:00 - 2017-02-12 15:00 - 00000000 ___SD C:\Users\Monkey\Documents\My Data Sources 2017-02-11 18:07 - 2017-02-11 18:07 - 00001179 _____ C:\Users\Monkey\Desktop\Client configurator.lnk 2017-02-11 18:07 - 2017-02-11 18:07 - 00001129 _____ C:\Users\Monkey\Desktop\easymeetingClient.lnk 2017-02-11 18:07 - 2017-02-11 18:07 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easymeeting 2017-02-11 18:07 - 2017-02-11 18:07 - 00000000 ____D C:\ProgramData\Easymeeting 2017-02-11 18:06 - 2017-02-11 18:07 - 00000000 ____D C:\Program Files (x86)\Easymeeting 2017-02-11 01:19 - 2017-02-11 01:19 - 00284651 _____ C:\Users\Monkey\Desktop\Prashant_Wakode.pdf 2017-02-10 23:53 - 2017-02-10 23:53 - 00000000 ____D C:\Users\Monkey\.ScreamingFrogSEOSpider 2017-02-10 23:47 - 2017-02-10 23:47 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-02-10 23:47 - 2017-02-10 23:47 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Sun 2017-02-10 23:47 - 2017-02-10 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-02-10 23:46 - 2017-02-10 23:46 - 00000000 ____D C:\ProgramData\Oracle 2017-02-10 23:43 - 2017-02-10 23:43 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Frog SEO Spider 2017-02-10 23:43 - 2017-02-10 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Frog SEO Spider 2017-02-10 23:43 - 2017-02-10 23:43 - 00000000 ____D C:\Program Files (x86)\Screaming Frog SEO Spider ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-08 23:20 - 2016-07-23 18:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-26 15:03 - 2009-07-14 10:15 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-26 15:03 - 2009-07-14 10:15 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-26 15:01 - 2016-07-23 18:23 - 00000000 ____D C:\ProgramData\MFAData 2017-02-26 14:55 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-25 19:38 - 2016-11-06 23:03 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2017-02-23 16:17 - 2016-07-23 18:17 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\vlc 2017-02-23 16:13 - 2017-01-21 17:40 - 00080099 _____ C:\Users\Monkey\Documents\komal.xlsx 2017-02-22 22:59 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf 2017-02-16 20:16 - 2016-09-18 17:32 - 00000000 ____D C:\ProgramData\Creative 2017-02-13 23:33 - 2009-07-14 10:38 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-02-10 23:53 - 2016-07-23 17:42 - 00000000 ____D C:\Users\Monkey 2017-02-10 23:48 - 2016-11-18 15:56 - 00000000 ____D C:\Program Files (x86)\Java 2017-02-10 23:47 - 2016-11-18 15:56 - 00268864 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2017-02-10 23:14 - 2016-07-23 18:24 - 00000000 ____D C:\ProgramData\Adobe 2017-02-10 23:12 - 2016-07-23 18:25 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-02-10 23:11 - 2016-07-23 18:50 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-02-09 15:07 - 2009-07-14 10:43 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-08 23:21 - 2016-12-03 00:02 - 00000000 ____D C:\Users\Monkey\AppData\LocalLow\Mozilla 2017-02-07 23:01 - 2016-07-26 00:58 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 23:01 - 2016-07-26 00:58 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-04 08:01 - 2016-12-06 23:32 - 00000000 ____D C:\ProgramData\VMware 2017-02-04 07:58 - 2016-11-06 17:14 - 00000000 ____D C:\Users\Monkey\AppData\Local\AvgSetupLog 2017-01-27 22:50 - 2016-12-26 00:05 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\DMCache ==================== Files in the root of some directories ======= 2016-10-31 14:46 - 2016-11-05 01:48 - 0000000 ____H () C:\Users\Monkey\AppData\Roaming\wincryptzz.txt 2016-10-10 23:57 - 2016-11-05 01:19 - 0000000 ____H () C:\Users\Monkey\AppData\Roaming\winmgr.txt 2016-10-21 01:19 - 2016-10-21 01:19 - 0000480 ____H () C:\Users\Monkey\AppData\Roaming\½ž’“Ó™œ‰ 2016-11-05 01:10 - 2016-11-05 01:10 - 0007605 _____ () C:\Users\Monkey\AppData\Local\Resmon.ResmonCfg 2016-10-21 01:19 - 2016-10-21 01:19 - 0000008 ____H () C:\ProgramData\@000001.dat 2016-10-21 01:20 - 2016-11-06 17:11 - 0000000 ____H () C:\ProgramData\@system.temp 2016-10-21 01:19 - 2016-11-04 23:16 - 0000656 ____H () C:\ProgramData\@system3.att Files to move or delete: ==================== C:\ProgramData\@000001.dat ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-11-28 21:18 ==================== End of FRST.txt ============================