TechSpot

Not sure if infected but some programs running slowly

By SmokeyMcNasty
Jun 10, 2016
  1. Just this afternoon noticed some programs responding slowly, I ran all scans to no avail (jrt, adware removal, malware bytes, avast, sophos, tfc) and still no results. I tried to do a restore to just a few days ago when had no porblems but got an error msg saying couldnt restore. I chose different date and same msg. Posted below are the logs required.
     
  2. SmokeyMcNasty

    SmokeyMcNasty TS Enthusiast Topic Starter Posts: 53

    Can result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-06-2016
    Ran by admin (administrator) on MYDESKTOP (10-06-2016 16:39:06)
    Running from C:\Users\admin\Desktop
    Loaded Profiles: admin (Available Profiles: admin)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Spotify Ltd) C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Akamai Technologies, Inc.) C:\Users\admin\AppData\Local\Akamai\netsession_win.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Akamai Technologies, Inc.) C:\Users\admin\AppData\Local\Akamai\netsession_win.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2015-06-02] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-04-09] (NVIDIA Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-09] (Intel Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-10] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597016 2016-03-31] (Oracle Corporation)
    HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-19] (Spotify Ltd)
    HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\Run: [Akamai NetSession Interface] => C:\Users\admin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-3943417612-1818929072-5295417-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-04] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{A4F7A4BE-067A-4DC9-96F4-E37B8E9DEB6B}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?ilc=8
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3943417612-1818929072-5295417-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3943417612-1818929072-5295417-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-05-04] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-04] (AVAST Software)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-04] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-04] (AVAST Software)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

    FireFox:
    ========
    FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qr44xpuw.default
    FF NewTab: about:newtab
    FF DefaultSearchEngine: Yahoo! (Avast)
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF Homepage: hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-22] ()
    FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-04] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-04] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-22] ()
    FF Plugin-x32: @gentek.com/thinclient -> C:\Users\admin\AppData\Roaming\C2ray\npthinclient.dll [2013-12-05] (Generic Network)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-09] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-09] (NVIDIA Corporation)
    FF Plugin HKU\S-1-5-21-3943417612-1818929072-5295417-1000: @gentek.com/thinclient -> C:\Users\admin\AppData\Roaming\C2ray\npthinclient.dll [2013-12-05] (Generic Network)
    FF Plugin HKU\S-1-5-21-3943417612-1818929072-5295417-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-21] (Unity Technologies ApS)
    FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qr44xpuw.default\searchplugins\yahoo-avast.xml [2015-10-09]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-10]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-10]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

    Chrome:
    =======
    CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-12-09] ()
    S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-12-09] (ASUSTeK Computer Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-04] (AVAST Software)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-04-09] (NVIDIA Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-04-09] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-04-09] (NVIDIA Corporation)
    R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
    S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
    R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [36352 2015-09-04] ()
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-12-09] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-04] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-04] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-04] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-04] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-04] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-04] (AVAST Software)
    S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-03-03] (The OpenVPN Project)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-04] (AVAST Software)
    S3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2746624 2010-07-14] (Hewlett-Packard)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-12] (REALiX(tm))
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-03-12] (Intel Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-04-09] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
    R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-04-28] (The OpenVPN Project)
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-02] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-10 16:39 - 2016-06-10 16:39 - 00015519 _____ C:\Users\admin\Desktop\FRST.txt
    2016-06-10 16:37 - 2016-06-10 16:39 - 00000000 ____D C:\FRST
    2016-06-10 16:36 - 2016-06-10 16:37 - 02385408 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
    2016-06-10 11:34 - 2016-06-10 11:34 - 00001928 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-06-10 11:34 - 2016-06-10 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2016-06-10 11:32 - 2016-05-04 12:18 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-06-10 11:18 - 2016-06-10 11:18 - 03677248 _____ C:\Users\admin\Desktop\adwcleaner_5.119.exe
    2016-06-10 10:10 - 2016-06-10 10:10 - 00000000 ____D C:\ProgramData\ProductData
    2016-06-04 15:37 - 2016-06-10 11:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-05-26 20:26 - 2016-05-26 20:26 - 00389841 _____ C:\Users\admin\Downloads\Map to Revenue Valley Sdn Bhd.pdf
    2016-05-23 11:58 - 2016-05-23 12:36 - 00066962 _____ C:\Windows\ntbtlog.txt
    2016-05-22 21:18 - 2016-06-10 11:08 - 00000000 ____D C:\Users\admin\AppData\Roaming\ProductData
    2016-05-22 20:24 - 2016-05-22 20:24 - 00377160 _____ C:\Windows\Minidump\052216-21840-01.dmp
    2016-05-11 17:00 - 2016-05-11 17:00 - 00327888 _____ C:\Windows\Minidump\051116-21964-01.dmp
    2016-05-11 05:42 - 2016-04-09 14:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-05-11 05:42 - 2016-04-09 14:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-05-11 05:42 - 2016-04-09 13:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-05-11 05:41 - 2016-04-14 21:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2016-05-11 05:41 - 2016-04-14 21:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2016-05-11 05:41 - 2016-04-09 15:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2016-05-11 05:41 - 2016-04-09 15:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2016-05-11 05:41 - 2016-04-09 14:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-05-11 05:41 - 2016-04-09 14:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2016-05-11 05:41 - 2016-04-09 14:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-05-11 05:41 - 2016-04-06 23:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2016-05-11 05:41 - 2016-03-10 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2016-05-11 05:41 - 2016-03-10 02:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2016-05-11 05:40 - 2016-04-24 01:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-05-11 05:40 - 2016-04-24 00:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-05-11 05:40 - 2016-04-23 13:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-05-11 05:40 - 2016-04-23 13:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-05-11 05:40 - 2016-04-23 13:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-05-11 05:40 - 2016-04-23 13:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-05-11 05:40 - 2016-04-23 13:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-05-11 05:40 - 2016-04-23 13:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-05-11 05:40 - 2016-04-23 13:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-05-11 05:40 - 2016-04-23 13:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-05-11 05:40 - 2016-04-23 13:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-05-11 05:40 - 2016-04-23 12:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-05-11 05:40 - 2016-04-23 12:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-05-11 05:40 - 2016-04-23 12:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-05-11 05:40 - 2016-04-23 12:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-05-11 05:40 - 2016-04-23 12:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-05-11 05:40 - 2016-04-23 12:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-05-11 05:40 - 2016-04-23 12:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-05-11 05:40 - 2016-04-23 12:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-05-11 05:40 - 2016-04-23 12:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-05-11 05:40 - 2016-04-23 12:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-05-11 05:40 - 2016-04-23 12:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-05-11 05:40 - 2016-04-23 12:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-05-11 05:40 - 2016-04-23 12:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-05-11 05:40 - 2016-04-23 12:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-05-11 05:40 - 2016-04-23 12:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-05-11 05:40 - 2016-04-23 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-05-11 05:40 - 2016-04-23 12:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-05-11 05:40 - 2016-04-23 12:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-05-11 05:40 - 2016-04-23 12:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-05-11 05:40 - 2016-04-23 12:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-05-11 05:40 - 2016-04-23 12:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-05-11 05:40 - 2016-04-23 12:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-05-11 05:40 - 2016-04-23 12:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-05-11 05:40 - 2016-04-23 12:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-05-11 05:40 - 2016-04-23 12:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-05-11 05:40 - 2016-04-23 12:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-05-11 05:40 - 2016-04-23 12:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-05-11 05:40 - 2016-04-23 12:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-05-11 05:40 - 2016-04-23 12:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-05-11 05:40 - 2016-04-23 12:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-05-11 05:40 - 2016-04-23 12:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-05-11 05:40 - 2016-04-23 12:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-05-11 05:40 - 2016-04-23 11:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-05-11 05:40 - 2016-04-23 11:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-05-11 05:40 - 2016-04-23 11:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-05-11 05:40 - 2016-04-23 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-05-11 05:40 - 2016-04-23 11:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-05-11 05:40 - 2016-04-23 11:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-05-11 05:40 - 2016-04-23 11:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-05-11 05:40 - 2016-04-23 11:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-05-11 05:40 - 2016-04-23 11:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-05-11 05:40 - 2016-04-23 11:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-05-11 05:40 - 2016-04-23 11:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-05-11 05:40 - 2016-04-23 11:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-05-11 05:40 - 2016-04-23 11:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-05-11 05:40 - 2016-04-23 11:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-05-11 05:40 - 2016-04-23 11:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-05-11 05:40 - 2016-04-23 11:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-05-11 05:40 - 2016-04-23 11:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-05-11 05:40 - 2016-04-23 11:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-05-11 05:40 - 2016-04-23 11:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-05-11 05:40 - 2016-04-23 11:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-05-11 05:40 - 2016-04-23 11:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-05-11 05:40 - 2016-04-23 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-05-11 05:40 - 2016-04-23 11:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-05-11 05:38 - 2016-04-09 15:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-05-11 05:38 - 2016-04-09 15:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-05-11 05:38 - 2016-04-09 15:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
     
  3. SmokeyMcNasty

    SmokeyMcNasty TS Enthusiast Topic Starter Posts: 53

    2016-05-11 05:38 - 2016-04-09 15:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-05-11 05:38 - 2016-04-09 14:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-05-11 05:38 - 2016-04-09 14:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-05-11 05:38 - 2016-04-09 14:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-05-11 05:38 - 2016-04-09 14:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 14:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 13:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-05-11 05:38 - 2016-04-09 13:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-05-11 05:38 - 2016-04-09 13:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-05-11 05:38 - 2016-04-09 13:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-05-11 05:38 - 2016-04-09 13:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-05-11 05:38 - 2016-04-09 13:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-05-11 05:38 - 2016-04-09 13:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-05-11 05:38 - 2016-04-09 13:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-05-11 05:38 - 2016-04-09 13:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-05-11 05:38 - 2016-04-09 13:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-05-11 05:38 - 2016-04-09 13:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-05-11 05:38 - 2016-04-09 13:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-05-11 05:38 - 2016-04-09 13:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-05-11 05:38 - 2016-04-09 13:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-05-11 05:38 - 2016-04-09 13:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-05-11 05:38 - 2016-04-09 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-05-11 05:38 - 2016-04-09 13:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-05-11 05:38 - 2016-04-09 13:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-05-11 05:38 - 2016-04-09 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-05-11 05:36 - 2016-04-09 12:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2016-05-11 05:36 - 2016-04-09 11:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-10 16:21 - 2009-07-14 12:45 - 00029776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-06-10 16:21 - 2009-07-14 12:45 - 00029776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-06-10 14:43 - 2015-03-11 20:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-06-10 14:41 - 2015-03-03 17:43 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-06-10 14:40 - 2016-01-21 22:28 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2016-06-10 14:37 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-06-10 14:36 - 2013-10-09 21:48 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-06-10 11:35 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
    2016-06-10 11:34 - 2016-05-04 22:14 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1462371281
    2016-06-10 11:21 - 2016-05-04 12:08 - 00000000 ____D C:\AdwCleaner
    2016-06-10 11:12 - 2012-12-09 01:42 - 00000000 ____D C:\Users\admin
    2016-06-10 11:09 - 2015-12-06 11:57 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2016-06-10 11:09 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2016-06-10 11:09 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
    2016-06-10 11:09 - 2014-10-13 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
    2016-06-10 11:09 - 2014-05-15 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
    2016-06-10 11:09 - 2013-10-25 12:34 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-06-10 11:09 - 2013-10-24 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2016-06-10 11:09 - 2012-12-09 03:07 - 00000000 ____D C:\Windows\SysWOW64\Drivers\MFDLL
    2016-06-10 11:09 - 2012-12-09 03:00 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
    2016-06-10 11:09 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-06-10 11:09 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Offline Web Pages
    2016-06-10 11:09 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Downloaded Program Files
    2016-06-10 11:09 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Windows Sidebar
    2016-06-10 11:09 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
    2016-06-10 11:09 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2016-06-10 11:09 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Media
    2016-06-10 11:09 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
    2016-06-10 11:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\TAPI
    2016-06-10 11:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-06-10 11:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Msdtc
    2016-06-10 11:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\ias
    2016-06-10 11:08 - 2016-05-04 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2016-06-10 11:08 - 2016-05-04 12:09 - 00000000 ____D C:\Users\admin\Documents\My Filehippo Downloads
    2016-06-10 11:08 - 2016-05-04 03:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2016-06-10 11:08 - 2016-05-03 18:12 - 00000000 ____D C:\Users\admin\AppData\Local\Akamai
    2016-06-10 11:08 - 2016-03-16 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
    2016-06-10 11:08 - 2016-01-24 14:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\Spotify
    2016-06-10 11:08 - 2015-08-25 18:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\Shortcut
    2016-06-10 11:08 - 2015-07-08 13:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6
    2016-06-10 11:08 - 2015-03-11 20:38 - 00000000 ____D C:\Program Files\Temp File Cleaner
    2016-06-10 11:08 - 2015-03-11 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-06-10 11:08 - 2015-03-11 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-06-10 11:08 - 2015-03-01 21:54 - 00000000 ____D C:\Windows\erdnt
    2016-06-10 11:08 - 2015-02-28 22:19 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-06-10 11:08 - 2014-12-21 03:14 - 00000000 ____D C:\Users\admin\AppData\LocalLow\ADSRemoval
    2016-06-10 11:08 - 2014-10-13 16:42 - 00000000 ____D C:\Users\admin\Documents\PCSX2
    2016-06-10 11:08 - 2014-10-07 23:03 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
    2016-06-10 11:08 - 2014-05-15 11:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
    2016-06-10 11:08 - 2014-05-13 08:12 - 00000000 ____D C:\Users\admin\Documents\Public Bank Berhad Internet Banking_files
    2016-06-10 11:08 - 2014-05-01 21:34 - 00000000 ____D C:\ProgramData\Protexis
    2016-06-10 11:08 - 2014-05-01 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X7
    2016-06-10 11:08 - 2014-04-19 12:32 - 00000000 ____D C:\Users\admin\Documents\JALIL DAMAI_files
    2016-06-10 11:08 - 2014-03-10 17:39 - 00000000 ____D C:\Users\admin\Documents\InfiniteCrisis
    2016-06-10 11:08 - 2014-03-10 17:11 - 00000000 ____D C:\Users\admin\AppData\Local\Turbine
    2016-06-10 11:08 - 2014-03-10 16:45 - 00000000 ____D C:\Users\admin\AppData\Roaming\C2ray
    2016-06-10 11:08 - 2014-02-25 13:34 - 00000000 ____D C:\Users\admin\AppData\Local\Unity
    2016-06-10 11:08 - 2014-02-24 23:29 - 00000000 ____D C:\ProgramData\Package Cache
    2016-06-10 11:08 - 2014-02-24 12:25 - 00000000 ____D C:\ProgramData\Borland
    2016-06-10 11:08 - 2014-02-05 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
    2016-06-10 11:08 - 2014-02-05 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2016-06-10 11:08 - 2014-01-27 14:18 - 00000000 ____D C:\ProgramData\BlueStacksSetup
    2016-06-10 11:08 - 2013-11-16 03:24 - 00000000 ____D C:\Users\admin\AppData\LocalLow\AdbPlugin
    2016-06-10 11:08 - 2013-11-02 00:17 - 00000000 ____D C:\Users\admin\.frostwire5
    2016-06-10 11:08 - 2013-10-27 20:47 - 00000000 ____D C:\Windows\Downloaded Installations
    2016-06-10 11:08 - 2013-10-27 20:46 - 00000000 ____D C:\Users\admin\AppData\Local\Downloaded Installations
    2016-06-10 11:08 - 2013-10-25 16:40 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA
    2016-06-10 11:08 - 2013-10-25 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-06-10 11:08 - 2013-10-24 20:31 - 00000000 ____D C:\Windows\Minidump
    2016-06-10 11:08 - 2013-10-11 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-06-10 11:08 - 2013-10-11 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-06-10 11:08 - 2013-10-10 15:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
    2016-06-10 11:08 - 2013-10-10 15:37 - 00000000 ____D C:\ProgramData\Skype
    2016-06-10 11:08 - 2013-10-10 15:34 - 00000000 ____D C:\Users\admin\AppData\LocalLow\SecurePlugin
    2016-06-10 11:08 - 2013-10-10 15:34 - 00000000 ____D C:\Users\admin\AppData\LocalLow\IObit
    2016-06-10 11:08 - 2013-10-10 15:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\IObit
    2016-06-10 11:08 - 2013-10-10 15:33 - 00000000 ____D C:\ProgramData\IObit
    2016-06-10 11:08 - 2012-12-10 03:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-06-10 11:08 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files\Microsoft Games
    2016-06-10 11:08 - 2009-07-14 12:45 - 00000000 ____D C:\Windows\Setup
    2016-06-10 11:08 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\security
    2016-06-10 11:08 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Help
    2016-06-10 11:08 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\AppCompat
    2016-06-10 11:07 - 2016-05-04 12:13 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-06-10 11:07 - 2016-05-04 12:03 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
    2016-06-10 11:07 - 2015-07-08 13:36 - 00000000 ____D C:\Program Files (x86)\FrostWire 6
    2016-06-10 11:07 - 2015-03-11 20:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-06-10 11:07 - 2014-10-13 16:41 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.2.1
    2016-06-10 11:07 - 2014-05-15 11:03 - 00000000 ____D C:\Program Files (x86)\Aeria Games
    2016-06-10 11:07 - 2014-04-02 12:15 - 00000000 ____D C:\Program Files (x86)\BlueStacks
    2016-06-10 11:07 - 2014-03-15 16:11 - 00000000 ____D C:\Program Files (x86)\TunnelBear
    2016-06-10 11:07 - 2014-02-27 12:11 - 00000000 ____D C:\Program Files\File Association Helper
    2016-06-10 11:07 - 2014-02-05 17:20 - 00000000 ____D C:\Program Files (x86)\psx emulation cheater
    2016-06-10 11:07 - 2014-02-05 16:07 - 00000000 ____D C:\Program Files (x86)\7-Zip
    2016-06-10 11:07 - 2013-10-24 21:30 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-06-10 11:07 - 2013-10-11 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-06-10 11:07 - 2013-10-10 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-06-10 11:07 - 2013-10-09 21:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-06-10 11:07 - 2012-12-09 03:07 - 00000000 ____D C:\Program Files (x86)\ASUS
    2016-06-10 11:07 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2016-06-10 11:05 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
    2016-06-10 10:48 - 2015-03-10 01:18 - 00000000 ____D C:\ProgramData\Sophos
    2016-06-10 10:48 - 2013-12-04 09:59 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
    2016-06-10 09:23 - 2016-05-04 22:34 - 00002011 _____ C:\Users\admin\Desktop\JRT.txt
    2016-06-10 09:13 - 2015-03-01 22:25 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
    2016-05-22 20:27 - 2013-10-10 13:06 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-05-22 20:27 - 2013-10-10 13:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-05-22 20:24 - 2016-03-05 10:14 - 432872430 _____ C:\Windows\MEMORY.DMP
    2016-05-13 03:00 - 2014-12-11 07:29 - 00000000 ____D C:\Windows\system32\appraiser
    2016-05-12 06:52 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
    2016-05-12 03:46 - 2009-07-14 13:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-05-12 03:39 - 2009-07-14 12:45 - 00335880 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-05-12 03:36 - 2011-04-12 16:28 - 00000000 ____D C:\Program Files\Windows Journal
    2016-05-12 03:13 - 2013-10-10 13:04 - 00000000 ____D C:\Windows\system32\MRT
    2016-05-12 03:03 - 2013-10-10 13:04 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2009-07-14 12:54 - 2009-07-14 12:54 - 0000174 ___SH () C:\Program Files\desktop(8567).ini

    Some files in TEMP:
    ====================
    C:\Users\admin\AppData\Local\Temp\libeay32.dll
    C:\Users\admin\AppData\Local\Temp\msvcr120.dll
    C:\Users\admin\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-06-07 02:37

    ==================== End of FRST.txt ============================
     
  4. SmokeyMcNasty

    SmokeyMcNasty TS Enthusiast Topic Starter Posts: 53

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-06-2016
    Ran by admin (2016-06-10 16:39:55)
    Running from C:\Users\admin\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2012-12-08 17:42:12)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    admin (S-1-5-21-3943417612-1818929072-5295417-1000 - Administrator - Enabled) => C:\Users\admin
    Administrator (S-1-5-21-3943417612-1818929072-5295417-500 - Administrator - Disabled)
    Guest (S-1-5-21-3943417612-1818929072-5295417-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3943417612-1818929072-5295417-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
    7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
    7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
    Adobe Flash Player 21 ActiveX (HKLM-x32\...\{5708517C-59A3-45C6-9727-6C06C8595AFD}) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
    Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
    Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
    Akamai NetSession Interface (HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
    C2ray 1.0.7.3 (HKLM-x32\...\C2ray) (Version: 1.0.7.3 - C2fun.com)
    File Association Helper (HKLM\...\{572D0504-2C67-4016-801F-D70879A3026A}) (Version: 1.1.6.53763 - WinZip Computing International, LLC)
    FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
    FrostWire 6.1.2 (HKLM-x32\...\FrostWire 6) (Version: 6.1.2.2 - FrostWire LLC)
    Grand Fantasia (HKLM-x32\...\Grand Fantasia) (Version: - )
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.6.101 - IObit)
    Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5997 - Mozilla)
    NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version: - CyberConnect 2)
    NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
    NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7503 - Realtek Semiconductor Corp.)
    SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
    Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
    SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
    Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
    Spotify (HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
    TunnelBear (x32 Version: 2.3.17.0 - TunnelBear) Hidden
    Unity Web Player (HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
    WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
    WordPerfect Office X7 - Common Files (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - Common Files English (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - IPM Content TBYB (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - IPM TBYB (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - Lightning Files (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - Lightning Files English (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - Oxford (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - Presentations Files (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - Presentations Files English (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - Quattro Pro Files (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - Quattro Pro Files English (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - Setup Files (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - System Files (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - WordPerfect Files (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - WordPerfect Files English (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - WPD format Props x64 (Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 - WT (x32 Version: 17.0 - Corel Corporation) Hidden
    WordPerfect Office X7 (HKLM-x32\...\_{64A329FC-D1B2-4354-922D-21F7EC777E10}) (Version: 17.0.0.314 - Corel Corporation)
    WordPerfect Office X7 (x32 Version: 17.0 - Corel Corporation) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {352228EF-798D-4A62-9F01-264601F794A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-22] (Adobe Systems Incorporated)
    Task: {53FEAB63-F0D9-450C-81E2-72CF8678E47B} - System32\Tasks\{000F06D1-94F5-42B0-BCDC-44E925AE3309} => pcalua.exe -a C:\Users\admin\AppData\Local\Temp\jre-8u51-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
    Task: {79A3DE15-36F7-44D2-8EF4-6223903CAB09} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {A1D0271C-F100-4F6D-A781-50EA1E520D44} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
    Task: {E918702D-BD95-48B6-BDD9-3D281C0068AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-04] (AVAST Software)
    Task: {EC3F22EA-74B4-4B68-B896-8B43084589F4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
    Task: {F8851D91-D036-4CD1-8012-8A02EDB7ACCF} - System32\Tasks\SafeZone scheduled Autoupdate 1462371281 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
    Task: {FA122B14-DA9D-49D8-AEDD-323151D741D9} - System32\Tasks\{6038F396-C43F-4BD6-AB77-5E52F6557F70} => pcalua.exe -a C:\Users\admin\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.1.2-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat ()

    ==================== Loaded Modules (Whitelisted) ==============

    2013-10-09 21:47 - 2015-04-09 05:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-09-04 16:22 - 2015-09-04 16:22 - 00036352 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
    2016-05-04 12:17 - 2016-05-04 12:17 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-05-04 12:17 - 2016-05-04 12:17 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-06-10 11:30 - 2016-06-10 11:30 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\16060901\algo.dll
    2016-05-04 12:17 - 2016-05-04 12:17 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2016-05-04 12:17 - 2016-05-04 12:17 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2015-04-17 19:36 - 2015-04-09 08:58 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2016-05-04 12:17 - 2016-05-04 12:17 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-03-16 20:50 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2016-03-16 20:50 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
    2013-06-07 05:59 - 2013-06-07 05:59 - 00158744 _____ () C:\Program Files (x86)\Aeria Games\Ignite\AGAkamai.dll
    2012-12-09 02:53 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2016-05-22 20:27 - 2016-05-22 20:27 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\aeriagames.com -> hxxps://aeriagames.com
    IE trusted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\aeriagames.com -> hxxp://aeriagames.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-3943417612-1818929072-5295417-1000\...\100sexlinks.com -> 100sexlinks.com

    There are 4789 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 10:34 - 2016-05-03 10:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3943417612-1818929072-5295417-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Aeria Ignite => "c:\program files (x86)\aeria games\ignite\aeriaignite.exe" silent
    MSCONFIG\startupreg: FAHConsole => c:\program files\file association helper\fahconsole.exe
    MSCONFIG\startupreg: QuickFinder Scheduler => "c:\program files (x86)\corel\wordperfect office x7\programs\qfschd170.exe"
    MSCONFIG\startupreg: ShadowPlay => c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap64.dll,shadowplayonsystemstart
    MSCONFIG\startupreg: Spotify => "c:\users\admin\appdata\roaming\spotify\spotify.exe" -autostart -minimized
    MSCONFIG\startupreg: Spotify Web Helper => "c:\users\admin\appdata\roaming\spotify\spotifywebhelper.exe"
    MSCONFIG\startupreg: Steam => "c:\program files (x86)\steam\steam.exe" -silent
    MSCONFIG\startupreg: TunnelBear =>
     
  5. SmokeyMcNasty

    SmokeyMcNasty TS Enthusiast Topic Starter Posts: 53

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{86B0B000-0604-4C30-8915-2BEAD1AFF315}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{7F76CAB5-3135-48D2-8947-9B00F1061A63}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{99D0C62D-5B8F-4BA9-B373-3E70E185C1E3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{B1198886-F6E1-4E83-AF6B-91C9A0E0DD3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{43D3F327-515C-47F1-BBF8-23B66C578E74}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{68BE8EF3-4829-4C4A-A72C-74F93E8A8E16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{53EE5AFC-D90C-4BE9-9113-696B25B3DCD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{9413AB61-B7FC-4E00-85EB-8AB8E199DB0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{67A17A01-344A-4BC2-9B15-1BAB71E85FEB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{7B8EE845-09CE-4A60-9CBF-3E331EA7A8E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{E89FCDDA-EC24-4BB9-B262-3D50EE4D8D67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B9D6048E-5A83-4D60-BF4A-CC4A67666349}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
    FirewallRules: [{970BB27E-064B-4067-B6A4-859303DF545F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
    FirewallRules: [{D79BA0C5-ED56-40C2-8B9D-C23F533D33F5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{279A9FB0-29DD-426F-9641-7367D4DF05C4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{CF0BA3E1-DA21-4D4F-AA2B-E3548B27B210}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{FB0EBC97-C4AF-456F-8358-C23EEE0DABAF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{7353A2A7-4695-432E-BB10-4CCE9F5BFB26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{52293CF0-5430-49EF-BD23-0A1569E4F991}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{BA9E4879-00CC-4AAA-A3AF-A454E5C7B998}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [UDP Query User{45BBFABC-6B23-490B-B5F9-AF23DD15F2C6}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [{B54CA954-96E8-4B30-9F03-DC9598621C72}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{F13424CD-E31F-4076-94D0-9322964158A7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{72BA6340-6266-46F7-AC0B-AEDE679BBF7E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{A17763C0-7DA9-4BAD-9726-8F442D31A239}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{8B427DF6-437A-4EF0-8200-9F565EB0FE0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{585D0441-657A-4056-A52B-33C7EA1B12CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{19229F66-629D-408F-8863-EA66B3C3F6A9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6400D1C2-85DE-404E-B7D2-2363FF758EFF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{61D0B398-AC43-4E16-A921-F0910499D5D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{CD7773DE-2E6A-4784-B77C-76C3933DA11A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{04E59413-BA11-4558-B50D-478166408D00}] => (Allow) C:\Users\admin\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [{D15B826D-6FA8-4345-AB85-0BFDDBB3DAC4}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
    FirewallRules: [{0AB15D00-2EF7-468F-8874-4D987269D5E3}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
    FirewallRules: [TCP Query User{16F5B33C-7E34-48E5-9EF9-BF5DC2A4824E}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{47BBF41D-4E85-40E6-9D4E-E01AE9B8BEAA}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{1B3211FF-468A-4268-9E43-C28A99CC5759}] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{6A3BCCD7-476F-4951-B047-7AEC09761CE9}] => (Block) C:\users\admin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{DB7934B1-2D93-4967-B312-F03EB287F9DF}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{04C34BCA-1577-4FCD-A764-5E29A3BA1842}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\admin\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{55474AFB-E53B-4CDC-8FB9-2D8162D49C91}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{ABCF2E42-550E-4C80-92BA-5D09DB36F3AE}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe

    ==================== Restore Points =========================

    27-05-2016 03:00:10 Windows Update
    31-05-2016 15:29:02 Windows Update
    03-06-2016 20:44:09 Windows Update
    07-06-2016 20:54:36 Windows Update
    10-06-2016 09:19:41 JRT Pre-Junkware Removal
    10-06-2016 09:24:19 Restore Operation
    10-06-2016 10:15:12 Device Driver Package Install: Avast Network Service
    10-06-2016 10:21:08 Windows Update
    10-06-2016 10:25:11 Restore Operation
    10-06-2016 11:37:07 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: avast! SecureLine TAP Adapter v3
    Description: avast! SecureLine TAP Adapter v3
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: aswTap
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/10/2016 02:40:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
    Faulting module name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
    Exception code: 0xc0000005
    Fault offset: 0x00000000004e920f
    Faulting process id: 0xd1c
    Faulting application start time: 0xNvStreamNetworkService.exe0
    Faulting application path: NvStreamNetworkService.exe1
    Faulting module path: NvStreamNetworkService.exe2
    Report Id: NvStreamNetworkService.exe3

    Error: (06/10/2016 02:40:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/10/2016 02:34:35 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
    Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

    Error: (06/10/2016 11:37:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service Avast Firewall since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/10/2016 11:37:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Avast Firewall NDIS6 Helper.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/10/2016 11:24:25 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
    Faulting module name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
    Exception code: 0xc0000005
    Fault offset: 0x00000000004e920f
    Faulting process id: 0xad4
    Faulting application start time: 0xNvStreamNetworkService.exe0
    Faulting application path: NvStreamNetworkService.exe1
    Faulting module path: NvStreamNetworkService.exe2
    Report Id: NvStreamNetworkService.exe3

    Error: (06/10/2016 11:24:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/10/2016 11:14:29 AM) (Source: System Restore) (EventID: 8210) (User: )
    Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000022.

    Error: (06/10/2016 11:14:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/10/2016 11:13:45 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
    Faulting module name: NvStreamNetworkService.exe, version: 4.1.1943.6202, time stamp: 0x551399be
    Exception code: 0xc0000005
    Fault offset: 0x00000000004e920f
    Faulting process id: 0xb0c
    Faulting application start time: 0xNvStreamNetworkService.exe0
    Faulting application path: NvStreamNetworkService.exe1
    Faulting module path: NvStreamNetworkService.exe2
    Report Id: NvStreamNetworkService.exe3


    System errors:
    =============
    Error: (06/10/2016 02:40:48 PM) (Source: ipnathlp) (EventID: 30013) (User: )
    Description: 192.168.1.71192.168.137.0255.255.255.0

    Error: (06/10/2016 02:40:48 PM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (06/10/2016 02:39:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Intel(R) Capability Licensing Service Interface service failed to start due to the following error:
    %%1053

    Error: (06/10/2016 02:39:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Capability Licensing Service Interface service to connect.

    Error: (06/10/2016 02:38:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ASUS HM Com Service service failed to start due to the following error:
    %%1053

    Error: (06/10/2016 02:38:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the ASUS HM Com Service service to connect.

    Error: (06/10/2016 02:37:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ASUS Com Service service failed to start due to the following error:
    %%1053

    Error: (06/10/2016 02:37:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the ASUS Com Service service to connect.

    Error: (06/10/2016 11:39:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.223.921.0).

    Error: (06/10/2016 11:29:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.


    CodeIntegrity:
    ===================================
    Date: 2016-05-03 10:56:02.614
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-05-03 10:56:02.551
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-01 22:28:04.659
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-01 22:28:04.627
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
    Percentage of memory in use: 92%
    Total physical RAM: 4046.1 MB
    Available physical RAM: 316.5 MB
    Total Virtual: 8090.39 MB
    Available Virtual: 3636.53 MB

    ==================== Drives ================================

    Drive c: (system) (Fixed) (Total:244.04 GB) (Free:95.59 GB) NTFS
    Drive d: (local disk) (Fixed) (Total:221.62 GB) (Free:219 GB) NTFS
    Drive e: (DTS 30692) (CDROM) (Total:4.18 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AF7155AA)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    I don't see much there but we can double check...

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. SmokeyMcNasty

    SmokeyMcNasty TS Enthusiast Topic Starter Posts: 53

    It would seem as if my computer just had hiccups last night things runing as smooth as usual eve this morning the same. Thanks for your reply. If u still think should dbl check I will follow the steps.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    If all is fine...good luck :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...