Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help! Corrupted/infected Windows 7. FRST log is below.

Windows 7 infected

  • Please log in to reply

#1
ally1205

ally1205

    Member

  • Member
  • PipPip
  • 12 posts

Hello,

I'm wondering if you will kindly help... :yes:

         My 64-bit Windows 7 (Home Premium) PC has suddenly developed the rather serious symptoms below. I have pasted my FRST64 scan log at the end of this post. I had to run FRST64 from a flash drive from within  advanced boot options (F8). I have run five antivirus programs: AVG, Bitdefender and Kaspersky from their rescue discs, and AVG, Windows Security Essentials and SuperAntiSpyware from within Windows, as they were already installed. Malware Bytes is also installed, but the bug (or whatever) won't let me run it. Anyway, the symptoms remain unchanged. I have hundreds of programs installed so I am very reluctant to do a factory reset. And the chances are the bug won't even let me do one anyway...

 

Windows Diagnostics found no faults with my HDD, memory or CPU.

 

The symptoms are as follows:

1) I can't install any new programs under Windows, (including  'FRST64' ) When I try to run any new new program associated with scanning, antivirus, or other fix-it tools, the 'User Account Control' popup asks me if I want the program to make changes to my computer. When I click the 'yes' button, the screen goes semi-dark and I have to press ctrl-alt-del and then cancel Task Manager to get rid of the semi-darkened screen and frozen status. The 'User Account Control' popup-box has a link, bottom-right, that offers to let me "change when these notifications appear", but clicking on the link has no effect.

2) I can't uninstall any programs either. Control Panel tells me to "wait until the current program is finished uninstalling or being changed" (which it never does).

3) I cannot start Windows in any of the Safe modes; when I try that, it hangs on the 'Welcome' screen.

4) I often cannot shut down or restart the computer normally; it often takes ages lingering on the 'shutting down' screen, and I sometimes have to hold the power button down to shut down, rather than wait indefinitely.

5) Certain Control Panel features no longer work, such as turning firewall off and troubleshooting as administrator.

 

Remedial steps attempted:

1) I ran AVG free antivirus. All it found was some PUPs. It removed them; there was no change.

2) I ran MS Security Essentials scan. It found one "dangerous virus" called Onaha.A  ...The program quarantined it, but the symptoms remain. It was unable to uninstall the offending freeware program.

3) I ran SuperAntiSpyware. It found nothing.

4) I tried running Malware Bytes, but it won't open (like a lot of my programs: the screen goes semi-dark as soon as I try to run them and I have to press ctrl-alt-del).

5) I ran Hirem's rescue CD and one of the antivirus programs found and deleted 3 trojans, but the symptoms remain. Most of the anti-malware programs on the cd don't run. They may be out of date.

6) I tried restoring WIndows to the only previous restore point (one day old) but there was no change. I thought I had other restore points but it seems not. I may have used third-party programs to save backup points had no longer have the programs on my system.

7) I ran the forllowing antvirus (from rescue discs) but to no avail: AVG, Bitdefender, Kaspersky, AVG

 

I'd love to run some other scans, but my computer won't currently run any diagnostic programs, and doesn't let run anything from a Windows command prompt as administrator either. I do not have a windows 7 disc image to revert to, and I don't have the Windows 7 installation CD. (One was not supplied with this HP Compaq desktop PC, which I purchased about 5 years ago).

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 +++++MY FRST64 SCAN LOG IS BELOW - THANKS A MILLION FOR ANY HELP!++++

This scan was run from a USB stick after booting into 'advanced boot options' (F8)
as I could not install FRST64 under Windows, due to the problems I'm experiencing
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by SYSTEM on MININT-IHQD872 (27-12-2015 20:58:42)
Running from h:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files\Cobian Backup 11\Cobian.exe [720896 2013-03-07] (Luis Cobian, CobianSoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\AA\...\Run: [Kalender] => C:\Program Files (x86)\Kalender\Kalender.exe [933888 2010-08-22] (Ulrich Krebs)
HKU\AA\...\Run: [EPSON Stylus DX7400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE [213504 2007-04-11] (SEIKO EPSON CORPORATION)
HKU\AA\...\Run: [TrueCrypt] => C:\Program Files (x86)\yoyo\tc.exe.exe [1516496 2013-08-24] (TrueCrypt Foundation)
HKU\AA\...\Policies\system: [DisableLockWorkstation] 0
HKU\AA\...\Policies\system: [DisableChangePassword] 0
HKU\AA\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\AA\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ABSTRA~1.SCR
HKU\Default\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
S3 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
S2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)
S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [382312 2015-11-27] (Digital Wave Ltd.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S4 KMWDSERVICE; C:\Program Files (x86)\Multimedia Keyboard Driver\V5\KMWDSrv.exe [2179072 2007-05-08] (UASSOFT.COM)
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 3D Reader\crash-handler-ws.exe [784152 2015-03-06] (LULU SOFTWARE LIMITED)
S3 LxrSII1s; C:\Windows\SysWOW64\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office 2003\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-29] (Microsoft Corporation)
S3 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-30] (Realtek Semiconductor)
S3 Soda PDF 3D Reader; C:\Program Files (x86)\Soda PDF 3D Reader\ws.exe [1860888 2015-03-06] (LULU SOFTWARE LIMITED)
S2 Soda PDF 3D Reader Creator; C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe [623384 2015-03-06] (LULU SOFTWARE LIMITED)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\SystemExplorerService64.exe [712520 2011-09-22] (Mister Group)
S2 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [265928 2011-08-14] (SpeedBit Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF9035BDA; C:\Windows\System32\Drivers\AF9035BDA.sys [488832 2009-05-22] (AfaTech                  )
S0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-25] ()
S2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-25] ()
S2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-25] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-07] (AVG Technologies CZ, s.r.o.)
S3 cpuz136; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [25320 2013-08-24] (CPUID)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 FreeOTFE; C:\Windows\System32\FreeOTFE.sys [38512 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherAES_ltc; C:\Windows\System32\FreeOTFECypherAES_ltc.sys [50800 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherBlowfish; C:\Windows\System32\FreeOTFECypherBlowfish.sys [27760 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherCAST5; C:\Windows\System32\FreeOTFECypherCAST5.sys [34928 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherCAST6_Gladman; C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys [34928 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherDES; C:\Windows\System32\FreeOTFECypherDES.sys [60016 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherMARS_Gladman; C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys [30832 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherRC6_ltc; C:\Windows\System32\FreeOTFECypherRC6_ltc.sys [29296 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherSerpent_Gladman; C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys [35952 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherTwofish_ltc; C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys [35440 2010-02-07] (Sarah Dean)
S1 FreeOTFEHashMD; C:\Windows\System32\FreeOTFEHashMD.sys [22640 2010-02-07] (Sarah Dean)
S1 FreeOTFEHashRIPEMD; C:\Windows\System32\FreeOTFEHashRIPEMD.sys [38512 2010-02-07] (Sarah Dean)
S1 FreeOTFEHashSHA; C:\Windows\System32\FreeOTFEHashSHA.sys [29296 2010-02-07] (Sarah Dean)
S1 FreeOTFEHashTiger; C:\Windows\System32\FreeOTFEHashTiger.sys [26224 2010-02-07] (Sarah Dean)
S1 FreeOTFEHashWhirlpool; C:\Windows\System32\FreeOTFEHashWhirlpool.sys [34928 2010-02-07] (Sarah Dean)
S1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20672 2014-10-17] (Glarysoft Ltd)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-30] (REALiX™)
S2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63064 2009-12-30] (Lexar Media, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MxCamKsFilter; C:\Windows\System32\DRIVERS\MxCamUFilterDrv.sys [14752 2011-07-21] (GorMedia, Inc.)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [626720 2013-04-14] (Realtek Semiconductor Corporation                           )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-11-18] (Duplex Secure Ltd.)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198784 2009-05-25] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-10-30] (wisecleaner.com)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 20:58 - 2015-12-27 20:58 - 00000000 ____D C:\FRST
2015-12-27 12:32 - 2015-12-27 12:34 - 02370560 _____ (Farbar) C:\Users\AA\Downloads\FRST64(1).exe
2015-12-27 01:49 - 2015-12-27 12:20 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-12-27 00:14 - 2015-12-27 00:47 - 282128384 _____ C:\Users\AA\Downloads\kav_rescue_10.iso
2015-12-26 15:21 - 2015-12-26 15:25 - 00000000 ____D C:\RescueCD Logs
2015-12-26 11:23 - 2015-12-26 12:13 - 658247680 _____ C:\Users\AA\Downloads\rescue-system.iso
2015-12-26 11:23 - 2015-12-26 11:25 - 00000000 ____D C:\bootable rescue CDs
2015-12-26 06:23 - 2015-12-26 06:37 - 181379072 _____ C:\Users\AA\Downloads\avg_arl_cdi_all_120_150814a10442.iso
2015-12-26 05:14 - 2015-12-26 05:16 - 21102368 _____ (Tweaking.com) C:\Users\AA\Downloads\tweaking.com_windows_repair_aio_setup(1).exe
2015-12-26 05:08 - 2015-12-26 06:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox-18bb
2015-12-25 10:09 - 2015-12-25 10:09 - 02370560 _____ (Farbar) C:\Users\AA\Downloads\FRST64.exe
2015-12-25 10:09 - 2015-12-25 10:09 - 02370560 _____ (Farbar) C:\Users\AA\Desktop\FRST64.exe
2015-12-25 09:54 - 2015-12-25 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-12-25 09:35 - 2015-12-25 09:36 - 00000000 ____D C:\Program Files\MS-fixit
2015-12-25 09:16 - 2015-12-25 09:16 - 02970424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\AA\Downloads\AVG_PCTuneUp_877.exe
2015-12-25 09:10 - 2015-12-25 09:10 - 00450352 _____ (Microsoft Corporation) C:\Users\AA\Downloads\FixitCenter_Run.exe
2015-12-25 06:57 - 2015-12-25 06:57 - 00000000 ____D C:\Users\AA\AppData\Local\WinZip
2015-12-25 06:55 - 2015-12-25 06:55 - 00002211 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-12-25 06:54 - 2015-12-25 06:56 - 00000000 ____D C:\ProgramData\WinZip
2015-12-25 06:53 - 2015-12-25 06:54 - 00000000 ____D C:\Program Files\WinZip
2015-12-25 05:43 - 2015-12-25 06:39 - 704116294 _____ C:\Users\AA\Downloads\FalconFour's Ultimate Boot CD v4.61.7z
2015-12-25 05:04 - 2015-12-25 05:05 - 00000000 ____D C:\SystemRescueCD
2015-12-25 00:45 - 2015-12-25 00:45 - 00347816 _____ (Microsoft Corporation) C:\Users\AA\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run(1).exe
2015-12-25 00:42 - 2015-12-25 00:42 - 00347816 _____ (Microsoft Corporation) C:\Users\AA\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2015-12-24 10:30 - 2015-12-24 10:31 - 15262808 _____ C:\Users\AA\Downloads\gu5setup(3).exe
2015-12-23 12:57 - 2015-12-25 09:26 - 00577480 _____ C:\Windows\ntbtlog.txt
2015-12-23 11:34 - 2015-12-23 11:35 - 07616070 _____ (WindowsDoctor International LLC ) C:\Users\AA\Downloads\windowsdoctor2800.exe
2015-12-23 02:57 - 2015-12-23 02:57 - 00056982 _____ C:\Users\AA\Downloads\DeEsser(3).ny
2015-12-23 02:23 - 2015-12-23 02:23 - 00056982 _____ C:\Users\AA\Downloads\DeEsser(2).ny
2015-12-22 17:15 - 2015-12-22 17:15 - 00056982 _____ C:\Users\AA\Downloads\DeEsser(1).ny
2015-12-22 16:10 - 2015-12-22 16:10 - 00056982 _____ C:\Users\AA\Downloads\DeEsser.ny
2015-12-22 08:30 - 2015-12-22 08:30 - 00000000 ____D C:\Users\AA\AppData\Local\calibre-cache
2015-12-22 05:38 - 2015-12-22 15:45 - 00000000 ____D C:\Users\AA\Documents\Calibre Library
2015-12-22 05:38 - 2015-12-22 05:38 - 00000926 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-12-22 05:37 - 2015-12-22 05:38 - 00000000 ____D C:\Program Files (x86)\Calibre2
2015-12-22 05:25 - 2015-12-22 05:29 - 66629632 _____ C:\Users\AA\Downloads\calibre-2.47.0.msi
2015-12-15 02:40 - 2015-12-15 02:46 - 64815104 _____ C:\Users\AA\Downloads\wetransfer-7de351.zip
2015-12-11 11:37 - 2015-12-11 11:38 - 14130728 _____ C:\Users\AA\Downloads\Tino.pdf
2015-12-10 03:42 - 2015-12-10 03:42 - 00000830 _____ C:\Users\Public\Desktop\Freeplane.lnk
2015-12-10 03:42 - 2015-12-10 03:42 - 00000000 ____D C:\Users\AA\AppData\Roaming\Freeplane
2015-12-10 03:42 - 2015-12-10 03:42 - 00000000 ____D C:\Program Files\Freeplane
2015-12-10 03:20 - 2015-12-10 03:24 - 24430312 _____ (Open source ) C:\Users\AA\Downloads\Freeplane-Setup-1.3.15.exe
2015-12-09 02:19 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-12-09 02:19 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 02:19 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-12-09 02:19 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 02:19 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 02:19 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 02:19 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 02:19 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-12-09 02:19 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 02:19 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 02:19 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 02:19 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 02:19 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 02:19 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 02:19 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 02:19 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 02:19 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 02:19 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 02:19 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 02:19 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 02:19 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 02:19 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 02:19 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 02:19 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 02:19 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 02:19 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 02:19 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 02:19 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 02:19 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 02:19 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 02:19 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 02:19 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 02:19 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 02:19 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-12-09 02:19 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-12-09 02:19 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-12-09 02:19 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-12-09 02:19 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-12-09 02:19 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-12-09 02:19 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-12-09 02:19 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-12-09 02:19 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-12-09 02:19 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-12-09 02:19 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-12-09 02:19 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-12-09 02:19 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-12-09 02:19 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-12-09 02:19 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-12-09 02:19 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-12-09 02:19 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-12-09 02:19 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-12-09 02:19 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-12-09 02:19 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-12-09 02:19 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-12-09 02:19 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2015-12-09 02:19 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-12-09 02:19 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-12-09 02:19 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-12-09 02:19 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-12-09 02:19 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-12-09 02:19 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-12-09 02:19 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-12-09 02:19 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-12-09 02:19 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-12-09 02:16 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-12-09 02:16 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-12-09 02:16 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 02:16 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 02:16 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 02:16 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 02:16 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 02:16 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\System32\comsvcs.dll
2015-12-09 02:16 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\System32\catsrvut.dll
2015-12-09 02:16 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 02:16 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 02:16 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-12-09 02:16 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-12-09 02:16 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2015-12-09 02:16 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 02:16 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 02:16 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-12-09 02:16 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wshrm.dll
2015-12-09 02:16 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 02:16 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2015-12-09 02:16 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2015-12-09 02:16 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 02:11 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\System32\els.dll
2015-12-09 02:11 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 09:45 - 2015-12-08 09:47 - 22546667 _____ (SSuite Office Software{TM} ) C:\Users\AA\Downloads\NF8xMTM1MzE3NzVf
2015-12-08 02:45 - 2015-12-08 02:45 - 00286949 _____ C:\Users\AA\Downloads\Noteliner363b.zip
2015-12-08 02:45 - 2015-12-08 02:45 - 00000000 ___HD C:\Users\AA\Downloads\.ptmp530141
2015-12-08 01:23 - 2015-12-08 01:23 - 00000000 ____D C:\Users\AA\AppData\Roaming\OpenOffice
2015-12-07 18:23 - 2015-12-07 18:36 - 133575912 _____ C:\Users\AA\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-GB.exe
2015-12-07 18:11 - 2015-12-07 18:11 - 00000954 _____ C:\Users\Public\Desktop\UV Outliner.lnk
2015-12-07 18:11 - 2015-12-07 18:11 - 00000000 ____D C:\Program Files (x86)\UV Outliner
2015-12-07 18:10 - 2015-12-07 18:10 - 01474088 _____ (Fedir Nepyivoda ) C:\Users\AA\Downloads\uvoutliner-setup-2.4.1.exe
2015-12-07 17:59 - 2015-12-07 17:59 - 00000907 _____ C:\Users\AA\Desktop\Ume Outliner Preview Edition.lnk
2015-12-07 17:54 - 2015-12-07 17:54 - 00000000 ____D C:\Program Files (x86)\UmeOutliner
2015-12-07 17:53 - 2015-12-07 17:53 - 00384536 _____ (Shayne Kasai ) C:\Users\AA\Downloads\ume-setup-pre1.1(1).exe
2015-12-07 09:23 - 2015-12-07 09:23 - 00001360 _____ C:\Users\Public\Desktop\Free YouTube To MP3 Converter.lnk
2015-12-07 09:23 - 2015-12-07 09:23 - 00001203 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-12-07 09:22 - 2015-12-07 09:23 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-12-07 09:16 - 2015-12-07 09:21 - 39145112 _____ (DVDVideoSoft Ltd. ) C:\Users\AA\Downloads\FreeYouTubeToMP3Converter(1).exe
2015-12-07 08:18 - 2015-12-07 08:18 - 00000000 ____D C:\Users\AA\AppData\Roaming\YoutubeToMp3Converter
2015-12-07 08:08 - 2015-12-07 08:08 - 00001250 _____ C:\Users\Public\Desktop\Freemake YouTube To MP3 Boom.lnk
2015-12-07 07:48 - 2015-12-07 07:48 - 00001894 _____ C:\Users\Public\Desktop\Flvto Youtube Downloader.lnk
2015-12-07 07:46 - 2015-12-07 07:48 - 00000000 ____D C:\Program Files (x86)\Flvto Youtube Downloader
2015-12-07 07:45 - 2015-12-07 07:45 - 00689046 _____ (Hotger) C:\Users\AA\Downloads\FYD_Setup.exe
2015-12-07 07:24 - 2015-12-07 07:25 - 00000000 ____D C:\Users\AA\AppData\Roaming\freac
2015-12-07 07:23 - 2015-12-07 07:23 - 00000925 _____ C:\Users\Public\Desktop\freac - free audio converter.lnk
2015-12-07 07:23 - 2015-12-07 07:23 - 00000000 ____D C:\Program Files (x86)\freac
2015-12-07 07:22 - 2015-12-07 07:22 - 07534391 _____ C:\Users\AA\Downloads\freac-1.0.26.exe
2015-12-07 01:28 - 2015-12-07 01:29 - 09269241 _____ C:\Users\AA\Downloads\setup_treedbnotes_4_34_1(3).exe
2015-12-04 13:34 - 2015-12-04 13:34 - 00000000 ____D C:\Program Files (x86)\FFmpeg for Audacity
2015-12-04 13:33 - 2015-12-04 13:34 - 09957947 _____ ( ) C:\Users\AA\Downloads\ffmpeg-win-2.2.2.exe
2015-12-04 13:30 - 2015-12-04 13:30 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2015-12-04 13:29 - 2015-12-04 13:29 - 00527423 _____ ( ) C:\Users\AA\Downloads\Lame_v3.99.3_for_Windows.exe
2015-12-03 08:16 - 2015-12-14 03:47 - 00000000 ____D C:\!!!!!!!!!!newtemp
2015-12-03 04:11 - 2015-12-17 01:57 - 00000905 _____ C:\Users\AA\todolist
2015-12-03 04:11 - 2015-12-17 01:54 - 00000845 _____ C:\Users\AA\todolist.bak1
2015-12-03 04:11 - 2015-12-05 01:01 - 00000845 _____ C:\Users\AA\todolist.bak2
2015-12-03 04:11 - 2015-12-03 04:26 - 00000845 _____ C:\Users\AA\todolist.bak3
2015-12-03 04:11 - 2015-12-03 04:22 - 00000845 _____ C:\Users\AA\todolist.bak4
2015-12-03 04:07 - 2015-12-03 04:07 - 00000000 ____D C:\Program Files (x86)\SimpleTODO
2015-12-03 03:46 - 2015-12-03 04:00 - 12942706 _____ C:\Users\AA\Downloads\SimpleTODO-install.exe
2015-12-03 03:41 - 2015-12-03 03:41 - 00490273 _____ () C:\Users\AA\Downloads\ToDo.exe
2015-12-02 09:54 - 2015-12-02 09:56 - 09269241 _____ C:\Users\AA\Downloads\setup_treedbnotes_4_34_1(2).exe
2015-12-02 03:44 - 2015-12-02 03:48 - 48682895 _____ C:\Users\AA\Downloads\Ackroyd Book Signing Event Mega City Commercial Video in 720p HD High Quality.mp4
2015-11-28 14:17 - 2015-11-28 14:17 - 00000000 ____D C:\Users\AA\AppData\Roaming\MAGIX
2015-11-28 14:16 - 2015-11-28 14:17 - 00000000 ____D C:\ProgramData\MAGIX
2015-11-28 14:16 - 2015-11-28 14:16 - 00000986 _____ C:\Users\Public\Desktop\MAGIX Photo Designer 7.lnk
2015-11-28 14:16 - 2015-11-28 14:16 - 00000000 ____D C:\Users\AA\AppData\Local\MAGIX
2015-11-28 14:16 - 2015-11-28 14:16 - 00000000 ____D C:\Program Files (x86)\MAGIX
2015-11-28 14:11 - 2015-11-28 14:14 - 29560816 _____ (MAGIX AG) C:\Users\AA\Downloads\photo_designer_7_28mb_us.exe
2015-11-27 07:57 - 2015-11-27 07:57 - 00002932 _____ C:\Users\AA\AppData\Local\recently-used.xbel
2015-11-27 05:21 - 2015-11-27 05:28 - 62467304 _____ C:\Users\AA\Downloads\success.wav

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 12:44 - 2010-04-28 11:25 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2015-12-27 12:42 - 2015-02-08 01:37 - 00000000 ____D C:\!!!!!!!!!!!!!temp
2015-12-27 12:37 - 2009-07-13 21:13 - 00778150 _____ C:\Windows\System32\PerfStringBackup.INI
2015-12-27 12:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-27 12:34 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-27 12:34 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-27 12:28 - 2010-06-01 02:54 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AEB95067-AAA2-4F51-84E6-A7F1057E13C1}
2015-12-27 12:27 - 2015-10-24 11:56 - 00000000 ____D C:\ProgramData\MFAData
2015-12-27 12:24 - 2012-11-19 02:40 - 00000000 ____D C:\Users\AA\AppData\Roaming\UK's Kalender
2015-12-27 12:22 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-27 10:58 - 2010-04-28 09:23 - 00000000 ____D C:\SETUPS DL
2015-12-27 00:06 - 2014-11-29 01:49 - 00000000 ____D C:\Users\AA\AppData\Roaming\FileAdvisor
2015-12-26 12:47 - 2010-05-01 05:42 - 00000000 ____D C:\Program Files (x86)\KeyNote
2015-12-26 10:56 - 2012-05-02 10:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-26 06:51 - 2011-01-06 01:12 - 00000000 ____D C:\Users\AA\AppData\Roaming\DVDVideoSoft
2015-12-26 05:39 - 2010-04-30 12:09 - 00000000 ____D C:\Users\AA\AppData\Roaming\FileZilla
2015-12-25 14:02 - 2015-11-24 02:51 - 00000000 ____D C:\Users\AA\AppData\Roaming\Audacity
2015-12-25 12:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-25 09:22 - 2010-05-08 12:09 - 00000000 ____D C:\Users\AA\AppData\Local\Apps\2.0
2015-12-25 09:17 - 2015-10-24 11:57 - 00000000 ____D C:\Users\AA\AppData\Local\AvgSetupLog
2015-12-25 06:55 - 2010-04-28 04:56 - 00000000 ____D C:\users\AA
2015-12-24 20:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-12-22 19:55 - 2010-06-15 11:39 - 00000000 ____D C:\Users\AA\AppData\Local\WMTools Downloaded Files
2015-12-22 19:39 - 2010-06-02 03:04 - 00167424 _____ C:\Users\AA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-22 08:30 - 2015-08-20 12:56 - 00000000 ____D C:\Users\AA\AppData\Roaming\calibre
2015-12-21 02:12 - 2011-05-14 02:36 - 00000000 ____D C:\temp
2015-12-20 17:37 - 2010-01-29 02:27 - 00000000 ____D C:\ProgramData\Temp
2015-12-18 14:38 - 2014-03-02 09:58 - 00000000 ____D C:\Users\AA\Documents\PS Freebie Notes
2015-12-18 02:50 - 2011-08-15 22:51 - 00000000 ____D C:\Users\AA\Documents\My Kindle Content
2015-12-15 03:04 - 2010-11-25 23:39 - 00000000 ____D C:\Program Files (x86)\NoteTab Light
2015-12-13 01:32 - 2013-05-19 04:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-12 01:19 - 2013-05-19 04:26 - 00004450 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-12 01:19 - 2012-05-08 23:02 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-12 01:19 - 2011-06-14 21:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-11 02:00 - 2013-02-10 04:09 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAA
2015-12-11 02:00 - 2013-02-10 04:09 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForAA.job
2015-12-10 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-12-10 04:21 - 2012-01-14 07:18 - 00000000 ____D C:\Users\AA\.freeplane
2015-12-10 02:56 - 2015-10-24 12:31 - 00000902 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-12-10 02:42 - 2015-11-04 12:33 - 00395664 _____ C:\Windows\System32\FNTCACHE.DAT
2015-12-09 12:05 - 2011-01-07 04:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 12:02 - 2012-05-14 02:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 12:02 - 2012-05-14 02:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 11:59 - 2013-07-13 14:04 - 00000000 ____D C:\Windows\System32\MRT
2015-12-09 11:43 - 2010-05-03 09:47 - 140158008 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-12-08 19:39 - 2010-04-30 05:52 - 00301728 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-12-08 07:35 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2015-12-08 06:51 - 2015-11-04 01:44 - 00119384 _____ C:\Users\AA\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-08 01:11 - 2010-05-02 08:15 - 00000000 ____D C:\Users\AA\AppData\Local\CrashDumps
2015-12-08 00:59 - 2014-08-05 17:10 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-12-07 18:56 - 2013-07-15 05:01 - 00000000 ____D C:\Program Files (x86)\share
2015-12-07 17:39 - 2015-03-11 04:39 - 00000000 ____D C:\Users\AA\AppData\Roaming\Flashnote
2015-12-07 09:23 - 2011-04-19 23:57 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2015-12-07 09:12 - 2014-11-28 07:12 - 00000000 ____D C:\Users\AA\AppData\Roaming\Free YouTube to MP3 Converter Studio
2015-12-07 08:18 - 2014-08-09 07:00 - 00000000 ____D C:\ProgramData\Freemake
2015-12-07 08:08 - 2014-08-09 06:59 - 00000000 ____D C:\Program Files (x86)\Freemake
2015-12-07 07:17 - 2010-06-26 10:21 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-12-07 01:31 - 2015-04-17 05:23 - 00001055 _____ C:\Users\AA\Desktop\TreeDBNotes 4.lnk
2015-12-05 09:05 - 2014-10-29 11:10 - 00000000 ____D C:\Users\AA\AppData\Roaming\HandBrake
2015-12-05 08:58 - 2013-06-03 01:16 - 00000000 ____D C:\Users\AA\AppData\Roaming\vlc
2015-12-04 05:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2015-12-03 04:14 - 2014-04-22 14:05 - 00000000 ____D C:\Program Files (x86)\Easy To-Do Lite
2015-12-03 04:14 - 2014-01-25 23:16 - 00000000 ____D C:\Users\AA\AppData\Local\Task List Guru
2015-12-03 04:14 - 2014-01-25 23:05 - 00000000 ____D C:\Users\AA\AppData\Roaming\Peganza
2015-12-03 03:23 - 2014-01-25 23:05 - 00000000 ____D C:\Users\AA\Documents\Easy To-Do
2015-12-02 09:58 - 2015-04-17 05:23 - 00000000 ____D C:\Program Files (x86)\TreeDBNotes 4
2015-11-28 23:44 - 2010-04-28 06:11 - 00000000 ____D C:\Users\AA\AppData\Local\ElevatedDiagnostics
2015-11-28 16:41 - 2014-07-28 02:56 - 00000000 ____D C:\Users\AA\AppData\Roaming\FrmMain
2015-11-27 08:32 - 2014-03-14 09:31 - 00000000 ____D C:\Users\AA\.gimp-2.8

ZeroAccess:
C:\Users\AA\AppData\Local\Application Data

Files to move or delete:
====================
C:\Users\AA\udownload.dat


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-09 02:16] - [2015-11-10 10:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A

C:\Windows\SysWOW64\User32.dll
[2015-12-09 02:16] - [2015-11-10 10:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2015-12-27 12:33

==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 3071.24 MB
Available physical RAM: 2302.37 MB
Total Virtual: 3069.39 MB
Available Virtual: 2293.14 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:286.75 GB) (Free:0.53 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.24 GB) (Free:1.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (MICRO-SD-2G) (Removable) (Total:1.84 GB) (Free:1.83 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1.8 GB) (Disk ID: 0442F885)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06)


LastRegBack: 2015-12-21 03:18

==================== End of FRST.txt ============================

                          ~~ THANK YOU VERY MUCH FOR YOUR HELP ~~


Edited by ally1205, 27 December 2015 - 04:31 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,999 posts
  • MVP
This line looks suspicious:
 
HKU\AA\...\Run: [TrueCrypt] => C:\Program Files (x86)\yoyo\tc.exe.exe [1516496 2013-08-24] (TrueCrypt Foundation)
 
A double .exe and "tc.exe.exe" only has 9 hits on Google and none of the hits speaks of truecrypt.  
 
I'm going to try to get FRST to remove it and  Microsoft Security Essentials which shouldn't be running with AVG at the same time.  FRST also flagged some stuff so Included it too
as well as some deadwood.
 
 
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will hopefully get two logs (Don't know for sure if this works with the USB boot version).  Post them both.
 
Any change in your symptoms?
 
 

  • 0

#3
ally1205

ally1205

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Thank you for your help! I ran your FRST fix from within extended boot options, but the symptoms still remain exactly as before. I have posted the log below. I don't suppose my symptoms could be anything to do with available HDD space could it? I have only 4gb of free space on my 350gb HDD. I'm wondering if some of these system utilities need more that 4gb to create temp files or whatever in order to run.  Anyway, here is the new log:

 

+++++++++++++++++++++++++++++++++++++++++++++

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-12-2015
Ran by SYSTEM (2015-12-28 13:54:52) Run:1
Running from h:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-29] (Microsoft Corporation)
HKU\AA\...\Run: [TrueCrypt] => C:\Program Files (x86)\yoyo\tc.exe.exe [1516496 2013-08-24] (TrueCrypt Foundation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-29] (Microsoft Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-10-30] (wisecleaner.com)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
C:\Users\AA\AppData\Local\Application Data
C:\Users\AA\udownload.dat
EmptyTemp:





*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => value removed successfully
HKU\AA\Software\Microsoft\Windows\CurrentVersion\Run\\TrueCrypt => value removed successfully
MsMpSvc => service removed successfully
NisSrv => service removed successfully
MpFilter => service removed successfully
WiseHDInfo => service removed successfully
PCDSRVC{F36B3A4C-F95654BD-06000000}_0 => service removed successfully
VBoxNetFlt => service removed successfully
Symbolic link found: "C:\Users\AA\AppData\Local\Application Data" => "C:\Users\AA\AppData\Local"
"C:\Users\AA\AppData\Local\Application Data" => Symbolic link removed successfully
C:\Users\AA\AppData\Local\Application Data => moved successfully
C:\Users\AA\udownload.dat => moved successfully
EmptyTemp: => Error: This directive works only outside recovery mode.

==== End of Fixlog 13:54:54 ====


Edited by ally1205, 28 December 2015 - 09:00 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,999 posts
  • MVP

Can you run another FRST scan log?

 

4 gb is definitely not enough.

 

 

 
You can  try a Disk Cleanup:
 
 
I don't like to let it compress files to save space.  Tends to break things
 
If that won't work then:
 

You can Delete any files you find in the Temp folders.  (If they are in use they won't let you delete them so go on to the other files.)  The main temp folder is c:\Users\AA\AppData\Local\Temp

 

There is another one in C:\Windows\Temp

These are system hidden files so you probably need to see:

 

Open the Control Panel menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button
 
Then Empty the Recycle Bin.
 
 

  • 0

#5
ally1205

ally1205

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Okay, I now have almost 8gb of free space on my HDD after deleting a lot of stuff. The issues remain though. I tried to check my C: drive per your response to my older thread on this issue, but the Windows disc-checking application freezes (a symptom of the faults I'm experiencing, I guess). Perhaps I can run it from the command prompt in extended boot options (F8), can I?  Below is the new FRST64 log which was generated a moment ago

:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by SYSTEM on MININT-N88S8ET (28-12-2015 19:17:00)
Running from h:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files\Cobian Backup 11\Cobian.exe [720896 2013-03-07] (Luis Cobian, CobianSoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\AA\...\Run: [Kalender] => C:\Program Files (x86)\Kalender\Kalender.exe [933888 2010-08-22] (Ulrich Krebs)
HKU\AA\...\Run: [EPSON Stylus DX7400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE [213504 2007-04-11] (SEIKO EPSON CORPORATION)
HKU\AA\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\AA\...\Policies\system: [DisableLockWorkstation] 0
HKU\AA\...\Policies\system: [DisableChangePassword] 0
HKU\AA\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\AA\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ABSTRA~1.SCR
HKU\Default\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
S3 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
S2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)
S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [382312 2015-11-27] (Digital Wave Ltd.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S4 KMWDSERVICE; C:\Program Files (x86)\Multimedia Keyboard Driver\V5\KMWDSrv.exe [2179072 2007-05-08] (UASSOFT.COM)
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 3D Reader\crash-handler-ws.exe [784152 2015-03-06] (LULU SOFTWARE LIMITED)
S3 LxrSII1s; C:\Windows\SysWOW64\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office 2003\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-30] (Realtek Semiconductor)
S3 Soda PDF 3D Reader; C:\Program Files (x86)\Soda PDF 3D Reader\ws.exe [1860888 2015-03-06] (LULU SOFTWARE LIMITED)
S2 Soda PDF 3D Reader Creator; C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe [623384 2015-03-06] (LULU SOFTWARE LIMITED)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\SystemExplorerService64.exe [712520 2011-09-22] (Mister Group)
S2 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [265928 2011-08-14] (SpeedBit Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF9035BDA; C:\Windows\System32\Drivers\AF9035BDA.sys [488832 2009-05-22] (AfaTech                  )
S0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-25] ()
S2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-25] ()
S2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-25] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-07] (AVG Technologies CZ, s.r.o.)
S3 cpuz136; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [25320 2013-08-24] (CPUID)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 FreeOTFE; C:\Windows\System32\FreeOTFE.sys [38512 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherAES_ltc; C:\Windows\System32\FreeOTFECypherAES_ltc.sys [50800 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherBlowfish; C:\Windows\System32\FreeOTFECypherBlowfish.sys [27760 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherCAST5; C:\Windows\System32\FreeOTFECypherCAST5.sys [34928 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherCAST6_Gladman; C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys [34928 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherDES; C:\Windows\System32\FreeOTFECypherDES.sys [60016 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherMARS_Gladman; C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys [30832 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherRC6_ltc; C:\Windows\System32\FreeOTFECypherRC6_ltc.sys [29296 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherSerpent_Gladman; C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys [35952 2010-02-07] (Sarah Dean)
S1 FreeOTFECypherTwofish_ltc; C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys [35440 2010-02-07] (Sarah Dean)
S1 FreeOTFEHashMD; C:\Windows\System32\FreeOTFEHashMD.sys [22640 2010-02-07] (Sarah Dean)
S1 FreeOTFEHashRIPEMD; C:\Windows\System32\FreeOTFEHashRIPEMD.sys [38512 2010-02-07] (Sarah Dean)
S1 FreeOTFEHashSHA; C:\Windows\System32\FreeOTFEHashSHA.sys [29296 2010-02-07] (Sarah Dean)
S1 FreeOTFEHashTiger; C:\Windows\System32\FreeOTFEHashTiger.sys [26224 2010-02-07] (Sarah Dean)
S1 FreeOTFEHashWhirlpool; C:\Windows\System32\FreeOTFEHashWhirlpool.sys [34928 2010-02-07] (Sarah Dean)
S1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20672 2014-10-17] (Glarysoft Ltd)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-30] (REALiX™)
S2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63064 2009-12-30] (Lexar Media, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
S3 MxCamKsFilter; C:\Windows\System32\DRIVERS\MxCamUFilterDrv.sys [14752 2011-07-21] (GorMedia, Inc.)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [626720 2013-04-14] (Realtek Semiconductor Corporation                           )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-11-18] (Duplex Secure Ltd.)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198784 2009-05-25] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 20:58 - 2015-12-28 19:17 - 00000000 ____D C:\FRST
2015-12-27 15:51 - 2015-12-27 15:51 - 00000890 _____ C:\Users\AA\Downloads\fixlist.txt
2015-12-27 12:32 - 2015-12-27 12:34 - 02370560 _____ (Farbar) C:\Users\AA\Downloads\FRST64(1).exe
2015-12-27 00:14 - 2015-12-27 00:47 - 282128384 _____ C:\Users\AA\Downloads\kav_rescue_10.iso
2015-12-26 15:21 - 2015-12-26 15:25 - 00000000 ____D C:\RescueCD Logs
2015-12-26 11:23 - 2015-12-26 12:13 - 658247680 _____ C:\Users\AA\Downloads\rescue-system.iso
2015-12-26 06:23 - 2015-12-26 06:37 - 181379072 _____ C:\Users\AA\Downloads\avg_arl_cdi_all_120_150814a10442.iso
2015-12-26 05:14 - 2015-12-26 05:16 - 21102368 _____ (Tweaking.com) C:\Users\AA\Downloads\tweaking.com_windows_repair_aio_setup(1).exe
2015-12-26 05:08 - 2015-12-26 06:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox-18bb
2015-12-25 10:09 - 2015-12-25 10:09 - 02370560 _____ (Farbar) C:\Users\AA\Downloads\FRST64.exe
2015-12-25 10:09 - 2015-12-25 10:09 - 02370560 _____ (Farbar) C:\Users\AA\Desktop\FRST64.exe
2015-12-25 09:54 - 2015-12-25 11:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-12-25 09:35 - 2015-12-25 09:36 - 00000000 ____D C:\Program Files\MS-fixit
2015-12-25 09:16 - 2015-12-25 09:16 - 02970424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\AA\Downloads\AVG_PCTuneUp_877.exe
2015-12-25 09:10 - 2015-12-25 09:10 - 00450352 _____ (Microsoft Corporation) C:\Users\AA\Downloads\FixitCenter_Run.exe
2015-12-25 06:57 - 2015-12-25 06:57 - 00000000 ____D C:\Users\AA\AppData\Local\WinZip
2015-12-25 06:55 - 2015-12-25 06:55 - 00002211 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-12-25 06:54 - 2015-12-25 06:56 - 00000000 ____D C:\ProgramData\WinZip
2015-12-25 06:53 - 2015-12-25 06:54 - 00000000 ____D C:\Program Files\WinZip
2015-12-25 05:43 - 2015-12-25 06:39 - 704116294 _____ C:\Users\AA\Downloads\FalconFour's Ultimate Boot CD v4.61.7z
2015-12-25 00:45 - 2015-12-25 00:45 - 00347816 _____ (Microsoft Corporation) C:\Users\AA\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run(1).exe
2015-12-25 00:42 - 2015-12-25 00:42 - 00347816 _____ (Microsoft Corporation) C:\Users\AA\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2015-12-24 10:30 - 2015-12-24 10:31 - 15262808 _____ C:\Users\AA\Downloads\gu5setup(3).exe
2015-12-23 12:57 - 2015-12-25 09:26 - 00577480 _____ C:\Windows\ntbtlog.txt
2015-12-23 11:34 - 2015-12-23 11:35 - 07616070 _____ (WindowsDoctor International LLC ) C:\Users\AA\Downloads\windowsdoctor2800.exe
2015-12-23 02:57 - 2015-12-23 02:57 - 00056982 _____ C:\Users\AA\Downloads\DeEsser(3).ny
2015-12-23 02:23 - 2015-12-23 02:23 - 00056982 _____ C:\Users\AA\Downloads\DeEsser(2).ny
2015-12-22 17:15 - 2015-12-22 17:15 - 00056982 _____ C:\Users\AA\Downloads\DeEsser(1).ny
2015-12-22 16:10 - 2015-12-22 16:10 - 00056982 _____ C:\Users\AA\Downloads\DeEsser.ny
2015-12-22 08:30 - 2015-12-22 08:30 - 00000000 ____D C:\Users\AA\AppData\Local\calibre-cache
2015-12-22 05:38 - 2015-12-22 15:45 - 00000000 ____D C:\Users\AA\Documents\Calibre Library
2015-12-22 05:38 - 2015-12-22 05:38 - 00000926 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-12-22 05:37 - 2015-12-22 05:38 - 00000000 ____D C:\Program Files (x86)\Calibre2
2015-12-22 05:25 - 2015-12-22 05:29 - 66629632 _____ C:\Users\AA\Downloads\calibre-2.47.0.msi
2015-12-15 02:40 - 2015-12-15 02:46 - 64815104 _____ C:\Users\AA\Downloads\wetransfer-7de351.zip
2015-12-11 11:37 - 2015-12-11 11:38 - 14130728 _____ C:\Users\AA\Downloads\Nissan Tino.pdf
2015-12-10 03:42 - 2015-12-10 03:42 - 00000830 _____ C:\Users\Public\Desktop\Freeplane.lnk
2015-12-10 03:42 - 2015-12-10 03:42 - 00000000 ____D C:\Users\AA\AppData\Roaming\Freeplane
2015-12-10 03:42 - 2015-12-10 03:42 - 00000000 ____D C:\Program Files\Freeplane
2015-12-10 03:20 - 2015-12-10 03:24 - 24430312 _____ (Open source ) C:\Users\AA\Downloads\Freeplane-Setup-1.3.15.exe
2015-12-09 02:19 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-12-09 02:19 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 02:19 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-12-09 02:19 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 02:19 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 02:19 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 02:19 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 02:19 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-12-09 02:19 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 02:19 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 02:19 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 02:19 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 02:19 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 02:19 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 02:19 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 02:19 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 02:19 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 02:19 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 02:19 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 02:19 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 02:19 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 02:19 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 02:19 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 02:19 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 02:19 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 02:19 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 02:19 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 02:19 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 02:19 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 02:19 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 02:19 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 02:19 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 02:19 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 02:19 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-12-09 02:19 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-12-09 02:19 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-12-09 02:19 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-12-09 02:19 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-12-09 02:19 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-12-09 02:19 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-12-09 02:19 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-12-09 02:19 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-12-09 02:19 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-12-09 02:19 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-12-09 02:19 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-12-09 02:19 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-12-09 02:19 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-12-09 02:19 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-12-09 02:19 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-12-09 02:19 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-12-09 02:19 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-12-09 02:19 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-12-09 02:19 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-12-09 02:19 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-12-09 02:19 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2015-12-09 02:19 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-12-09 02:19 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-12-09 02:19 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-12-09 02:19 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-12-09 02:19 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-12-09 02:19 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-12-09 02:19 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-12-09 02:19 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-12-09 02:19 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-12-09 02:16 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-12-09 02:16 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-12-09 02:16 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-12-09 02:16 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 02:16 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 02:16 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 02:16 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 02:16 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 02:16 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\System32\comsvcs.dll
2015-12-09 02:16 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\System32\catsrvut.dll
2015-12-09 02:16 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 02:16 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 02:16 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-12-09 02:16 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-12-09 02:16 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2015-12-09 02:16 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 02:16 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 02:16 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-12-09 02:16 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wshrm.dll
2015-12-09 02:16 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 02:16 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2015-12-09 02:16 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2015-12-09 02:16 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 02:11 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\System32\els.dll
2015-12-09 02:11 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 09:45 - 2015-12-08 09:47 - 22546667 _____ (SSuite Office Software{TM} ) C:\Users\AA\Downloads\NF8xMTM1MzE3NzVf
2015-12-08 02:45 - 2015-12-08 02:45 - 00286949 _____ C:\Users\AA\Downloads\Noteliner363b.zip
2015-12-08 02:45 - 2015-12-08 02:45 - 00000000 ___HD C:\Users\AA\Downloads\.ptmp530141
2015-12-08 01:23 - 2015-12-08 01:23 - 00000000 ____D C:\Users\AA\AppData\Roaming\OpenOffice
2015-12-07 18:23 - 2015-12-07 18:36 - 133575912 _____ C:\Users\AA\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-GB.exe
2015-12-07 18:11 - 2015-12-07 18:11 - 00000954 _____ C:\Users\Public\Desktop\UV Outliner.lnk
2015-12-07 18:11 - 2015-12-07 18:11 - 00000000 ____D C:\Program Files (x86)\UV Outliner
2015-12-07 18:10 - 2015-12-07 18:10 - 01474088 _____ (Fedir Nepyivoda ) C:\Users\AA\Downloads\uvoutliner-setup-2.4.1.exe
2015-12-07 17:59 - 2015-12-07 17:59 - 00000907 _____ C:\Users\AA\Desktop\Ume Outliner Preview Edition.lnk
2015-12-07 17:54 - 2015-12-07 17:54 - 00000000 ____D C:\Program Files (x86)\UmeOutliner
2015-12-07 17:53 - 2015-12-07 17:53 - 00384536 _____ (Shayne Kasai ) C:\Users\AA\Downloads\ume-setup-pre1.1(1).exe
2015-12-07 09:23 - 2015-12-07 09:23 - 00001360 _____ C:\Users\Public\Desktop\Free YouTube To MP3 Converter.lnk
2015-12-07 09:23 - 2015-12-07 09:23 - 00001203 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-12-07 09:22 - 2015-12-07 09:23 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-12-07 09:16 - 2015-12-07 09:21 - 39145112 _____ (DVDVideoSoft Ltd. ) C:\Users\AA\Downloads\FreeYouTubeToMP3Converter(1).exe
2015-12-07 08:18 - 2015-12-07 08:18 - 00000000 ____D C:\Users\AA\AppData\Roaming\YoutubeToMp3Converter
2015-12-07 08:08 - 2015-12-07 08:08 - 00001250 _____ C:\Users\Public\Desktop\Freemake YouTube To MP3 Boom.lnk
2015-12-07 07:48 - 2015-12-07 07:48 - 00001894 _____ C:\Users\Public\Desktop\Flvto Youtube Downloader.lnk
2015-12-07 07:46 - 2015-12-07 07:48 - 00000000 ____D C:\Program Files (x86)\Flvto Youtube Downloader
2015-12-07 07:45 - 2015-12-07 07:45 - 00689046 _____ (Hotger) C:\Users\AA\Downloads\FYD_Setup.exe
2015-12-07 07:24 - 2015-12-07 07:25 - 00000000 ____D C:\Users\AA\AppData\Roaming\freac
2015-12-07 07:23 - 2015-12-07 07:23 - 00000925 _____ C:\Users\Public\Desktop\freac - free audio converter.lnk
2015-12-07 07:23 - 2015-12-07 07:23 - 00000000 ____D C:\Program Files (x86)\freac
2015-12-07 07:22 - 2015-12-07 07:22 - 07534391 _____ C:\Users\AA\Downloads\freac-1.0.26.exe
2015-12-07 01:28 - 2015-12-07 01:29 - 09269241 _____ C:\Users\AA\Downloads\setup_treedbnotes_4_34_1(3).exe
2015-12-04 13:34 - 2015-12-04 13:34 - 00000000 ____D C:\Program Files (x86)\FFmpeg for Audacity
2015-12-04 13:33 - 2015-12-04 13:34 - 09957947 _____ ( ) C:\Users\AA\Downloads\ffmpeg-win-2.2.2.exe
2015-12-04 13:30 - 2015-12-04 13:30 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2015-12-04 13:29 - 2015-12-04 13:29 - 00527423 _____ ( ) C:\Users\AA\Downloads\Lame_v3.99.3_for_Windows.exe
2015-12-03 08:16 - 2015-12-14 03:47 - 00000000 ____D C:\!!!!!!!!!!newtemp
2015-12-03 04:11 - 2015-12-17 01:57 - 00000905 _____ C:\Users\AA\todolist
2015-12-03 04:11 - 2015-12-17 01:54 - 00000845 _____ C:\Users\AA\todolist.bak1
2015-12-03 04:11 - 2015-12-05 01:01 - 00000845 _____ C:\Users\AA\todolist.bak2
2015-12-03 04:11 - 2015-12-03 04:26 - 00000845 _____ C:\Users\AA\todolist.bak3
2015-12-03 04:11 - 2015-12-03 04:22 - 00000845 _____ C:\Users\AA\todolist.bak4
2015-12-03 04:07 - 2015-12-03 04:07 - 00000000 ____D C:\Program Files (x86)\SimpleTODO
2015-12-03 03:46 - 2015-12-03 04:00 - 12942706 _____ C:\Users\AA\Downloads\SimpleTODO-install.exe
2015-12-03 03:41 - 2015-12-03 03:41 - 00490273 _____ () C:\Users\AA\Downloads\ToDo.exe
2015-12-02 09:54 - 2015-12-02 09:56 - 09269241 _____ C:\Users\AA\Downloads\setup_treedbnotes_4_34_1(2).exe
2015-12-02 03:44 - 2015-12-02 03:48 - 48682895 _____ C:\Users\AA\Downloads\Ackroyd Book Signing Event Mega City Commercial Video in 720p HD High Quality.mp4
2015-11-28 14:17 - 2015-11-28 14:17 - 00000000 ____D C:\Users\AA\AppData\Roaming\MAGIX
2015-11-28 14:16 - 2015-11-28 14:17 - 00000000 ____D C:\ProgramData\MAGIX
2015-11-28 14:16 - 2015-11-28 14:16 - 00000986 _____ C:\Users\Public\Desktop\MAGIX Photo Designer 7.lnk
2015-11-28 14:16 - 2015-11-28 14:16 - 00000000 ____D C:\Users\AA\AppData\Local\MAGIX
2015-11-28 14:16 - 2015-11-28 14:16 - 00000000 ____D C:\Program Files (x86)\MAGIX
2015-11-28 14:11 - 2015-11-28 14:14 - 29560816 _____ (MAGIX AG) C:\Users\AA\Downloads\photo_designer_7_28mb_us.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 13:54 - 2010-04-28 04:56 - 00000000 ____D C:\users\AA
2015-12-28 11:06 - 2010-06-01 02:54 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AEB95067-AAA2-4F51-84E6-A7F1057E13C1}
2015-12-28 10:25 - 2010-05-08 12:09 - 00000000 ____D C:\Users\AA\AppData\Local\Apps\2.0
2015-12-28 06:06 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-28 06:06 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-28 06:03 - 2014-10-29 11:10 - 00000000 ____D C:\Users\AA\AppData\Roaming\HandBrake
2015-12-28 05:56 - 2010-04-28 11:25 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2015-12-28 05:56 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-28 05:45 - 2015-02-08 01:37 - 00000000 ____D C:\!!!!!!!!!!!!!temp
2015-12-28 02:08 - 2014-11-29 01:49 - 00000000 ____D C:\Users\AA\AppData\Roaming\FileAdvisor
2015-12-28 02:03 - 2015-10-24 11:56 - 00000000 ____D C:\ProgramData\MFAData
2015-12-28 02:03 - 2012-11-19 02:40 - 00000000 ____D C:\Users\AA\AppData\Roaming\UK's Kalender
2015-12-27 16:09 - 2010-05-01 05:42 - 00000000 ____D C:\Program Files (x86)\KeyNote
2015-12-27 14:50 - 2009-07-13 21:13 - 00778150 _____ C:\Windows\System32\PerfStringBackup.INI
2015-12-27 14:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-27 13:10 - 2015-11-24 02:51 - 00000000 ____D C:\Users\AA\AppData\Roaming\Audacity
2015-12-27 10:58 - 2010-04-28 09:23 - 00000000 ____D C:\SETUPS DL
2015-12-26 10:56 - 2012-05-02 10:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-26 06:51 - 2011-01-06 01:12 - 00000000 ____D C:\Users\AA\AppData\Roaming\DVDVideoSoft
2015-12-26 05:39 - 2010-04-30 12:09 - 00000000 ____D C:\Users\AA\AppData\Roaming\FileZilla
2015-12-25 12:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-25 09:17 - 2015-10-24 11:57 - 00000000 ____D C:\Users\AA\AppData\Local\AvgSetupLog
2015-12-24 20:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-12-22 19:55 - 2010-06-15 11:39 - 00000000 ____D C:\Users\AA\AppData\Local\WMTools Downloaded Files
2015-12-22 19:39 - 2010-06-02 03:04 - 00167424 _____ C:\Users\AA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-22 08:30 - 2015-08-20 12:56 - 00000000 ____D C:\Users\AA\AppData\Roaming\calibre
2015-12-21 02:12 - 2011-05-14 02:36 - 00000000 ____D C:\temp
2015-12-20 17:37 - 2010-01-29 02:27 - 00000000 ____D C:\ProgramData\Temp
2015-12-18 14:38 - 2014-03-02 09:58 - 00000000 ____D C:\Users\AA\Documents\PS Freebie Notes
2015-12-18 02:50 - 2011-08-15 22:51 - 00000000 ____D C:\Users\AA\Documents\My Kindle Content
2015-12-15 03:04 - 2010-11-25 23:39 - 00000000 ____D C:\Program Files (x86)\NoteTab Light
2015-12-13 01:32 - 2013-05-19 04:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-12 01:19 - 2013-05-19 04:26 - 00004450 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-12 01:19 - 2012-05-08 23:02 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-12 01:19 - 2011-06-14 21:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-11 02:00 - 2013-02-10 04:09 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAA
2015-12-11 02:00 - 2013-02-10 04:09 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForAA.job
2015-12-10 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-12-10 04:21 - 2012-01-14 07:18 - 00000000 ____D C:\Users\AA\.freeplane
2015-12-10 02:56 - 2015-10-24 12:31 - 00000902 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-12-10 02:42 - 2015-11-04 12:33 - 00395664 _____ C:\Windows\System32\FNTCACHE.DAT
2015-12-09 12:05 - 2011-01-07 04:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 12:02 - 2012-05-14 02:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 12:02 - 2012-05-14 02:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 11:59 - 2013-07-13 14:04 - 00000000 ____D C:\Windows\System32\MRT
2015-12-09 11:43 - 2010-05-03 09:47 - 140158008 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-12-08 19:39 - 2010-04-30 05:52 - 00301728 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-12-08 07:35 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2015-12-08 06:51 - 2015-11-04 01:44 - 00119384 _____ C:\Users\AA\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-08 01:11 - 2010-05-02 08:15 - 00000000 ____D C:\Users\AA\AppData\Local\CrashDumps
2015-12-08 00:59 - 2014-08-05 17:10 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-12-07 18:56 - 2013-07-15 05:01 - 00000000 ____D C:\Program Files (x86)\share
2015-12-07 17:39 - 2015-03-11 04:39 - 00000000 ____D C:\Users\AA\AppData\Roaming\Flashnote
2015-12-07 09:23 - 2011-04-19 23:57 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2015-12-07 09:12 - 2014-11-28 07:12 - 00000000 ____D C:\Users\AA\AppData\Roaming\Free YouTube to MP3 Converter Studio
2015-12-07 08:18 - 2014-08-09 07:00 - 00000000 ____D C:\ProgramData\Freemake
2015-12-07 08:08 - 2014-08-09 06:59 - 00000000 ____D C:\Program Files (x86)\Freemake
2015-12-07 07:17 - 2010-06-26 10:21 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-12-07 01:31 - 2015-04-17 05:23 - 00001055 _____ C:\Users\AA\Desktop\TreeDBNotes 4.lnk
2015-12-05 08:58 - 2013-06-03 01:16 - 00000000 ____D C:\Users\AA\AppData\Roaming\vlc
2015-12-04 05:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2015-12-03 04:14 - 2014-04-22 14:05 - 00000000 ____D C:\Program Files (x86)\Easy To-Do Lite
2015-12-03 04:14 - 2014-01-25 23:16 - 00000000 ____D C:\Users\AA\AppData\Local\Task List Guru
2015-12-03 04:14 - 2014-01-25 23:05 - 00000000 ____D C:\Users\AA\AppData\Roaming\Peganza
2015-12-03 03:23 - 2014-01-25 23:05 - 00000000 ____D C:\Users\AA\Documents\Easy To-Do
2015-12-02 09:58 - 2015-04-17 05:23 - 00000000 ____D C:\Program Files (x86)\TreeDBNotes 4
2015-11-28 23:44 - 2010-04-28 06:11 - 00000000 ____D C:\Users\AA\AppData\Local\ElevatedDiagnostics
2015-11-28 16:41 - 2014-07-28 02:56 - 00000000 ____D C:\Users\AA\AppData\Roaming\FrmMain

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-09 02:16] - [2015-11-10 10:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A

C:\Windows\SysWOW64\User32.dll
[2015-12-09 02:16] - [2015-11-10 10:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 3071.24 MB
Available physical RAM: 2299.41 MB
Total Virtual: 3069.39 MB
Available Virtual: 2290.36 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:286.75 GB) (Free:7.33 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.24 GB) (Free:1.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (MICRO-SD-2G) (Removable) (Total:1.84 GB) (Free:1.83 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1.8 GB) (Disk ID: 0442F885)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06)


LastRegBack: 2015-12-21 03:18

==================== End of FRST.txt ============================


Edited by ally1205, 28 December 2015 - 01:35 PM.

  • 0






Similar Topics


Also tagged with one or more of these keywords: Windows 7, infected

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP