Pictures & video file extensions changed to .ecc

rlw · February 24, 2015

I was running the free version of Avira, but a Trojan managed to get through. It has hijacked my files, changed extensions to .ecc. My wallpaper was changed to a message saying I need to enter a code to get my files. Now, I'm not very computer savvy, but I know enough to know I've got a Trojan that has hijacked my files.

I've run a scan on Avira, downloaded and scanned with AVG and malwarebytes. AVG & Malwarebytes found viruses and "repaired" them, but my files are still messed up. Where do I go from here?

I downloaded farbar, as recommended, and here are the scan results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2015 01
Ran by rlw911 (administrator) on MYTABLET on 24-02-2015 14:31:40
Running from C:\Users\rlw911\AppData\Local\Microsoft\Windows\INetCache\IE\5WH68MJJ
Loaded Profiles: rlw911 (Available profiles: rlw911)
Platform: Microsoft Windows 8.1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(AVG Technologies) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\Users\rlw911\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x86__8wekyb3d8bbwe\glcnd.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20279_x86__8wekyb3d8bbwe\livecomm.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-16] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [73216 2013-11-02] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-29] (Realtek Semiconductor)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-10] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-4135598251-3864460571-2178574255-1001\...\Run: [Amazon Music] => C:\Users\rlw911\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-4135598251-3864460571-2178574255-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILBE.EXE [260160 2014-12-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4135598251-3864460571-2178574255-1001\...\Run: [irshadk] => rundll32 ",irshadk
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4135598251-3864460571-2178574255-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-4135598251-3864460571-2178574255-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-4135598251-3864460571-2178574255-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4135598251-3864460571-2178574255-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 50.204.232.210

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1508656 2015-02-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-10] (AVG Technologies CZ, s.r.o.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-03-18] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1840304 2015-01-13] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2013-11-13] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [75264 2013-11-02] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [89088 2013-11-02] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [82432 2013-11-02] (Intel Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2013-08-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2161976 2015-02-12] (AVG Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-21] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-21] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [64792 2013-12-12] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S0 Avgbootx; C:\Windows\System32\DRIVERS\avgbootx.sys [17424 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6x.sys [48920 2014-12-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-10] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimw8x.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-16] (Avira Operations GmbH & Co. KG)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpx; C:\Windows\system32\DRIVERS\avgwfpx.sys [217568 2015-01-23] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [136216 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2013-10-02] (Broadcom Corp)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [186880 2013-12-04] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-21] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-03-18] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-03-18] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-30] (Microsoft Corporation)
R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [17408 2013-11-02] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [19968 2013-11-02] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [28160 2013-11-02] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [72704 2013-11-02] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [176640 2013-11-02] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-11-03] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-11-03] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-07] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-14] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-11-03] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-08] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [33176 2013-10-28] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [252416 2013-11-04] (Intel® Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-30] (Microsoft Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2013-10-28] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-11-02] (Intel Corporation)
R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-11-02] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.)
S3 RTLU3E8023-W8-32; C:\Windows\system32\DRIVERS\rtu30x86w8.sys [57856 2013-06-18] (Realtek )
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-30] (Microsoft Corporation)
S1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2014-07-23] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2015-01-13] (TuneUp Software)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [76304 2013-11-02] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-21] (Microsoft Corporation)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-30] (Microsoft Corporation)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 14:31 - 2015-02-24 14:31 - 00000000 ____D () C:\FRST
2015-02-24 13:56 - 2015-02-24 13:56 - 00001844 _____ () C:\malware.txt
2015-02-24 13:43 - 2015-02-24 13:59 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 13:42 - 2015-02-24 13:42 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-24 13:42 - 2015-02-24 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-24 13:42 - 2015-02-24 13:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-24 13:42 - 2015-02-24 13:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-24 13:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-24 13:42 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-24 13:42 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-23 22:58 - 2015-02-24 13:58 - 00000747 _____ () C:\Windows\setupact.log
2015-02-23 22:58 - 2015-02-23 22:58 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-23 21:43 - 2014-07-24 07:48 - 02410976 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-02-23 21:43 - 2014-07-24 07:40 - 01678656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-02-23 21:43 - 2014-07-24 07:36 - 02145472 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2015-02-23 21:43 - 2014-07-24 07:36 - 00707536 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-02-23 21:43 - 2014-07-24 03:16 - 12730880 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-02-23 21:43 - 2014-07-24 03:04 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2015-02-23 21:43 - 2014-07-24 02:29 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2015-02-23 21:43 - 2014-07-24 02:29 - 01029632 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2015-02-23 21:43 - 2014-07-24 02:16 - 01313792 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2015-02-23 21:43 - 2014-07-24 02:10 - 00889344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-02-23 21:43 - 2014-07-24 01:23 - 01222144 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2015-02-23 21:43 - 2014-06-13 23:46 - 02071552 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-23 21:43 - 2014-05-05 18:55 - 00391000 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-02-23 21:42 - 2014-07-24 07:50 - 01371176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-02-23 21:42 - 2014-07-24 07:50 - 00098048 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-02-23 21:42 - 2014-07-24 07:50 - 00049520 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-23 21:42 - 2014-07-24 07:48 - 00362304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2015-02-23 21:42 - 2014-07-24 07:48 - 00338240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-02-23 21:42 - 2014-07-24 07:48 - 00211776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2015-02-23 21:42 - 2014-07-24 07:48 - 00180208 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2015-02-23 21:42 - 2014-07-24 07:48 - 00111424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-02-23 21:42 - 2014-07-24 07:46 - 00477200 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-02-23 21:42 - 2014-07-24 07:39 - 01390448 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-02-23 21:42 - 2014-07-24 07:39 - 01281440 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-02-23 21:42 - 2014-07-24 07:39 - 01271096 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-02-23 21:42 - 2014-07-24 07:39 - 01168344 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-02-23 21:42 - 2014-07-24 07:36 - 00355800 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-02-23 21:42 - 2014-07-24 07:36 - 00180720 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2015-02-23 21:42 - 2014-07-24 04:52 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-02-23 21:42 - 2014-07-24 04:52 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTT102.DLL
2015-02-23 21:42 - 2014-07-24 04:52 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-02-23 21:42 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2015-02-23 21:42 - 2014-07-24 04:51 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-02-23 21:42 - 2014-07-24 04:51 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-02-23 21:42 - 2014-07-24 04:51 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-02-23 21:42 - 2014-07-24 04:46 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2015-02-23 21:42 - 2014-07-24 04:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2015-02-23 21:42 - 2014-07-24 04:44 - 00560128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-02-23 21:42 - 2014-07-24 04:44 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-02-23 21:42 - 2014-07-24 04:43 - 00377856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2015-02-23 21:42 - 2014-07-24 04:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NdisImPlatform.sys
2015-02-23 21:42 - 2014-07-24 04:42 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-02-23 21:42 - 2014-07-24 04:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-02-23 21:42 - 2014-07-24 04:33 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-02-23 21:42 - 2014-07-24 04:10 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-02-23 21:42 - 2014-07-24 04:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
2015-02-23 21:42 - 2014-07-24 04:09 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2015-02-23 21:42 - 2014-07-24 03:55 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2015-02-23 21:42 - 2014-07-24 03:42 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2015-02-23 21:42 - 2014-07-24 03:33 - 01741824 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-02-23 21:42 - 2014-07-24 03:32 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2015-02-23 21:42 - 2014-07-24 03:27 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-02-23 21:42 - 2014-07-24 03:25 - 00832512 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2015-02-23 21:42 - 2014-07-24 03:24 - 01817088 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2015-02-23 21:42 - 2014-07-24 03:23 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2015-02-23 21:42 - 2014-07-24 03:10 - 00540672 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-02-23 21:42 - 2014-07-24 03:04 - 00492032 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll
2015-02-23 21:42 - 2014-07-24 02:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2015-02-23 21:42 - 2014-07-24 02:49 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2015-02-23 21:42 - 2014-07-24 02:44 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-02-23 21:42 - 2014-07-24 02:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2015-02-23 21:42 - 2014-07-24 02:40 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-02-23 21:42 - 2014-07-24 02:39 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2015-02-23 21:42 - 2014-07-24 02:39 - 00178176 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2015-02-23 21:42 - 2014-07-24 02:36 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2015-02-23 21:42 - 2014-07-24 02:32 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2015-02-23 21:42 - 2014-07-24 02:30 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2015-02-23 21:42 - 2014-07-24 02:29 - 00439296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2015-02-23 21:42 - 2014-07-24 02:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-02-23 21:42 - 2014-07-24 02:23 - 01404416 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2015-02-23 21:42 - 2014-07-24 02:21 - 00302080 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2015-02-23 21:42 - 2014-07-24 02:15 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2015-02-23 21:42 - 2014-07-24 02:10 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2015-02-23 21:42 - 2014-07-24 02:07 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-02-23 21:42 - 2014-07-24 02:06 - 01108480 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2015-02-23 21:42 - 2014-07-24 02:06 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-23 21:42 - 2014-07-24 02:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-02-23 21:42 - 2014-07-24 02:05 - 00448000 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2015-02-23 21:42 - 2014-07-24 02:04 - 00667136 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-23 21:42 - 2014-07-24 02:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2015-02-23 21:42 - 2014-07-24 01:58 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2015-02-23 21:42 - 2014-07-24 01:54 - 01634304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-23 21:42 - 2014-07-24 01:54 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-02-23 21:42 - 2014-07-24 01:50 - 02818560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-23 21:42 - 2014-07-24 01:44 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2015-02-23 21:42 - 2014-07-24 01:41 - 00459264 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-02-23 21:42 - 2014-07-23 22:13 - 00513544 _____ () C:\Windows\system32\locale.nls
2015-02-23 21:42 - 2014-07-11 22:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2015-02-23 21:42 - 2014-07-04 06:05 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2015-02-23 21:42 - 2014-07-04 04:06 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2015-02-23 21:42 - 2014-07-04 04:00 - 01351168 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-02-23 21:42 - 2014-07-04 03:27 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2015-02-23 21:42 - 2014-06-26 23:31 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-02-23 21:42 - 2014-06-25 18:32 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2015-02-23 21:42 - 2014-06-19 17:41 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-02-23 21:42 - 2014-06-18 18:56 - 00264512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-02-23 21:42 - 2014-06-07 04:20 - 00189016 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2015-02-23 21:42 - 2014-06-05 06:59 - 00869720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-02-23 21:42 - 2014-06-05 03:42 - 00889856 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2015-02-23 21:42 - 2014-05-30 22:18 - 01319936 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2015-02-23 21:42 - 2014-05-28 23:25 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2015-02-23 21:42 - 2014-05-26 01:16 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2015-02-23 21:42 - 2014-05-10 02:46 - 00335680 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-02-23 21:42 - 2014-03-24 19:20 - 00128568 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2015-02-23 21:42 - 2014-03-24 19:20 - 00127544 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2015-02-23 21:41 - 2015-01-13 16:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-23 21:41 - 2014-12-11 19:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-23 21:41 - 2014-12-11 18:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-02-23 21:41 - 2014-12-05 20:36 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-02-23 21:41 - 2014-12-05 19:28 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-23 21:41 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-23 21:37 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-23 21:37 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-23 21:37 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-23 21:37 - 2015-01-11 19:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-23 21:37 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-23 21:37 - 2015-01-10 02:28 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-23 21:37 - 2015-01-10 02:28 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-23 21:36 - 2015-01-15 16:37 - 00478776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-23 21:36 - 2015-01-15 16:37 - 00148288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-23 21:36 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-23 21:36 - 2015-01-11 19:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-23 21:36 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-23 21:36 - 2015-01-11 19:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-23 21:36 - 2015-01-11 19:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-23 21:36 - 2015-01-11 19:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-23 21:36 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-23 21:36 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-23 21:36 - 2015-01-11 19:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-23 21:36 - 2015-01-11 19:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-23 21:36 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-23 21:36 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-23 21:36 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-23 21:36 - 2015-01-10 01:38 - 03550720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-23 21:36 - 2015-01-10 00:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-23 21:36 - 2014-12-18 23:46 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-23 21:36 - 2014-12-08 21:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-23 21:36 - 2014-12-08 21:42 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-23 21:36 - 2014-12-08 13:46 - 00485544 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-02-23 21:36 - 2014-12-08 13:46 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-23 21:36 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-02-23 21:36 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-02-23 21:36 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-02-23 21:36 - 2014-12-05 19:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-02-23 21:36 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-02-23 21:36 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-02-23 21:36 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-23 21:36 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-02-23 21:36 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-23 21:36 - 2014-10-28 21:07 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-02-23 21:36 - 2014-10-28 20:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-23 21:36 - 2014-10-28 20:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-23 21:36 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-02-23 21:36 - 2014-10-28 19:03 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-23 21:36 - 2014-10-28 18:49 - 00694272 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-23 20:43 - 2015-02-12 17:39 - 00037176 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2015-02-23 20:43 - 2015-02-12 17:39 - 00025912 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
2015-02-23 20:42 - 2015-02-23 20:42 - 00002193 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2015-02-23 20:42 - 2015-02-23 20:42 - 00002179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-02-23 20:42 - 2015-02-23 20:42 - 00002167 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
2015-02-23 20:42 - 2015-02-23 20:42 - 00000000 ____D () C:\Users\rlw911\AppData\Roaming\AVG
2015-02-23 20:41 - 2015-02-23 20:41 - 00000000 ____D () C:\Users\rlw911\AppData\Local\Avg
2015-02-23 20:40 - 2015-02-23 20:44 - 00000000 ____D () C:\ProgramData\AVG
2015-02-23 20:18 - 2015-02-23 20:18 - 00000000 ____D () C:\Users\rlw911\AppData\Roaming\AVG2015
2015-02-23 20:15 - 2015-02-23 20:15 - 00000953 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-23 20:15 - 2015-02-23 20:15 - 00000000 ____D () C:\Users\rlw911\AppData\Roaming\TuneUp Software
2015-02-23 20:15 - 2015-02-23 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-23 20:12 - 2015-02-23 21:03 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-23 20:12 - 2015-02-23 20:12 - 00000000 ___HD () C:\$AVG
2015-02-23 20:09 - 2015-02-23 20:42 - 00000000 ____D () C:\Program Files\AVG
2015-02-23 19:47 - 2015-02-24 14:04 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-23 19:47 - 2015-02-23 21:06 - 00000000 ____D () C:\Users\rlw911\AppData\Local\Avg2015
2015-02-23 19:47 - 2015-02-23 19:47 - 00000000 ____D () C:\Users\rlw911\AppData\Local\MFAData
2015-02-23 19:41 - 2015-02-23 23:00 - 00001640 _____ () C:\Users\rlw911\Desktop\CryptoLocker.lnk
2015-02-23 19:41 - 2015-02-23 23:00 - 00001094 _____ () C:\Users\rlw911\Desktop\HELP_TO_DECRYPT_YOUR_FILES.txt
2015-02-23 19:40 - 2015-02-23 23:00 - 01694766 _____ () C:\Users\rlw911\Desktop\HELP_TO_DECRYPT_YOUR_FILES.bmp
2015-02-23 19:19 - 2015-02-23 19:41 - 00000636 _____ () C:\Users\rlw911\AppData\Roaming\key.dat
2015-02-23 19:19 - 2015-02-23 19:40 - 04848712 _____ () C:\Users\rlw911\AppData\Roaming\log.html
2015-02-23 18:58 - 2015-02-23 18:58 - 00000000 ____D () C:\Users\rlw911\AppData\Local\Macromedia
2015-02-20 22:35 - 2015-02-20 22:35 - 00000000 ____D () C:\Users\rlw911\AppData\Roaming\Epson
2015-02-19 22:14 - 2015-02-23 18:57 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-02-15 23:13 - 2015-02-15 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-02-15 23:13 - 2015-02-15 23:13 - 00000952 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2015-02-15 23:13 - 2015-02-15 23:13 - 00000000 ____D () C:\Program Files\EPSON
2015-02-15 23:13 - 2012-07-24 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\esw2ud.dll
2015-02-15 23:13 - 2012-05-17 00:00 - 00126128 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc.exe
2015-02-15 23:03 - 2015-02-15 23:15 - 00000000 ____D () C:\Program Files\EPSON Software
2015-02-15 23:03 - 2015-02-15 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-02-15 20:16 - 2015-02-23 19:36 - 00029300 _____ () C:\Users\rlw911\Documents\Anchor stencil.docx.ecc
2015-02-12 18:39 - 2015-02-24 13:39 - 00000943 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {B6A9677C-94F9-4746-B0BB-989F20E5E158}.job
2015-02-12 18:39 - 2015-02-24 13:39 - 00000757 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {B6A9677C-94F9-4746-B0BB-989F20E5E158}.job
2015-02-12 18:39 - 2015-02-12 18:39 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-02-12 18:38 - 2015-02-12 19:39 - 00000000 ____D () C:\ProgramData\EPSON
2015-02-12 18:38 - 2014-12-02 04:46 - 00142848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLMBLBE.DLL
2015-02-12 18:38 - 2014-12-02 04:46 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BLBE.DLL
2015-02-12 18:38 - 2014-12-02 04:46 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2015-02-10 16:45 - 2015-02-10 16:45 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-09 10:35 - 2015-02-09 10:35 - 00880896 _____ () C:\Users\rlw911\Downloads\Attachments_201529.zip
2015-02-09 10:22 - 2015-02-09 10:35 - 00003305 _____ () C:\Users\rlw911\Downloads\attachment
2015-02-03 10:47 - 2015-02-03 10:47 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2015-02-01 18:38 - 2015-02-23 19:36 - 00206372 _____ () C:\Users\rlw911\Downloads\2015 Comp Hour Form.xls.ecc
2015-01-26 08:21 - 2015-02-23 19:36 - 07854340 _____ () C:\Users\rlw911\Downloads\L0703332.pdf.ecc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 14:19 - 2014-05-30 05:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-24 14:19 - 2014-03-18 07:14 - 01590534 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 14:09 - 2013-08-22 02:17 - 00000000 ____D () C:\Windows\system32\sru
2015-02-24 14:02 - 2013-12-16 17:05 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 14:00 - 2014-06-15 10:07 - 00000000 ___DO () C:\Users\rlw911\OneDrive
2015-02-24 13:58 - 2013-12-16 16:49 - 00166340 _____ () C:\Windows\PFRO.log
2015-02-24 13:58 - 2013-08-22 01:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 13:57 - 2013-08-22 02:17 - 00000000 ____D () C:\Windows\L2Schemas
2015-02-24 13:57 - 2013-08-22 00:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-24 13:39 - 2013-08-22 02:17 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-23 22:58 - 2013-08-22 01:22 - 00369640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 22:56 - 2013-08-22 05:13 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-23 22:56 - 2013-08-22 02:17 - 00000000 ___RD () C:\Windows\ToastData
2015-02-23 22:56 - 2013-08-22 02:17 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-02-23 22:56 - 2013-08-22 02:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-23 22:56 - 2013-08-22 02:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-23 22:50 - 2014-05-30 05:09 - 00000000 ____D () C:\Users\rlw911
2015-02-23 22:15 - 2013-08-22 02:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-23 21:54 - 2013-08-22 02:05 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-23 21:51 - 2014-06-06 06:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-23 21:44 - 2013-08-22 02:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-23 20:55 - 2014-06-07 05:07 - 00000000 ____D () C:\Windows\Minidump
2015-02-23 20:41 - 2013-08-22 00:13 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-23 20:14 - 2013-08-22 02:17 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-23 19:36 - 2014-10-22 19:11 - 00376708 _____ () C:\Users\rlw911\Downloads\Beautiful-Badass-Mini-Course1.pdf.ecc
2015-02-23 19:36 - 2014-09-18 19:07 - 00071284 _____ () C:\Users\rlw911\Downloads\Seller Information Sheet.pdf.ecc
2015-02-23 19:36 - 2014-09-18 19:06 - 00129860 _____ () C:\Users\rlw911\Downloads\Property Tax Certificate.pdf.ecc
2015-02-23 19:36 - 2014-09-18 19:06 - 00048276 _____ () C:\Users\rlw911\Downloads\Tax Certificate Disclosure.pdf.ecc
2015-02-23 19:36 - 2014-09-03 16:44 - 00608468 _____ () C:\Users\rlw911\Downloads\14720_web_nutr.pdf.ecc
2015-02-23 19:36 - 2014-08-29 06:19 - 00151172 _____ () C:\Users\rlw911\Downloads\0319_001.pdf.ecc
2015-02-23 19:36 - 2014-08-07 21:09 - 00000000 ____D () C:\Users\rlw911\Documents\bbviewer
2015-02-23 19:36 - 2014-08-06 11:01 - 02775300 _____ () C:\Users\rlw911\IMG_20140726_172050168_HDR.jpg.ecc
2015-02-23 19:36 - 2014-08-06 10:59 - 01564388 _____ () C:\Users\rlw911\IMG_20140806_113817973.jpg.ecc
2015-02-23 19:36 - 2014-06-06 14:54 - 01861476 _____ () C:\Users\rlw911\IMG_20140602_133848974.jpg.ecc
2015-02-23 19:36 - 2014-06-01 06:03 - 00210980 _____ () C:\Users\rlw911\Desktop\2014 Comp Hour Form.xls.ecc
2015-02-23 19:36 - 2014-06-01 05:56 - 00210980 _____ () C:\Users\rlw911\Downloads\2014 Comp Hour Form.xls.ecc
2015-02-23 19:36 - 2014-01-09 21:39 - 00000052 _____ () C:\Windows\AsDCDVer.txt
2015-02-23 19:36 - 2013-12-16 15:45 - 00000000 ____D () C:\Windows\Log
2015-02-15 23:13 - 2014-03-18 07:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-15 23:13 - 2013-08-22 02:17 - 00000000 ____D () C:\Windows\twain_32
2015-02-12 18:37 - 2014-07-30 10:42 - 00001109 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-12 18:37 - 2014-07-30 10:42 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 18:37 - 2014-07-30 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-12 18:37 - 2014-07-30 10:42 - 00000000 ____D () C:\Program Files\Avira
2015-02-04 08:52 - 2013-08-22 02:17 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 13:31 - 2013-08-22 02:18 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-03 13:31 - 2013-08-22 02:18 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-29 17:49 - 2014-06-06 06:49 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-02-23 19:19 - 2015-02-23 19:41 - 0000636 _____ () C:\Users\rlw911\AppData\Roaming\key.dat
2015-02-23 19:19 - 2015-02-23 19:40 - 4848712 _____ () C:\Users\rlw911\AppData\Roaming\log.html
2013-12-16 16:57 - 2012-07-30 00:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2013-12-16 16:57 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-16 16:57 - 2012-09-07 05:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-20 05:50

==================== End Of Log ============================