Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AdwCleaner & Junkware Removal Tool not working ? [Closed]

Started by peterlonz , Oct 17 2015 12:00 AM
Malware cleaners

  • This topic is locked This topic is locked

#1
peterlonz
Posted 17 October 2015 - 12:00 AM

peterlonz

    New Member

  • Member
  • Pip
  • 2 posts

I have just updated both JRT & AdwCleaner.

Ran both then ran again within minutes; result same stuff deleted or reset.

So clearly some malware is identified by both programs but the deletions don't "stick".

Posted below are the files in question:

JRT re-run with V7.6.4 (Sept 28th):
[C:\Users\Peter\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Peter\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Peter\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Peter\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
Using AdwCleaner V5.013
File Deleted : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
 
My PC is dawdling with internet speed, taking ages to respond hence I ran the malware checks.
Avast is my regular AV - always running in background.
Also ran Malwarebytes premium (trial program) which identified nothing.
 
Why are the above file so persistent?
Are those files important; IE should I be concerned?
Greatly appreciate some help.
Thanks

  • 0

Advertisements

#2
Valinorum
Posted 17 October 2015 - 12:08 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Post the Farbar Recovery Scan Tool log after reading the instructions from here along with the full logs from AdwCleaner and Junkware Removal Tool.
  • 0

#3
peterlonz
Posted 17 October 2015 - 12:53 AM

peterlonz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Thanks for the very prompt response - Here goes:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-10-2015
Ran by Peter (administrator) on PETERS-PC (17-10-2015 16:43:03)
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Everything\Everything.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(4Team Corporation) C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Everything\Everything.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(4Team) C:\Program Files (x86)\4Team Corporation\SafePSTBackup Shadow Copy Service\SafePST.ShadowCopySvc.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SSD Scope] => C:\Program Files (x86)\Transcend\SSD Scope\SSD Scope.exe [1753408 2014-12-22] (Transcend Information, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-08-15] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-24] (AVAST Software)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5306776 2014-11-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [603904 2014-10-17] (Acronis International GmbH)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-3423806842-194857219-1914000354-1000\...\Run: [Safe PST Backup] => C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe [5162832 2014-08-05] (4Team Corporation)
HKU\S-1-5-21-3423806842-194857219-1914000354-1000\...\Run: [ToolwizTimeFreeze] => C:\Program Files\Toolwiz Time Freeze 2015\ToolwizTimeFreeze.exe [1662712 2015-02-25] (Toolwiz)
HKU\S-1-5-21-3423806842-194857219-1914000354-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3423806842-194857219-1914000354-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [12771872 2015-07-30] (SecureMix LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-24] (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-02-21]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
BootExecute: PDBoot.exeautocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 61.9.211.33 61.9.211.1
Tcpip\..\Interfaces\{2FA55BC6-F3A3-43CB-9F8F-E3C67592CBB8}: [DhcpNameServer] 61.9.211.33 61.9.211.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3423806842-194857219-1914000354-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-04] (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-02-21] (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-04] (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-02-21] (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-02-21] (LastPass)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-28] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-03] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-02-21] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-03] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-03] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-02-21] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-03] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3423806842-194857219-1914000354-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-03] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3423806842-194857219-1914000354-1000: pcpitstop.com/PCMaticPlugin -> C:\Users\Peter\AppData\Roaming\PCPitstop\PC Matic Plugin\1.0.0.1\npPCMaticPlugin.1.0.0.1.dll [2013-07-22] (PC Pitstop LLC)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-24]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com.au/
CHR StartupUrls: Default -> "hxxps://www.google.com.au/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-02-22]
CHR Extension: (Google Slides) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-02-27]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2015-02-22]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-22]
CHR Extension: (PDF to Image Converter - Smallpdf.com) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdjphgkjkhhifnbgjbebfjombdagokn [2015-02-22]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-22]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-22]
CHR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-22]
CHR Extension: (Do Not Track) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdcpbflcbeillmamogkpmdhnbeggfja [2015-02-22]
CHR Extension: (Adblock for Youtube™) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-22]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-22]
CHR Extension: (Tabs Outliner) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2015-02-22]
CHR Extension: (Picture Downloader Professional) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eodejnpnekkneapkicljnillpeodnlak [2015-02-22]
CHR Extension: (Google Sheets) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-02-22]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-02-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-22]
CHR Extension: (Yah's Link Checker for Chrome) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hobijieodegdbpakkfiopclcljnomfnj [2015-02-22]
CHR Extension: (Pixlr Editor) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-02-27]
CHR Extension: (Chrome to Mobile) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2015-02-22]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2015-02-22]
CHR Extension: (Skype Click to Call) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-28]
CHR Extension: (Google Maps) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-02-22]
CHR Extension: (mail.com MailCheck) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpebgcnlaohcgdfhbffjajlnpifdkllg [2015-03-01]
CHR Extension: (Capture, Explain and Send Screenshots) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin [2015-02-27]
CHR Extension: (TabCopy) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\micdllihgoppmejpecmkilggmaagfdmb [2015-02-22]
CHR Extension: (AdSweep) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\milkhonmecplandlkfbjplfbdenjlkmp [2015-02-22]
CHR Extension: (tinyFilter - Reliable Content Filtering) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli [2015-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-22]
CHR Extension: (Readability) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2015-02-22]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-24] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [File not signed]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7438880 2015-07-30] (SecureMix LLC)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 SafePSTShadowCopy; C:\Program Files (x86)\4Team Corporation\SafePSTBackup Shadow Copy Service\SafePST.ShadowCopySvc.exe [16736 2014-08-05] (4Team)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-12] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [241400 2015-10-14] (RaMMicHaeL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-24] (AVAST Software)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-06-09] (Samsung Electronics Co., Ltd.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-02-24] (Acronis International GmbH)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2015-02-24] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [234784 2015-02-24] (Acronis International GmbH)
R0 TWZDISK; C:\Windows\System32\Drivers\TWZDISK.sys [73360 2015-02-25] (Toolwiz.com)
R1 TWZFILE; C:\Windows\System32\Drivers\TWZFILE.sys [43152 2015-02-25] (Toolwiz.com)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2013-12-16] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2013-12-16] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2013-12-16] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-17 16:43 - 2015-10-17 16:43 - 00028364 _____ C:\Users\Peter\Desktop\FRST.txt
2015-10-17 16:42 - 2015-10-17 16:43 - 00000000 ____D C:\FRST
2015-10-17 16:39 - 2015-10-17 16:39 - 02196480 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2015-10-17 15:30 - 2015-10-17 15:30 - 00068768 _____ C:\Users\Peter\Downloads\memtest86+-4.10.iso.zip
2015-10-17 15:08 - 2015-10-17 15:08 - 24535627 _____ C:\Users\Peter\Downloads\smplayer-15.9.0-x64.exe
2015-10-17 15:08 - 2015-10-17 15:08 - 24535627 _____ C:\Users\Peter\Downloads\smplayer-15.9.0-x64 (1).exe
2015-10-17 15:05 - 2015-10-17 15:05 - 00001083 _____ C:\Users\Peter\Desktop\AdwCleaner.exe - Shortcut.lnk
2015-10-17 15:04 - 2015-10-17 15:04 - 00001024 _____ C:\Users\Peter\Desktop\JRT.exe - Shortcut.lnk
2015-10-17 14:27 - 2015-10-17 16:01 - 00001699 _____ C:\Users\Peter\Documents\AdwCleaner[S22].txt
2015-10-17 08:11 - 2015-10-02 04:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-17 08:11 - 2015-10-02 04:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-17 08:11 - 2015-10-02 04:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-17 08:11 - 2015-10-02 04:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-17 08:11 - 2015-10-02 04:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-17 08:11 - 2015-10-02 04:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-17 08:11 - 2015-10-02 04:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-17 08:11 - 2015-10-02 03:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-17 08:11 - 2015-10-02 03:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-17 08:11 - 2015-09-29 13:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-17 08:11 - 2015-09-29 13:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-17 08:11 - 2015-09-29 13:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-17 08:11 - 2015-09-29 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-17 08:11 - 2015-09-29 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-17 08:11 - 2015-09-29 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-17 08:11 - 2015-09-29 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-17 08:11 - 2015-09-29 13:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-17 08:11 - 2015-09-29 13:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-17 08:11 - 2015-09-29 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-17 08:11 - 2015-09-29 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-17 08:11 - 2015-09-29 13:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-17 08:11 - 2015-09-29 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-17 08:11 - 2015-09-29 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-17 08:11 - 2015-09-29 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-17 08:11 - 2015-09-29 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-17 08:11 - 2015-09-29 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-17 08:11 - 2015-09-29 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-17 08:11 - 2015-09-29 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-17 08:11 - 2015-09-29 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-17 08:11 - 2015-09-29 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-17 08:11 - 2015-09-29 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-17 08:11 - 2015-09-29 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-17 08:11 - 2015-09-29 13:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-17 08:11 - 2015-09-29 13:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-17 08:11 - 2015-09-29 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-17 08:11 - 2015-09-29 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-17 08:11 - 2015-09-29 13:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 13:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-17 08:11 - 2015-09-29 12:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-17 08:11 - 2015-09-29 12:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-17 08:11 - 2015-09-29 12:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-17 08:11 - 2015-09-29 12:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-17 08:11 - 2015-09-29 12:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-17 08:11 - 2015-09-29 12:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-17 08:11 - 2015-09-29 12:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-17 08:11 - 2015-09-29 12:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-17 08:11 - 2015-09-29 12:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-17 08:11 - 2015-09-29 12:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-17 08:11 - 2015-09-29 12:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-17 08:11 - 2015-09-29 12:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-17 08:11 - 2015-09-29 12:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-17 08:11 - 2015-09-29 12:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-17 08:11 - 2015-09-29 12:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 12:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 11:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-17 08:11 - 2015-09-29 11:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-17 08:11 - 2015-09-29 11:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-17 08:11 - 2015-09-29 11:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-17 08:11 - 2015-09-29 11:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-17 08:11 - 2015-09-29 11:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 11:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 11:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-17 08:11 - 2015-09-29 11:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-17 08:11 - 2015-09-26 04:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-17 08:11 - 2015-09-26 04:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-17 08:11 - 2015-09-26 04:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-17 08:11 - 2015-09-26 04:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-17 08:11 - 2015-09-26 04:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-17 08:11 - 2015-09-26 04:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-17 08:11 - 2015-09-26 04:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-17 08:11 - 2015-09-26 04:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-17 08:11 - 2015-09-26 04:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-17 08:11 - 2015-09-26 04:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-17 08:11 - 2015-09-26 04:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-17 08:11 - 2015-09-26 03:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-17 08:11 - 2015-09-26 03:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-17 08:11 - 2015-09-26 03:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-17 08:11 - 2015-09-26 03:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-17 08:11 - 2015-09-26 03:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-17 08:11 - 2015-09-19 05:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-17 08:11 - 2015-09-19 04:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-17 08:11 - 2015-09-16 14:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-17 08:11 - 2015-09-16 14:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-17 08:11 - 2015-09-16 14:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-17 08:11 - 2015-09-16 14:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-17 08:11 - 2015-09-16 14:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-17 08:11 - 2015-09-16 14:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-17 08:11 - 2015-09-16 14:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-17 08:11 - 2015-09-16 14:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-17 08:11 - 2015-09-16 14:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-17 08:11 - 2015-09-16 14:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-17 08:11 - 2015-09-16 14:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-17 08:11 - 2015-09-16 14:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-17 08:11 - 2015-09-16 14:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-17 08:11 - 2015-09-16 14:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-17 08:11 - 2015-09-16 14:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-17 08:11 - 2015-09-16 14:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-17 08:11 - 2015-09-16 14:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-17 08:11 - 2015-09-16 14:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-17 08:11 - 2015-09-16 13:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-17 08:11 - 2015-09-16 13:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-17 08:11 - 2015-09-16 13:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-17 08:11 - 2015-09-16 13:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-17 08:11 - 2015-09-16 13:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-17 08:11 - 2015-09-16 13:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-17 08:11 - 2015-09-16 13:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-17 08:11 - 2015-09-16 13:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-17 08:11 - 2015-09-16 13:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-17 08:11 - 2015-09-16 13:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-17 08:11 - 2015-09-16 13:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-17 08:11 - 2015-09-16 13:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-17 08:11 - 2015-09-16 13:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-17 08:11 - 2015-09-16 13:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-17 08:11 - 2015-09-16 13:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-17 08:11 - 2015-09-16 13:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-17 08:11 - 2015-09-16 13:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-17 08:11 - 2015-09-16 13:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-17 08:11 - 2015-09-16 13:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-17 08:11 - 2015-09-16 13:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-17 08:11 - 2015-09-16 13:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-17 08:11 - 2015-09-16 13:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-17 08:11 - 2015-09-16 13:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-17 08:11 - 2015-09-16 13:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-17 08:11 - 2015-09-16 13:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-17 08:11 - 2015-09-16 13:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-17 08:11 - 2015-09-16 13:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-17 08:11 - 2015-09-16 13:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-17 08:11 - 2015-09-16 13:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-17 08:11 - 2015-09-16 13:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-17 08:11 - 2015-09-16 13:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-17 08:11 - 2015-09-16 13:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-17 08:11 - 2015-09-16 13:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-17 08:11 - 2015-09-16 13:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-17 08:11 - 2015-09-16 12:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-17 08:11 - 2015-09-16 12:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-17 08:11 - 2015-09-16 12:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-17 08:11 - 2015-09-16 12:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-17 08:11 - 2015-09-16 12:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-17 08:11 - 2015-09-16 12:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-17 08:11 - 2015-09-16 12:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-17 08:11 - 2015-09-16 12:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-17 08:11 - 2015-09-16 12:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-17 08:11 - 2015-09-16 12:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-17 08:11 - 2015-09-16 04:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-17 08:11 - 2015-09-16 04:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-17 08:11 - 2015-09-16 04:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-17 08:11 - 2015-09-16 04:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-17 08:11 - 2015-09-16 04:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-17 08:11 - 2015-09-16 04:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-17 08:11 - 2015-09-16 04:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-17 08:11 - 2015-09-16 04:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-17 08:11 - 2015-09-16 04:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-17 08:11 - 2015-09-16 03:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-17 08:11 - 2015-09-16 03:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-17 08:11 - 2015-09-16 03:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-17 08:11 - 2015-09-16 03:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-17 08:11 - 2015-08-07 04:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-17 08:11 - 2015-08-07 04:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-17 08:11 - 2015-08-07 03:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-17 08:11 - 2015-08-07 03:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-17 08:10 - 2015-09-19 05:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-17 08:10 - 2015-09-19 05:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-17 08:10 - 2015-09-19 05:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-17 08:10 - 2015-09-19 05:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-17 08:10 - 2015-09-19 05:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-17 08:10 - 2015-09-19 05:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-17 08:10 - 2015-09-19 05:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-17 08:10 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-16 14:42 - 2015-10-16 14:46 - 192345080 _____ C:\Users\Peter\Documents\X Factor 2008 FINAL_ Alexandra Burke - Hallelujah_ FULL HD.avi
2015-10-16 14:36 - 2015-10-16 14:41 - 277587280 _____ C:\Users\Peter\Documents\Ashly Williams' Emotional _I Will Always Love You_ Prompts Tears - THE X FACTOR USA 2013.avi
2015-10-16 13:44 - 2015-10-16 13:45 - 52258556 _____ C:\Users\Peter\Documents\Marty Robbins - El Paso.avi
2015-10-16 13:42 - 2015-10-16 13:42 - 34677188 _____ C:\Users\Peter\Documents\The Master's Call - Marty Robbins (1).avi
2015-10-16 11:36 - 2015-10-16 11:36 - 34677188 _____ C:\Users\Peter\Documents\The Master's Call - Marty Robbins.avi
2015-10-16 11:35 - 2015-10-16 11:36 - 12059050 _____ C:\Users\Peter\Documents\Marty Robbins - Utah Carol.avi
2015-10-16 11:35 - 2015-10-16 11:35 - 25421518 _____ C:\Users\Peter\Documents\Marty Robbins Sings 'Running Gun.'.avi
2015-10-16 11:34 - 2015-10-16 11:35 - 38876554 _____ C:\Users\Peter\Documents\Marty Robbins Sings 'Red River Valley.'.avi
2015-10-16 11:32 - 2015-10-16 11:32 - 15725530 _____ C:\Users\Peter\Documents\The Yellow Rose of Texas.avi
2015-10-16 11:31 - 2015-10-16 11:32 - 34619590 _____ C:\Users\Peter\Documents\Wand'rin' Star - Lee Marvin.avi
2015-10-16 11:29 - 2015-10-16 11:31 - 66509254 _____ C:\Users\Peter\Documents\Lee Marvin I was born under a Wandering Star remastered.avi
2015-10-16 11:29 - 2015-10-16 11:29 - 25966102 _____ C:\Users\Peter\Documents\Do not forsake me_ My Darling. (High Noon).avi
2015-10-16 11:28 - 2015-10-16 11:29 - 13864866 _____ C:\Users\Peter\Documents\Marty Robbins - The Hanging Tree.avi
2015-10-13 18:06 - 2015-10-13 18:06 - 00298216 _____ C:\Windows\Minidump\101315-19827-01.dmp
2015-10-09 08:57 - 2015-10-09 08:58 - 68686208 _____ C:\Users\Peter\Downloads\618632633001_4418894251001_4418847588001.mp4
2015-10-09 08:57 - 2015-10-09 08:58 - 61900224 _____ C:\Users\Peter\Downloads\618632633001_4459888388001_4459739622001.mp4
2015-10-06 17:50 - 2015-10-06 20:07 - 823307664 _____ C:\Users\Peter\Downloads\Adriana Sephora - InTheCrack fanny & leg show .mp4
2015-10-06 15:40 - 2014-01-23 11:25 - 366260392 _____ C:\Users\Peter\Downloads\Adriana Sephora - InTheCrack fanny show .wmv
2015-10-06 15:29 - 2015-10-06 15:49 - 118708189 _____ C:\Users\Peter\Downloads\Adriana Sephora - Speculum applied unique view .mp4
2015-10-05 18:21 - 2015-06-17 06:48 - 114677390 _____ C:\Users\Peter\Downloads\Virtual Girl - HD vid of solo strip .mp4
2015-10-05 09:33 - 2015-10-05 09:33 - 00002883 _____ C:\Users\Peter\Documents\Distilliong Diggers meths - refer Whirlpool forum..txt
2015-10-02 20:53 - 2015-03-27 22:53 - 279909560 _____ C:\Users\Peter\Downloads\Cameron Dee - HD BJ only .mp4
2015-10-02 20:41 - 2015-10-02 21:09 - 259390980 _____ C:\Users\Peter\Downloads\Cameron Dee - Teaser clip .mp4
2015-09-30 22:49 - 2015-09-30 22:53 - 00015563 ____H C:\Users\Peter\Documents\~WRL3226.tmp
2015-09-30 15:28 - 2015-10-13 18:06 - 358041994 _____ C:\Windows\MEMORY.DMP
2015-09-30 15:28 - 2015-09-30 15:28 - 00298216 _____ C:\Windows\Minidump\093015-19500-01.dmp
2015-09-24 05:53 - 2015-09-24 05:53 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-24 05:53 - 2015-09-24 05:53 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-23 16:18 - 2015-09-23 16:18 - 00001125 _____ C:\Users\Peter\Desktop\mbar-1.09.3.1001.exe - Shortcut.lnk
2015-09-23 16:09 - 2015-09-23 16:18 - 00000000 ____D C:\Users\Peter\Desktop\mbar
2015-09-22 10:37 - 2015-09-24 13:59 - 00015553 ____H C:\Users\Peter\Documents\~WRL1995.tmp
2015-09-21 08:30 - 2015-07-17 05:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-21 08:30 - 2015-07-17 05:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-09-21 08:30 - 2015-07-17 05:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-09-21 08:30 - 2015-07-17 05:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-21 08:30 - 2015-07-17 05:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-09-21 08:30 - 2015-07-17 05:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-09-21 08:30 - 2015-07-11 23:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-17 16:42 - 2015-07-18 10:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-17 16:16 - 2015-02-22 11:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-17 16:08 - 2015-02-22 20:25 - 00000000 ____D C:\Users\Peter\Documents\Outlook Files
2015-10-17 16:04 - 2015-02-21 16:43 - 00000000 ____D C:\EEK
2015-10-17 15:39 - 2015-02-22 08:16 - 01926952 _____ C:\Windows\WindowsUpdate.log
2015-10-17 15:39 - 2015-02-21 15:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-17 15:38 - 2015-02-21 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 15:38 - 2015-02-21 16:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 15:34 - 2009-07-14 14:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-17 15:34 - 2009-07-14 14:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-17 15:25 - 2015-09-15 11:35 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-17 15:25 - 2015-04-08 12:55 - 00010982 _____ C:\Windows\setupact.log
2015-10-17 15:25 - 2015-02-22 11:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-17 15:25 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-17 15:24 - 2015-02-21 15:16 - 00000000 ____D C:\AdwCleaner
2015-10-17 14:34 - 2009-07-14 15:13 - 00006406 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-17 14:13 - 2015-04-15 16:54 - 00000000 ____D C:\Users\Peter\Documents\Mitsubishi GTO stuff
2015-10-17 09:26 - 2015-04-16 09:43 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-17 09:26 - 2015-04-16 09:43 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-17 08:20 - 2015-02-23 16:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-17 08:19 - 2015-02-22 16:59 - 00000000 ____D C:\Windows\system32\MRT
2015-10-17 08:16 - 2015-02-22 16:59 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-17 08:14 - 2009-07-14 12:34 - 00000478 _____ C:\Windows\win.ini
2015-10-16 19:09 - 2015-02-22 10:47 - 00000000 ____D C:\Users\Peter\AppData\Roaming\XnView
2015-10-16 14:03 - 2015-02-22 14:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-14 10:37 - 2015-04-05 10:04 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-10-13 18:06 - 2015-02-22 18:44 - 00000000 ____D C:\Windows\Minidump
2015-10-12 21:24 - 2015-02-21 15:23 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-10-08 11:57 - 2015-06-02 10:00 - 00000000 ____D C:\Users\Peter\Documents\New folder
2015-10-06 09:53 - 2015-04-07 09:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-06 09:53 - 2015-04-07 09:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-05 09:50 - 2015-02-21 16:13 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-02-21 16:13 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-05 09:50 - 2015-02-21 15:58 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-01 15:07 - 2015-02-22 14:12 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2015-10-01 13:58 - 2015-02-22 14:12 - 00000000 ____D C:\ProgramData\Skype
2015-10-01 13:58 - 2015-02-21 15:28 - 00000000 ____D C:\ProgramData\Unchecky
2015-09-30 15:28 - 2015-04-27 10:09 - 00244052 _____ C:\Windows\PFRO.log
2015-09-28 00:08 - 2015-02-21 16:21 - 00000000 ____D C:\Users\Peter\AppData\Roaming\tixati
2015-09-24 05:53 - 2015-02-24 11:54 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-24 05:53 - 2015-02-24 11:54 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-24 05:53 - 2015-02-24 11:54 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-24 05:53 - 2015-02-24 11:54 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-24 05:53 - 2015-02-24 11:54 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-24 05:53 - 2015-02-24 11:54 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-24 05:53 - 2015-02-24 11:54 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-24 05:53 - 2015-02-24 11:54 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-24 05:53 - 2015-02-24 11:54 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-23 17:30 - 2015-07-25 11:34 - 00000000 ____D C:\Users\Peter\Documents\Aquarium & Goldfish stuff
2015-09-23 16:18 - 2015-02-21 15:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-21 21:57 - 2015-02-21 15:39 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-21 21:57 - 2015-02-21 15:39 - 00000986 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-21 21:57 - 2015-02-21 15:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-19 13:26 - 2015-02-21 17:00 - 00000000 ____D C:\Program Files\Everything
2015-09-17 19:44 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-09-17 10:11 - 2015-02-22 11:48 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 10:11 - 2015-02-22 11:48 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-02-21 17:01 - 2015-02-21 17:01 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-04-27 10:11 - 2015-04-27 10:11 - 0000000 _____ () C:\Users\Peter\AppData\Local\{58956028-A9F3-4B55-882D-046C2269F11A}
2015-02-22 10:36 - 2015-02-22 10:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Peter\AppData\Local\Temp\Quarantine.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-17 19:37
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-10-2015
Ran by Peter (2015-10-17 16:43:24)
Running from C:\Users\Peter\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-02-21 04:17:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3423806842-194857219-1914000354-500 - Administrator - Disabled)
Guest (S-1-5-21-3423806842-194857219-1914000354-501 - Limited - Disabled)
Peter (S-1-5-21-3423806842-194857219-1914000354-1000 - Administrator - Enabled) => C:\Users\Peter
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4Team Safe PST Backup Free Edition (HKLM-x32\...\{E8586440-78BF-42B5-A1B9-3F581AF25FA4}) (Version: 2.40.0527 - 4Team Corporation)
7-Zip 9.35 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0935-000001000000}) (Version: 9.35.00.0 - Igor Pavlov)
Acronis True Image 2015 (HKLM-x32\...\{9C48ED33-4A66-4299-B274-BD8110AB6EAA}Visible) (Version: 18.0.6525 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6525 - Acronis) Hidden
Acronis Universal Boot Media Builder (HKLM-x32\...\{8FAB072E-6028-4BCD-A6CD-D179E4860073}) (Version: 11.5.38938 - Acronis)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
BigPond Broadband Cable (HKLM\...\{C6D290C0-5C74-469A-8F6D-6F0852D719DC}) (Version: 6.1.223.0 - Telstra Corporation Limited)
ChrisPC Free VideoTube Downloader 7.75 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version:  - Chris P.C. srl)
ChrisPC VideoTube Downloader Pro 7.60 (HKLM-x32\...\{6006089C-84B5-4F18-8113-9876543210ED}_is1) (Version:  - Chris P.C. srl)
CrystalDiskInfo 6.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.0 - Crystal Dew World)
EaseUS Todo Backup Free 8.0  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.0 - CHENGDU YIWO Tech Development Co., Ltd)
Eassos PartitionGuru Free 3.7.0 (HKLM\...\{971F12D0-D834-4BAC-BD22-8769EBA08106}_is1) (Version:  - Eassos Co., Ltd.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.4 - Ellora Assets Corporation)
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.21 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7277 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Paragon Backup & Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon Partition Manager™ 15 Professional -nSane- (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PC Matic Plugin (HKLM-x32\...\{A5AEBB0B-A872-4C88-BCC1-C6DC51B3D362}) (Version: 1.0.0.1 - PC Pitstop LLC)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.1 - Tracker Software Products Ltd)
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.37.0.0 - Goversoft LLC)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.78.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Samsung ML-1640 Series (HKLM-x32\...\Samsung ML-1640 Series) (Version:  - Samsung Electronics CO.,LTD)
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.11 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.11.102 - Skype Technologies S.A.)
SMPlayer 14.9.0.6699 (x64) (HKLM\...\SMPlayer) (Version: 14.9.0.6699 - Ricardo Villalba)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Toolwiz Time Freeze 2015 (HKLM-x32\...\{3A74D01E-3AEF-4DF4-8404-0056150C97A3}) (Version: 3.0.0.2000 - Toolwiz)
Transcend SSD Scope version 2.6.0 (HKLM-x32\...\{AD8E7B8B-EAD8-4B9F-882E-7970ABFACE34}_is1) (Version: 2.6.0 - Transcend Information, Inc.)
Unchecky v0.4 (HKLM-x32\...\Unchecky) (Version: 0.4 - RaMMicHaeL)
Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net  (09/25/2008 3.1.0.101) (HKLM\...\B090418E214D6BD6EE18A512A8EE609225AC9279) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.)
Windows Driver Package - NETGEAR Inc. (RTL8187) Net  (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.)
XnView 2.25 (HKLM-x32\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3423806842-194857219-1914000354-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
26-09-2015 08:42:16 Windows Update
27-09-2015 19:00:07 Windows Backup
30-09-2015 08:12:35 Windows Update
03-10-2015 07:28:03 JRT Pre-Junkware Removal
04-10-2015 19:00:12 Windows Backup
06-10-2015 09:53:51 Windows Update
11-10-2015 19:00:10 Windows Backup
17-10-2015 08:12:19 Windows Update
17-10-2015 14:16:55 JRT Pre-Junkware Removal
17-10-2015 14:22:40 JRT Pre-Junkware Removal
17-10-2015 14:31:16 JRT Pre-Junkware Removal
17-10-2015 15:09:37 JRT Pre-Junkware Removal
17-10-2015 15:15:50 JRT Pre-Junkware Removal
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:34 - 2015-10-17 15:25 - 00001291 _RASH C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
 
There are 9 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {216BFC41-0CF3-4A5D-84E7-435966EAD9AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {35B24EED-845E-49CD-861E-68F3415F9959} - \SimpleFiles Installer Starter -> No File <==== ATTENTION
Task: {362FAD74-DD7F-4569-9EBC-94151FD5C075} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-28] (Adobe Systems Incorporated)
Task: {36C2DFF0-D3DD-4F22-A746-2581AF161F06} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe [2014-06-10] ()
Task: {565F8BC1-7E26-4896-A5CD-B35163D55B5B} - System32\Tasks\{F7A1D463-65F1-45BB-8777-575687346C0A} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=12007
Task: {AE4B71D7-02F0-4E4F-9944-477A1C08A809} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-24] (AVAST Software)
Task: {AEDAB5AF-81C6-4D21-96E7-2B3ADAEE2755} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {EA06CDB0-ABD4-47CD-9852-6CB4A01E1CB4} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-15 11:34 - 2015-02-04 12:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-10 13:35 - 2015-03-10 13:35 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2015-02-21 15:37 - 2008-01-11 06:19 - 00022016 _____ () C:\Windows\System32\ssp2ml6.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-21 17:00 - 2014-08-06 11:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2015-02-21 15:37 - 2009-08-15 06:38 - 00614400 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2015-02-21 15:37 - 2008-01-11 07:39 - 00327168 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2015-03-01 18:23 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2015-10-15 20:18 - 2015-10-09 18:59 - 01908040 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll
2015-10-15 20:18 - 2015-10-09 18:59 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll
2015-09-24 05:53 - 2015-09-24 05:53 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-24 05:53 - 2015-09-24 05:53 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-17 07:13 - 2015-10-17 07:13 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15101601\algo.dll
2014-08-05 11:42 - 2014-08-05 11:42 - 00024928 _____ () C:\Program Files (x86)\4Team Corporation\Safe PST Backup\ForTeam.ServiceClient.dll
2014-08-05 11:42 - 2014-08-05 11:42 - 00069976 _____ () C:\Program Files (x86)\4Team Corporation\Safe PST Backup\ForTeam.Settings.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-08-05 11:42 - 2014-08-05 11:42 - 00911192 _____ () C:\Program Files (x86)\4Team Corporation\Safe PST Backup\System.Data.SQLite.dll
2014-08-05 11:42 - 2014-08-05 11:42 - 00030032 _____ () C:\Program Files (x86)\4Team Corporation\Safe PST Backup\ForTeam.Network.dll
2014-08-05 11:42 - 2014-08-05 11:42 - 00015720 _____ () C:\Program Files (x86)\4Team Corporation\Safe PST Backup\ForTeam.ShadowCopyClient.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00280104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00754728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-07-30 16:09 - 2015-07-30 16:09 - 00246304 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll
2015-03-01 18:23 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2015-09-24 05:53 - 2015-09-24 05:53 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-27 10:42 - 2014-11-27 10:42 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-11-27 10:47 - 2014-11-27 10:47 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-11-27 10:44 - 2014-11-27 10:44 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-09-09 10:00 - 2014-09-09 10:00 - 00023576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3423806842-194857219-1914000354-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 61.9.211.33 - 61.9.211.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9BDD63B6-31E1-40BC-8D2B-F042A8CA9799}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{283319D6-55CD-4E2C-8E8C-75778125390E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7D93C459-F211-4C81-96FC-F221FE8E8877}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7BC8F9B3-99E7-4B7A-8525-FDE633818EDE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{A3DBFED2-DDA1-4F75-986D-B9FECA47CCCC}F:\new program downloads dec 2014\tixati torrent downldr\tixati.exe] => (Block) F:\new program downloads dec 2014\tixati torrent downldr\tixati.exe
FirewallRules: [UDP Query User{E65696A4-4B30-43AD-8B00-E5CB284090CC}F:\new program downloads dec 2014\tixati torrent downldr\tixati.exe] => (Block) F:\new program downloads dec 2014\tixati torrent downldr\tixati.exe
FirewallRules: [{057A9C75-A231-4D47-B8AF-5E1578E060CF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{812C89EB-6B27-4B16-935C-2602C052C3C4}F:\new program downloads dec 2014\tixati torrent downldr\tixati.exe] => (Allow) F:\new program downloads dec 2014\tixati torrent downldr\tixati.exe
FirewallRules: [UDP Query User{44FE511A-57F0-4232-8CDC-9A827AA4AE86}F:\new program downloads dec 2014\tixati torrent downldr\tixati.exe] => (Allow) F:\new program downloads dec 2014\tixati torrent downldr\tixati.exe
FirewallRules: [TCP Query User{2F437D04-3812-475A-AE0C-DE3DA1173D5D}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{B9726005-DE3E-4C77-9BFB-2A7A2EDD8293}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{92B61110-8D96-433C-B82E-D5F1EEEA1E89}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F8A1AB09-EE45-4879-8112-218AFC049B08}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{4145A5E7-E864-4003-8677-967B32174EA3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{4599805E-0571-4C01-B66B-C08FE6381971}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{1B869B46-8F7E-4673-ABD8-B92FF487D4EF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{AE6A6E2F-A8DF-4344-BBEB-EC302DD994AB}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{93B04917-D3B4-43B5-AE58-3BC131B65AB5}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{20576BAA-99D3-4BB7-81DD-CF073CF0ACBF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{BEBAD3B8-1EDE-4770-A56B-28910995FA12}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{F40E7044-56DF-4885-B19C-9CE7CCFACDBC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{50F3388C-D619-4615-8DDB-56CA2A53DA4C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{C8076C4E-191F-40A4-B687-B14F11B63907}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{D2757365-3C64-405E-95C8-E074F41D99CD}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{3443DDB0-3559-4E69-8940-A3AB98319193}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{4DF9CA14-44F8-4758-B494-FE744101223C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{97F9DF83-5708-470D-A5E0-5B7E8F83746F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{351207E3-D893-4F47-A7EB-B5C76B12AAEE}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [TCP Query User{6A45F251-E354-484C-99A3-31EC18A86C7D}C:\users\peter\downloads\ffinstonline.exe] => (Allow) C:\users\peter\downloads\ffinstonline.exe
FirewallRules: [UDP Query User{6870B89E-9D09-44CD-885F-B2F349630D18}C:\users\peter\downloads\ffinstonline.exe] => (Allow) C:\users\peter\downloads\ffinstonline.exe
FirewallRules: [TCP Query User{115562EE-83E1-4724-A594-AF8FFC206765}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{666EE50E-84A5-4012-949E-14D53798008B}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{F8A831F5-0845-4216-AC12-49B79CC985C4}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{65EE415B-B32D-4903-B472-504959175884}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{4411DB9E-902D-4F47-B2BF-3ADAC7E26A7A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{CF7727D3-108D-40D4-B6A5-80429F080587}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{1CBB4BF1-E897-433F-B2FB-9BD190F96E99}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C5377C17-445B-4BAE-82CC-FE2953FC5967}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1376199B-8CF5-4753-BC9D-7606386C70F8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{920AE220-3C6F-49CA-A2F0-5070FB769B93}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4CD6449A-2679-44A2-88FF-6D9358ADBFDC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5BB1E60B-3366-405D-A86E-1282D8AA45F9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9958D693-BB57-4318-8E46-C3D5F046E877}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{2D10FA9E-EA71-48A9-9DA5-41FB67157947}C:\windows\keygen.exe] => (Block) C:\windows\keygen.exe
FirewallRules: [UDP Query User{F00E35D8-6713-4E42-BB6E-A735B77934C7}C:\windows\keygen.exe] => (Block) C:\windows\keygen.exe
FirewallRules: [{9ECBF3CD-AD6C-4B7A-9D1E-E7A93024C6D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/17/2015 03:26:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/17/2015 03:22:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/17/2015 03:04:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (10/17/2015 03:04:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (10/17/2015 02:34:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (10/17/2015 02:34:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (10/17/2015 02:29:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/17/2015 02:25:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (10/17/2015 02:25:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (10/17/2015 02:21:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/17/2015 03:25:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%3
 
Error: (10/17/2015 03:25:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:24:18 PM on ‎10/‎17/‎2015 was unexpected.
 
Error: (10/17/2015 03:22:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%3
 
Error: (10/17/2015 03:21:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/17/2015 03:21:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/17/2015 03:21:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Scheduler2 Service service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/17/2015 03:21:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Acronis Sync Agent Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (10/17/2015 03:21:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Acronis Nonstop Backup Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (10/17/2015 03:21:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/17/2015 03:21:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Skype Click to Call PNR Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G3450 @ 3.40GHz
Percentage of memory in use: 71%
Total physical RAM: 3961.22 MB
Available physical RAM: 1136.77 MB
Total Virtual: 7920.65 MB
Available Virtual: 4654.52 MB
 
==================== Drives ================================
 
Drive c: (vssadmin list shadowstorage) (Fixed) (Total:238.37 GB) (Free:98.89 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Suspect HD  ) (Fixed) (Total:244.14 GB) (Free:242.6 GB) NTFS
Drive f: (2Tb HD  ) (Fixed) (Total:345.84 GB) (Free:53.65 GB) NTFS
Drive g: (New 2TB HD  ) (Fixed) (Total:495.7 GB) (Free:232.77 GB) NTFS
Drive h: (New 2Tb HD  ) (Fixed) (Total:488.28 GB) (Free:224.84 GB) NTFS
Drive i: (New 2Tb HD  ) (Fixed) (Total:429.69 GB) (Free:118.39 GB) NTFS
Drive j: (New 2Tb HD  ) (Fixed) (Total:449.22 GB) (Free:210.1 GB) NTFS
Drive k: (Suspect HD  ) (Fixed) (Total:228.38 GB) (Free:228.01 GB) NTFS
Drive l: (2Tb HD  ) (Fixed) (Total:401.08 GB) (Free:0.64 GB) NTFS
Drive m: (2Tb HD  ) (Fixed) (Total:209.96 GB) (Free:130.77 GB) NTFS
Drive n: (2Tb HD  ) (Fixed) (Total:401.72 GB) (Free:55.51 GB) NTFS
Drive o: (2Tb HD  ) (Fixed) (Total:504.41 GB) (Free:131.36 GB) NTFS
Drive r: (Suspect HD  ) (Fixed) (Total:234.37 GB) (Free:224.37 GB) NTFS
Drive s: (Suspect HD  ) (Fixed) (Total:224.61 GB) (Free:224.24 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: DED01C14)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B6C16554)
Partition 1: (Not Active) - (Size=345.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1517.2 GB) - (Type=OF Extended)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B53743CB)
 
Partition: GPT.
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F0823B97)
Partition 1: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=234.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=228.4 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

 

# AdwCleaner v4.203 - Logfile created 17/10/2015 at 14:20:37
# Updated 30/04/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Peter - PETERS-PC
# Running from : F:\New program downloads Dec 2014\adwcleaner_4.203.exe
 
 
File Deleted : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
 
 
From JRT:
 
[C:\Users\Peter\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Peter\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Peter\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Peter\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
And AGAIN when JRT is run again as above for AdwClaeaner:

  • 0

#4
Valinorum
Posted 17 October 2015 - 09:50 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Disable your backup softwares and clear your backup files should there be traces of remnants.


 
  • Step #1 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    • Tixati

    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.
  • Step #2 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
CreateRestorePoints:
CloseProcesses:
EmptyTemp:
FirewallRules: [TCP Query User{2D10FA9E-EA71-48A9-9DA5-41FB67157947}C:\windows\keygen.exe] => (Block) C:\windows\keygen.exe
FirewallRules: [UDP Query User{F00E35D8-6713-4E42-BB6E-A735B77934C7}C:\windows\keygen.exe] => (Block) C:\windows\keygen.exe
C:\windows\keygen.exe
FirewallRules: [TCP Query User{6A45F251-E354-484C-99A3-31EC18A86C7D}C:\users\peter\downloads\ffinstonline.exe] => (Allow) C:\users\peter\downloads\ffinstonline.exe
FirewallRules: [UDP Query User{6870B89E-9D09-44CD-885F-B2F349630D18}C:\users\peter\downloads\ffinstonline.exe] => (Allow) C:\users\peter\downloads\ffinstonline.exe
C:\users\peter\downloads\ffinstonline.exe
FirewallRules: [TCP Query User{2F437D04-3812-475A-AE0C-DE3DA1173D5D}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{B9726005-DE3E-4C77-9BFB-2A7A2EDD8293}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
C:\windows\kmsemulator.exe
Task: {35B24EED-845E-49CD-861E-68F3415F9959} - \SimpleFiles Installer Starter -> No File <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Hosts:
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 

Reset your browser setting by perusing this article.

 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum
  • 0

#5
Valinorum
Posted 21 October 2015 - 09:15 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP