Jump to content

Multiple iexplorer.exe Processes, Firefox Freezes w/Flash


FFdead2me
 Share

Recommended Posts

I keep getting multiple instances of iexplorer.exe without having explorer open. I am however using it to post this because in the last 3 days my firefox freezes anytime I open a site with flash.

 

I am running Windows 7 64bit

 

Firefox doesn't freeze when I have flash uninstalled, but I think it's related to multiple instances of iexplorer.exe because it started as well just a few days ago and I've had some other problems, but either malwarebytes or AVG fixed them.

 

So far I've ran malwarebytes and AVG multiple times, uninstalled AVG and ran Avast once, started firefox in safe mode, reset firefox, uninstalled and reinstalled firefox, used adwarecleaner, junkware cleaner. I'm sure a few other things I can't remember doing.

 

I just wanted to start this thread to start with a clean slate and post logs, because I don't know what to look for in them.

 

Thanks in advance.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Post those logs to your next reply....

 

Kevin...

Link to post
Share on other sites

Kevin, thanks for your help. I appreciate it.

 

I've attached the addition.txt

Addition.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Main (administrator) on MAIN-CYBER on 12-09-2014 02:27:47
Running from C:\Users\Main\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\ProgramData\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe
() C:\ProgramData\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Windows\System32\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\Main\AppData\Local\Temp\ocr5105.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\Main\AppData\Local\Temp\ocr5568.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-08] (NVIDIA Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-10] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1572626095-2694189744-3355439159-1000\...\Run: [AVG-Secure-Search-Update_0814avt] => C:\Users\Main\AppData\Roaming\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe [2774040 2014-08-19] ()
HKU\S-1-5-21-1572626095-2694189744-3355439159-1000\...\Run: [AVG-Secure-Search-Update_0614t] => C:\Users\Main\AppData\Roaming\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe [2726936 2014-07-03] ()
HKU\S-1-5-21-1572626095-2694189744-3355439159-1000\...\Run: [Ohwqics] => regsvr32.exe C:\Users\Main\AppData\Local\Ohwqics\siftDLL.dll <===== ATTENTION
HKU\S-1-5-21-1572626095-2694189744-3355439159-1000\...\MountPoints2: {45cc0743-fb19-11e3-a198-74d435b79111} - E:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5A780A24278FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {7E4146AD-5302-4257-B4E0-920F6A375A85} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {C55A0156-8E58-4997-92EB-2ECA8591D050} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0B1827B3-DBD7-4990-B608-70EDBFFD4C53}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{92DA20C8-012D-48EE-8F8A-A9D8A1E728FF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\x9jmgwv9.default-1410398568131
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: PlainOldFavorites - C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\x9jmgwv9.default-1410398568131\Extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37} [2014-09-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-10]
 
Chrome: 
=======
CHR Profile: C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-11]
CHR Extension: (Google Docs) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-11]
CHR Extension: (Google Drive) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-11]
CHR Extension: (YouTube) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-11]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-11]
CHR Extension: (Google Search) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-11]
CHR Extension: (Google Sheets) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-11]
CHR Extension: (Google Wallet) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-11]
CHR Extension: (Gmail) - C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-11]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-10] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-08] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-08] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-30] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-29] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-10] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-23] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [6784 2014-06-23] (SweetLow) [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 02:27 - 2014-09-12 02:28 - 00020421 _____ () C:\Users\Main\Desktop\FRST.txt
2014-09-12 02:27 - 2014-09-12 02:27 - 00000000 ____D () C:\FRST
2014-09-12 02:26 - 2014-09-12 02:26 - 04859480 _____ () C:\Users\Main\Desktop\RogueKiller.exe
2014-09-12 02:25 - 2014-09-12 02:25 - 02105856 _____ (Farbar) C:\Users\Main\Desktop\FRST64.exe
2014-09-11 16:05 - 2014-09-11 16:05 - 00000095 _____ () C:\Users\Main\Desktop\va info.txt
2014-09-11 03:51 - 2014-09-12 01:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 03:51 - 2014-09-11 03:56 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 03:51 - 2014-09-11 03:51 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-11 03:51 - 2014-09-11 03:51 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-11 03:51 - 2014-09-11 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-10 21:08 - 2014-09-10 21:08 - 00000000 ____D () C:\Users\Main\AppData\Roaming\AVAST Software
2014-09-10 21:07 - 2014-09-12 02:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-10 21:07 - 2014-09-10 21:07 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-10 21:07 - 2014-09-10 21:07 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-10 21:07 - 2014-09-10 21:07 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-10 21:07 - 2014-09-10 21:07 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-10 21:07 - 2014-09-10 21:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-10 21:07 - 2014-09-10 21:07 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-10 21:07 - 2014-09-10 21:07 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-10 21:07 - 2014-09-10 21:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-10 21:07 - 2014-09-10 21:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-10 21:07 - 2014-09-10 21:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-10 21:07 - 2014-09-10 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-10 21:06 - 2014-09-10 21:06 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-10 21:05 - 2014-09-10 21:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-10 20:36 - 2014-09-12 02:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 20:36 - 2014-09-11 02:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 20:36 - 2014-09-11 02:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 20:36 - 2014-09-11 02:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 20:22 - 2014-09-10 20:22 - 00000000 ____D () C:\Users\Main\Desktop\Old Firefox Data
2014-09-10 03:50 - 2014-09-10 04:03 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-09-10 03:07 - 2014-09-10 03:07 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-10 03:07 - 2014-09-10 03:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-10 02:40 - 2014-09-10 02:40 - 00000000 ____D () C:\Windows\ERUNT
2014-09-10 01:56 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 01:56 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 01:56 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 01:56 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 01:56 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 01:56 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 01:56 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 01:56 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 01:56 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 01:56 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 01:56 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 01:56 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 01:56 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 01:56 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 01:56 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 01:56 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 01:56 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 01:56 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 01:56 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 01:56 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 01:56 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 01:56 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 01:56 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 01:56 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 01:56 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 01:56 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 01:56 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 01:56 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 01:56 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 01:56 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 01:56 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 01:56 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 01:56 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 01:56 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 01:56 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 01:56 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 01:56 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 01:56 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 01:56 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 01:56 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 01:56 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 01:56 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 01:56 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 01:56 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 01:56 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 01:56 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 01:56 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 01:56 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 01:56 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 01:56 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 01:56 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 01:56 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 01:56 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 01:56 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 01:56 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 01:56 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 01:48 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 01:48 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 01:48 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 01:48 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 01:48 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 22:31 - 2014-09-09 22:31 - 00000000 ____D () C:\Users\Main\Documents\Razer
2014-09-09 22:31 - 2014-09-09 22:31 - 00000000 ____D () C:\Users\Main\AppData\Local\Razer_Inc
2014-09-08 15:32 - 2014-09-08 15:52 - 00000000 ____D () C:\Windows\pss
2014-09-08 11:12 - 2014-09-08 15:08 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Eceqyf
2014-09-07 10:25 - 2014-09-10 22:56 - 00000526 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814avt.job
2014-09-07 10:25 - 2014-09-10 22:56 - 00000392 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814avt_DELETE.job
2014-09-07 10:25 - 2014-09-07 10:25 - 00002894 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814avt_DELETE
2014-09-07 10:25 - 2014-09-07 10:25 - 00002820 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814avt
2014-09-07 10:25 - 2014-09-07 10:25 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Avg_Update_0814avt
2014-09-06 23:24 - 2014-09-07 10:25 - 00000000 ____D () C:\ProgramData\Avg_Update_0814avt
2014-09-06 16:13 - 2014-09-06 16:13 - 716290897 _____ () C:\Windows\MEMORY.DMP
2014-09-06 16:13 - 2014-09-06 16:13 - 00298640 _____ () C:\Windows\Minidump\090614-22432-01.dmp
2014-09-06 16:13 - 2014-09-06 16:13 - 00000000 ____D () C:\Windows\Minidump
2014-09-02 21:33 - 2014-09-10 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 21:17 - 2014-09-02 21:17 - 00000000 ____D () C:\_OTL
2014-09-02 00:38 - 2014-09-11 02:32 - 00003018 _____ () C:\Windows\setupact.log
2014-09-02 00:38 - 2014-09-02 00:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-01 21:17 - 2014-09-01 21:17 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Ynisehk
2014-09-01 21:01 - 2014-09-01 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-09-01 21:01 - 2014-09-01 21:01 - 00000000 ____D () C:\ProgramData\Auslogics
2014-09-01 21:01 - 2014-09-01 21:01 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-09-01 20:39 - 2014-09-01 20:39 - 00000000 __SHD () C:\Users\Main\AppData\Local\EmieUserList
2014-09-01 20:39 - 2014-09-01 20:39 - 00000000 __SHD () C:\Users\Main\AppData\Local\EmieSiteList
2014-09-01 10:27 - 2014-09-01 10:27 - 00000146 _____ () C:\Users\Main\Desktop\NVIDIA Control Panel - Shortcut.lnk
2014-08-31 20:29 - 2014-08-31 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-31 20:29 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-31 20:29 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-31 20:29 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-31 20:29 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-31 20:28 - 2014-08-31 20:29 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-31 06:09 - 2014-09-10 22:56 - 00000514 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0614t.job
2014-08-31 06:09 - 2014-09-10 22:56 - 00000384 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0614t_DELETE.job
2014-08-31 06:09 - 2014-08-31 06:09 - 00002886 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0614t_DELETE
2014-08-31 06:09 - 2014-08-31 06:09 - 00002808 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0614t
2014-08-31 06:09 - 2014-08-31 06:09 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Avg_Update_0614t
2014-08-30 19:08 - 2014-08-31 06:09 - 00000000 ____D () C:\ProgramData\Avg_Update_0614t
2014-08-29 19:54 - 2014-08-29 19:54 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
2014-08-29 19:54 - 2014-08-29 19:54 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-08-29 19:49 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-29 19:48 - 2014-09-10 02:13 - 00000000 ____D () C:\AdwCleaner
2014-08-29 19:36 - 2014-08-29 19:36 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-08-29 19:03 - 2014-08-29 19:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-29 19:03 - 2014-08-29 19:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-29 19:03 - 2014-08-29 19:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-29 19:03 - 2014-08-29 19:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-29 19:03 - 2014-08-29 19:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-29 19:03 - 2014-08-29 19:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-29 19:03 - 2014-08-29 19:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-29 19:03 - 2014-08-29 19:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-29 19:03 - 2014-08-29 19:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-29 19:03 - 2014-08-29 19:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-29 19:03 - 2014-08-29 19:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-29 19:03 - 2014-08-29 19:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-29 19:03 - 2014-08-29 19:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-29 19:03 - 2014-08-29 19:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-29 19:03 - 2014-08-29 19:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-29 19:03 - 2014-08-29 19:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-29 19:03 - 2014-08-29 19:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-29 19:03 - 2014-08-29 19:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-29 19:03 - 2014-08-29 19:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-29 19:02 - 2014-08-29 19:02 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-29 19:02 - 2014-08-29 19:02 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-29 19:02 - 2014-08-29 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-08-29 19:02 - 2014-08-29 19:02 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-08-29 19:02 - 2014-08-29 19:02 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-08-29 19:02 - 2014-08-29 19:02 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-08-29 19:01 - 2014-08-29 19:05 - 00009020 _____ () C:\Windows\IE11_main.log
2014-08-29 19:01 - 2014-08-29 19:01 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-08-29 19:01 - 2014-08-29 19:01 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-08-29 18:54 - 2014-08-29 19:37 - 00287794 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-08-29 18:51 - 2014-09-10 01:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-29 18:50 - 2014-08-29 19:37 - 00291890 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-08-29 18:41 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-29 18:41 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-29 18:41 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-29 18:41 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-29 18:41 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-29 18:41 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-29 18:41 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-29 18:41 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-29 18:40 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-29 18:40 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-29 18:40 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-29 18:40 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-29 18:40 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-29 18:40 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-29 18:40 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-29 18:40 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-08-29 18:40 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-08-29 18:40 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-08-29 18:40 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-08-29 18:40 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-08-29 18:40 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-08-29 18:40 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-08-29 18:40 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-08-29 18:40 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-08-29 18:40 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-29 18:40 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-29 18:40 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-08-29 18:40 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-08-29 18:40 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-08-29 18:40 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-08-29 18:40 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-08-29 18:40 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-08-29 18:40 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-08-29 18:40 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-08-29 18:40 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-29 18:40 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-29 18:40 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-08-29 18:40 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-08-29 18:40 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-08-29 18:40 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-08-29 18:40 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-08-29 18:40 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-08-29 18:40 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-08-29 18:39 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-29 18:39 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-29 18:39 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-29 18:39 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-29 18:39 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-29 18:39 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-29 18:39 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-29 18:39 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-29 18:39 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-29 18:39 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-29 18:39 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-29 18:39 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-29 18:39 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-29 18:39 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-29 18:39 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-29 18:39 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-29 18:39 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-29 18:39 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-29 18:39 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-29 18:39 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-29 18:39 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-29 18:39 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-29 18:39 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-08-29 18:39 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-08-29 18:39 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-08-29 18:39 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-08-29 18:39 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-08-29 18:39 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-08-29 18:39 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-08-29 18:39 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-08-29 18:39 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-08-29 18:39 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-08-29 18:39 - 2013-07-12 05:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-08-29 18:39 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-08-29 18:39 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-08-29 18:39 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-08-29 18:39 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-08-29 18:39 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-08-29 18:39 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-08-29 18:39 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-08-29 18:39 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-08-29 18:39 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-08-29 18:38 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 18:38 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 18:38 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-29 18:38 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-29 18:38 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-08-29 18:38 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-08-29 18:38 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-08-29 18:38 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-08-29 18:38 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-08-29 18:38 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-08-29 18:38 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-08-29 18:38 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-08-29 18:38 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-29 18:38 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-29 18:38 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-08-29 18:38 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-29 18:38 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-29 18:38 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-08-29 18:38 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-08-29 18:38 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-29 18:38 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-29 18:38 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-29 18:38 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-29 18:38 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-29 18:38 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-29 18:38 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-08-29 18:38 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-08-29 18:38 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-08-29 18:38 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-08-29 18:38 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-08-29 18:38 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-08-29 18:38 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-29 18:38 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-29 18:38 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-08-29 18:38 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-29 18:38 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-29 18:38 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-08-29 18:38 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-29 18:38 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-08-29 18:38 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-08-29 18:38 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-08-29 18:38 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-08-29 18:38 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-08-29 18:38 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-08-29 18:38 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-08-29 18:38 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-08-29 18:38 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-08-29 18:38 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-08-29 18:38 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-08-29 18:38 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-08-29 18:38 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-29 18:38 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-29 18:38 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-08-29 18:38 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-08-29 18:38 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-08-29 18:38 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-08-29 18:38 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-08-29 18:38 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-08-29 18:38 - 2013-07-02 23:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-08-29 18:38 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-08-29 18:38 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-08-29 18:38 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-08-29 18:38 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-08-29 18:38 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-08-29 18:38 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-08-29 18:38 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-08-29 18:38 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-08-29 18:38 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-08-29 18:38 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-08-29 18:38 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-08-29 18:38 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-08-29 18:38 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-08-29 18:35 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-08-29 18:35 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-29 18:35 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-08-29 18:35 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-08-29 18:35 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-08-29 18:35 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-08-29 18:35 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-08-29 18:33 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-29 18:33 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-29 18:29 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-29 18:29 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-29 18:29 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-29 18:29 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-29 18:29 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-29 18:29 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-29 18:29 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-29 18:29 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-29 18:29 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-29 18:29 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-29 18:29 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-29 18:29 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-29 18:29 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-29 18:29 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-29 17:03 - 2014-09-10 22:55 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-29 17:03 - 2014-08-29 17:03 - 00000000 ____D () C:\Users\Main\AppData\Roaming\TuneUp Software
2014-08-29 16:59 - 2014-09-10 22:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-29 16:59 - 2014-08-29 16:59 - 00000000 ____D () C:\Users\Main\AppData\Local\MFAData
2014-08-28 17:23 - 2014-08-29 16:50 - 00000591 _____ () C:\ProgramData\@system2.att
2014-08-28 17:23 - 2014-08-29 16:50 - 00000591 _____ () C:\ProgramData\@system.att
2014-08-28 17:22 - 2014-08-28 17:22 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-08-28 17:07 - 2014-09-01 20:02 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-08-28 16:52 - 2014-09-09 22:22 - 00000000 ____D () C:\Users\Main\AppData\Local\Olngics
2014-08-28 16:52 - 2014-09-09 21:24 - 00000000 ____D () C:\Users\Main\AppData\Local\Ohwqics
2014-08-27 15:48 - 2014-09-11 02:42 - 00000000 ____D () C:\Users\Main\AppData\Local\Adobe
2014-08-27 15:44 - 2014-09-11 03:51 - 00000000 ____D () C:\Users\Main\AppData\Local\Google
2014-08-27 15:44 - 2014-09-11 03:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-27 01:56 - 2014-08-27 01:56 - 00000000 ____D () C:\Program Files (x86)\ConvertHelper
2014-08-26 11:43 - 2014-08-26 11:43 - 00000113 _____ () C:\Users\Main\Desktop\frc angela.txt
2014-08-20 22:37 - 2014-08-20 22:37 - 00156328 _____ (Razer Inc) C:\Windows\system32\Drivers\rzudd.sys
2014-08-15 00:49 - 2014-09-09 04:29 - 00000000 ____D () C:\Users\Main\Desktop\Counter-strike  Global Offensive
Link to post
Share on other sites

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-12 02:28 - 2014-09-12 02:27 - 00020421 _____ () C:\Users\Main\Desktop\FRST.txt

2014-09-12 02:27 - 2014-09-12 02:27 - 00000000 ____D () C:\FRST

2014-09-12 02:26 - 2014-09-12 02:26 - 04859480 _____ () C:\Users\Main\Desktop\RogueKiller.exe

2014-09-12 02:25 - 2014-09-12 02:25 - 02105856 _____ (Farbar) C:\Users\Main\Desktop\FRST64.exe

2014-09-12 02:08 - 2014-09-10 21:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-09-12 02:05 - 2014-06-24 20:44 - 00000000 ____D () C:\Users\Main\AppData\Roaming\uTorrent

2014-09-12 02:02 - 2014-09-10 20:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-12 02:01 - 2014-06-23 20:36 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-09-12 01:56 - 2014-09-11 03:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-11 22:02 - 2014-06-18 13:39 - 01634386 _____ () C:\Windows\WindowsUpdate.log

2014-09-11 19:58 - 2014-06-24 22:28 - 00000000 ____D () C:\Users\Main\Downloads\Utorrent

2014-09-11 16:05 - 2014-09-11 16:05 - 00000095 _____ () C:\Users\Main\Desktop\va info.txt

2014-09-11 11:18 - 2014-06-24 04:24 - 00000000 ____D () C:\Users\Main\AppData\Roaming\vlc

2014-09-11 04:47 - 2014-06-23 16:07 - 00115592 _____ () C:\Users\Main\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-11 03:56 - 2014-09-11 03:51 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-11 03:51 - 2014-09-11 03:51 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-09-11 03:51 - 2014-09-11 03:51 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-09-11 03:51 - 2014-09-11 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-09-11 03:51 - 2014-08-27 15:44 - 00000000 ____D () C:\Users\Main\AppData\Local\Google

2014-09-11 03:51 - 2014-08-27 15:44 - 00000000 ____D () C:\Program Files (x86)\Google

2014-09-11 02:42 - 2014-09-10 20:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-11 02:42 - 2014-09-10 20:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-11 02:42 - 2014-09-10 20:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-11 02:42 - 2014-08-27 15:48 - 00000000 ____D () C:\Users\Main\AppData\Local\Adobe

2014-09-11 02:32 - 2014-09-02 00:38 - 00003018 _____ () C:\Windows\setupact.log

2014-09-11 02:32 - 2014-06-23 17:32 - 00205690 _____ () C:\Windows\DPINST.LOG

2014-09-11 02:32 - 2014-06-23 17:30 - 00000000 ____D () C:\ProgramData\Razer

2014-09-11 02:32 - 2014-06-23 17:30 - 00000000 ____D () C:\Program Files (x86)\Razer

2014-09-11 02:31 - 2014-06-23 17:31 - 00000000 ____D () C:\Users\Main\AppData\Local\Razer

2014-09-11 02:31 - 2014-06-23 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer

2014-09-11 02:07 - 2014-06-23 19:06 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Xfire

2014-09-11 02:06 - 2014-06-23 22:22 - 00000000 ____D () C:\Users\Main\AppData\Roaming\TS3Client

2014-09-10 23:03 - 2009-07-13 23:45 - 00025632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-10 23:03 - 2009-07-13 23:45 - 00025632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-10 22:58 - 2014-06-18 13:50 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log

2014-09-10 22:56 - 2014-09-07 10:25 - 00000526 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814avt.job

2014-09-10 22:56 - 2014-09-07 10:25 - 00000392 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0814avt_DELETE.job

2014-09-10 22:56 - 2014-08-31 06:09 - 00000514 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0614t.job

2014-09-10 22:56 - 2014-08-31 06:09 - 00000384 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0614t_DELETE.job

2014-09-10 22:55 - 2014-08-29 17:03 - 00000000 ____D () C:\ProgramData\AVG2014

2014-09-10 22:55 - 2014-08-29 16:59 - 00000000 ____D () C:\ProgramData\MFAData

2014-09-10 22:55 - 2014-06-18 13:53 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-10 22:55 - 2010-11-20 22:47 - 00089028 _____ () C:\Windows\PFRO.log

2014-09-10 22:55 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-10 22:53 - 2014-06-24 20:27 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs

2014-09-10 21:08 - 2014-09-10 21:08 - 00000000 ____D () C:\Users\Main\AppData\Roaming\AVAST Software

2014-09-10 21:07 - 2014-09-10 21:07 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-09-10 21:07 - 2014-09-10 21:07 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-09-10 21:07 - 2014-09-10 21:07 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-09-10 21:07 - 2014-09-10 21:07 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-09-10 21:07 - 2014-09-10 21:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-09-10 21:07 - 2014-09-10 21:07 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-09-10 21:07 - 2014-09-10 21:07 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-09-10 21:07 - 2014-09-10 21:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-09-10 21:07 - 2014-09-10 21:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-09-10 21:07 - 2014-09-10 21:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-09-10 21:07 - 2014-09-10 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-09-10 21:06 - 2014-09-10 21:06 - 00000000 ____D () C:\Program Files\AVAST Software

2014-09-10 21:06 - 2014-09-10 21:05 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-09-10 20:58 - 2014-09-02 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-10 20:23 - 2014-08-02 19:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-10 20:22 - 2014-09-10 20:22 - 00000000 ____D () C:\Users\Main\Desktop\Old Firefox Data

2014-09-10 07:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-09-10 04:03 - 2014-09-10 03:50 - 00000000 ____D () C:\Program Files\Adblock Plus for IE

2014-09-10 03:50 - 2014-06-18 13:43 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-10 03:07 - 2014-09-10 03:07 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-09-10 03:07 - 2014-09-10 03:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-10 02:40 - 2014-09-10 02:40 - 00000000 ____D () C:\Windows\ERUNT

2014-09-10 02:21 - 2009-07-14 00:13 - 00783114 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-10 02:15 - 2014-06-30 07:44 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager

2014-09-10 02:13 - 2014-08-29 19:48 - 00000000 ____D () C:\AdwCleaner

2014-09-10 01:55 - 2014-08-29 18:51 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 01:55 - 2014-06-18 13:42 - 00775352 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 01:49 - 2013-06-17 13:10 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-10 00:25 - 2014-06-30 07:44 - 00000000 ____D () C:\Users\Main\AppData\Roaming\IDM

2014-09-10 00:23 - 2014-06-30 07:44 - 00000000 ____D () C:\Users\Main\AppData\Roaming\DMCache

2014-09-09 22:31 - 2014-09-09 22:31 - 00000000 ____D () C:\Users\Main\Documents\Razer

2014-09-09 22:31 - 2014-09-09 22:31 - 00000000 ____D () C:\Users\Main\AppData\Local\Razer_Inc

2014-09-09 22:22 - 2014-08-28 16:52 - 00000000 ____D () C:\Users\Main\AppData\Local\Olngics

2014-09-09 21:46 - 2014-06-28 07:01 - 00214520 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-09-09 21:46 - 2014-06-23 22:14 - 00214520 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-09-09 21:24 - 2014-08-28 16:52 - 00000000 ____D () C:\Users\Main\AppData\Local\Ohwqics

2014-09-09 07:58 - 2014-06-24 17:59 - 00000000 ____D () C:\Users\Main\AppData\Roaming\OBS

2014-09-09 06:21 - 2014-06-23 22:14 - 00214520 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-09-09 05:45 - 2014-08-09 02:37 - 00000000 ____D () C:\Users\Main\Desktop\Call of Duty 2

2014-09-09 04:35 - 2014-06-23 19:05 - 00000000 ____D () C:\ProgramData\Xfire

2014-09-09 04:29 - 2014-08-15 00:49 - 00000000 ____D () C:\Users\Main\Desktop\Counter-strike  Global Offensive

2014-09-09 00:15 - 2014-06-24 17:58 - 00000000 ____D () C:\Program Files\OBS

2014-09-08 15:52 - 2014-09-08 15:32 - 00000000 ____D () C:\Windows\pss

2014-09-08 15:08 - 2014-09-08 11:12 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Eceqyf

2014-09-07 10:25 - 2014-09-07 10:25 - 00002894 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814avt_DELETE

2014-09-07 10:25 - 2014-09-07 10:25 - 00002820 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0814avt

2014-09-07 10:25 - 2014-09-07 10:25 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Avg_Update_0814avt

2014-09-07 10:25 - 2014-09-06 23:24 - 00000000 ____D () C:\ProgramData\Avg_Update_0814avt

2014-09-06 16:13 - 2014-09-06 16:13 - 716290897 _____ () C:\Windows\MEMORY.DMP

2014-09-06 16:13 - 2014-09-06 16:13 - 00298640 _____ () C:\Windows\Minidump\090614-22432-01.dmp

2014-09-06 16:13 - 2014-09-06 16:13 - 00000000 ____D () C:\Windows\Minidump

2014-09-05 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SchCache

2014-09-05 03:42 - 2014-06-23 20:42 - 00000000 ____D () C:\ProgramData\Origin

2014-09-03 19:46 - 2014-06-23 20:42 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-09-02 21:17 - 2014-09-02 21:17 - 00000000 ____D () C:\_OTL

2014-09-02 20:46 - 2014-08-02 19:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-02 01:45 - 2014-08-01 15:15 - 00000000 ____D () C:\Users\Main\Desktop\oom

2014-09-02 00:38 - 2014-09-02 00:38 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-02 00:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web

2014-09-01 22:19 - 2014-06-23 20:41 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2014-09-01 21:17 - 2014-09-01 21:17 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Ynisehk

2014-09-01 21:01 - 2014-09-01 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics

2014-09-01 21:01 - 2014-09-01 21:01 - 00000000 ____D () C:\ProgramData\Auslogics

2014-09-01 21:01 - 2014-09-01 21:01 - 00000000 ____D () C:\Program Files (x86)\Auslogics

2014-09-01 20:39 - 2014-09-01 20:39 - 00000000 __SHD () C:\Users\Main\AppData\Local\EmieUserList

2014-09-01 20:39 - 2014-09-01 20:39 - 00000000 __SHD () C:\Users\Main\AppData\Local\EmieSiteList

2014-09-01 20:02 - 2014-08-28 17:07 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt

2014-09-01 10:27 - 2014-09-01 10:27 - 00000146 _____ () C:\Users\Main\Desktop\NVIDIA Control Panel - Shortcut.lnk

2014-08-31 23:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-08-31 20:31 - 2014-07-10 11:20 - 00000000 ____D () C:\ProgramData\Oracle

2014-08-31 20:29 - 2014-08-31 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-31 20:29 - 2014-08-31 20:28 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log

2014-08-31 20:29 - 2014-07-10 11:19 - 00000000 ____D () C:\Program Files (x86)\Java

2014-08-31 20:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-31 07:30 - 2014-08-31 02:47 - 732096230 _____ () C:\Users\Main\Desktop\narnar_wreckedanusdeepbarebacking-HD-001-by-am.mp4

2014-08-31 06:09 - 2014-08-31 06:09 - 00002886 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0614t_DELETE

2014-08-31 06:09 - 2014-08-31 06:09 - 00002808 _____ () C:\Windows\System32\Tasks\AVG_SYS_TASK_0614t

2014-08-31 06:09 - 2014-08-31 06:09 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Avg_Update_0614t

2014-08-31 06:09 - 2014-08-30 19:08 - 00000000 ____D () C:\ProgramData\Avg_Update_0614t

2014-08-29 19:54 - 2014-08-29 19:54 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView

2014-08-29 19:54 - 2014-08-29 19:54 - 00000000 ____D () C:\Program Files (x86)\NirSoft

2014-08-29 19:37 - 2014-08-29 18:54 - 00287794 _____ () C:\Windows\msxml4-KB973688-enu.LOG

2014-08-29 19:37 - 2014-08-29 18:50 - 00291890 _____ () C:\Windows\msxml4-KB954430-enu.LOG

2014-08-29 19:36 - 2014-08-29 19:36 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0

2014-08-29 19:32 - 2014-06-23 16:06 - 00001417 _____ () C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-08-29 19:30 - 2009-07-13 23:45 - 00430928 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-29 19:27 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender

2014-08-29 19:27 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-08-29 19:05 - 2014-08-29 19:01 - 00009020 _____ () C:\Windows\IE11_main.log

2014-08-29 19:03 - 2014-08-29 19:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2014-08-29 19:03 - 2014-08-29 19:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2014-08-29 19:03 - 2014-08-29 19:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-08-29 19:03 - 2014-08-29 19:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-08-29 19:03 - 2014-08-29 19:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-08-29 19:03 - 2014-08-29 19:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-08-29 19:03 - 2014-08-29 19:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-08-29 19:03 - 2014-08-29 19:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-08-29 19:03 - 2014-08-29 19:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2014-08-29 19:03 - 2014-08-29 19:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-08-29 19:03 - 2014-08-29 19:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-08-29 19:03 - 2014-08-29 19:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-08-29 19:03 - 2014-08-29 19:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-08-29 19:03 - 2014-08-29 19:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-08-29 19:03 - 2014-08-29 19:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-08-29 19:03 - 2014-08-29 19:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-29 19:03 - 2014-08-29 19:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-08-29 19:03 - 2014-08-29 19:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-29 19:03 - 2014-08-29 19:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-08-29 19:02 - 2014-08-29 19:02 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2014-08-29 19:02 - 2014-08-29 19:02 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2014-08-29 19:02 - 2014-08-29 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2014-08-29 19:02 - 2014-08-29 19:02 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2014-08-29 19:02 - 2014-08-29 19:02 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2014-08-29 19:02 - 2014-08-29 19:02 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2014-08-29 19:01 - 2014-08-29 19:01 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2014-08-29 19:01 - 2014-08-29 19:01 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2014-08-29 17:14 - 2014-07-07 15:01 - 00007602 _____ () C:\Users\Main\AppData\Local\Resmon.ResmonCfg

2014-08-29 17:03 - 2014-08-29 17:03 - 00000000 ____D () C:\Users\Main\AppData\Roaming\TuneUp Software

2014-08-29 16:59 - 2014-08-29 16:59 - 00000000 ____D () C:\Users\Main\AppData\Local\MFAData

2014-08-29 16:50 - 2014-08-28 17:23 - 00000591 _____ () C:\ProgramData\@system2.att

2014-08-29 16:50 - 2014-08-28 17:23 - 00000591 _____ () C:\ProgramData\@system.att

2014-08-28 20:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI

2014-08-28 17:22 - 2014-08-28 17:22 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp

2014-08-27 19:26 - 2014-06-18 13:51 - 00150901 _____ () C:\Windows\DirectX.log

2014-08-27 01:56 - 2014-08-27 01:56 - 00000000 ____D () C:\Program Files (x86)\ConvertHelper

2014-08-27 01:15 - 2014-07-05 20:25 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Skype

2014-08-26 11:43 - 2014-08-26 11:43 - 00000113 _____ () C:\Users\Main\Desktop\frc angela.txt

2014-08-26 01:38 - 2014-07-18 15:07 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Screaming Bee

2014-08-26 01:38 - 2014-07-18 15:04 - 00000000 ____D () C:\ProgramData\Screaming Bee

2014-08-26 01:38 - 2014-07-18 15:04 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee

2014-08-22 21:07 - 2014-08-29 18:38 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 20:45 - 2014-08-29 18:38 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 19:59 - 2014-08-29 18:38 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-20 22:37 - 2014-08-20 22:37 - 00156328 _____ (Razer Inc) C:\Windows\system32\Drivers\rzudd.sys

2014-08-19 13:05 - 2014-09-10 01:56 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-19 12:39 - 2014-09-10 01:56 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-18 18:01 - 2014-09-10 01:56 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-18 17:29 - 2014-09-10 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-18 17:29 - 2014-09-10 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-18 17:26 - 2014-09-10 01:56 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-18 17:20 - 2014-09-10 01:56 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-18 17:19 - 2014-09-10 01:56 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-18 17:15 - 2014-09-10 01:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-18 17:15 - 2014-09-10 01:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-18 17:14 - 2014-09-10 01:56 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-18 17:14 - 2014-09-10 01:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-18 17:08 - 2014-09-10 01:56 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-18 17:08 - 2014-09-10 01:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-18 17:08 - 2014-09-10 01:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-18 17:05 - 2014-09-10 01:56 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-18 17:03 - 2014-09-10 01:56 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-18 17:03 - 2014-09-10 01:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-18 17:03 - 2014-09-10 01:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-18 16:57 - 2014-09-10 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-18 16:56 - 2014-09-10 01:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-18 16:51 - 2014-09-10 01:56 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-18 16:46 - 2014-09-10 01:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-18 16:45 - 2014-09-10 01:56 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-18 16:45 - 2014-09-10 01:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-18 16:44 - 2014-09-10 01:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-18 16:44 - 2014-09-10 01:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-18 16:42 - 2014-09-10 01:56 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-18 16:40 - 2014-09-10 01:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-18 16:39 - 2014-09-10 01:56 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-18 16:39 - 2014-09-10 01:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-18 16:39 - 2014-09-10 01:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-18 16:38 - 2014-09-10 01:56 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-18 16:37 - 2014-09-10 01:56 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-18 16:36 - 2014-09-10 01:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-18 16:35 - 2014-09-10 01:56 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-18 16:27 - 2014-09-10 01:56 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-18 16:25 - 2014-09-10 01:56 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-18 16:25 - 2014-09-10 01:56 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-18 16:23 - 2014-09-10 01:56 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-18 16:23 - 2014-09-10 01:56 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-18 16:22 - 2014-09-10 01:56 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-18 16:19 - 2014-09-10 01:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-18 16:17 - 2014-09-10 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-18 16:17 - 2014-09-10 01:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-18 16:16 - 2014-09-10 01:56 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-18 16:15 - 2014-09-10 01:56 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-18 16:15 - 2014-09-10 01:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-18 16:09 - 2014-09-10 01:56 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-18 16:08 - 2014-09-10 01:56 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-18 16:07 - 2014-09-10 01:56 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-18 15:55 - 2014-09-10 01:56 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-18 15:46 - 2014-09-10 01:56 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-18 15:38 - 2014-09-10 01:56 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-18 15:38 - 2014-09-10 01:56 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-18 15:36 - 2014-09-10 01:56 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-13 11:47 - 2014-06-24 16:18 - 00000000 ____D () C:\Users\Main\AppData\Local\PunkBuster

 

Some content of TEMP:

====================

C:\Users\Main\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Main\AppData\Local\Temp\Quarantine.exe

C:\Users\Main\AppData\Local\Temp\tmp1b9ed42e.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-06 09:55

 

==================== End Of Log ============================

 


RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Main [Admin rights]

Mode : Scan -- Date : 09/12/2014  02:35:16

 

¤¤¤ Bad processes : 2 ¤¤¤

[suspicious.Path] rubyw.exe -- C:\Users\Main\AppData\Local\Temp\ocr5105.tmp\bin\rubyw.exe[-] -> KILLED [TermProc]

[suspicious.Path] rubyw.exe -- C:\Users\Main\AppData\Local\Temp\ocr5568.tmp\bin\rubyw.exe[-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 36 ¤¤¤

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0814avt : C:\Users\Main\AppData\Roaming\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe /PROMPT /mid=14c40f7e61da47d2a0f6a59d735378e2-fe46cae6a6cdbb31590cfce24f630f978c5ebb53 /CMPID=0814avt  -> FOUND

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0614t : C:\Users\Main\AppData\Roaming\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe /PROMPT /mid=14c40f7e61da47d2a0f6a59d735378e2-fe46cae6a6cdbb31590cfce24f630f978c5ebb53 /CMPID=0614t  -> FOUND

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Run | Ohwqics : regsvr32.exe C:\Users\Main\AppData\Local\Ohwqics\siftDLL.dll  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0814avt : C:\Users\Main\AppData\Roaming\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe /PROMPT /mid=14c40f7e61da47d2a0f6a59d735378e2-fe46cae6a6cdbb31590cfce24f630f978c5ebb53 /CMPID=0814avt  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Run | AVG-Secure-Search-Update_0614t : C:\Users\Main\AppData\Roaming\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe /PROMPT /mid=14c40f7e61da47d2a0f6a59d735378e2-fe46cae6a6cdbb31590cfce24f630f978c5ebb53 /CMPID=0614t  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Run | Ohwqics : regsvr32.exe C:\Users\Main\AppData\Local\Ohwqics\siftDLL.dll  -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv (\??\C:\Windows\gdrv.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv (\??\C:\Windows\gdrv.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv (\??\C:\Windows\gdrv.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RzMaelstromVADStreamingService () -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49943;https=127.0.0.1:49943  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49943;https=127.0.0.1:49943  -> FOUND

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49943;https=127.0.0.1:49943  -> FOUND

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49943;https=127.0.0.1:49943  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{92DA20C8-012D-48EE-8F8A-A9D8A1E728FF} | DhcpNameServer : 209.222.18.222 209.222.18.218  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{92DA20C8-012D-48EE-8F8A-A9D8A1E728FF} | DhcpNameServer : 209.222.18.222 209.222.18.218  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{92DA20C8-012D-48EE-8F8A-A9D8A1E728FF} | DhcpNameServer : 209.222.18.222 209.222.18.218  -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> FOUND

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> FOUND

 

¤¤¤ Scheduled tasks : 8 ¤¤¤

[suspicious.Path] AVG_SYS_TASK_0614t.job -- C:\ProgramData\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe ( --TASK_START_SYS --CMPID=0614t --mid=14c40f7e61da47d2a0f6a59d735378e2-fe46cae6a6cdbb31590cfce24f630f978c5ebb53) -> FOUND

[suspicious.Path] AVG_SYS_TASK_0614t_DELETE.job -- C:\ProgramData\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe ( /DELETE_FROM_SYSTEM=1) -> FOUND

[suspicious.Path] AVG_SYS_TASK_0814avt.job -- C:\ProgramData\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe ( --TASK_START_SYS --CMPID=0814avt --mid=14c40f7e61da47d2a0f6a59d735378e2-fe46cae6a6cdbb31590cfce24f630f978c5ebb53) -> FOUND

[suspicious.Path] AVG_SYS_TASK_0814avt_DELETE.job -- C:\ProgramData\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe ( /DELETE_FROM_SYSTEM=1) -> FOUND

[suspicious.Path] \\AVG_SYS_TASK_0614t -- C:\ProgramData\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe (--TASK_START_SYS --CMPID=0614t --mid=14c40f7e61da47d2a0f6a59d735378e2-fe46cae6a6cdbb31590cfce24f630f978c5ebb53) -> FOUND

[suspicious.Path] \\AVG_SYS_TASK_0614t_DELETE -- C:\ProgramData\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe (/DELETE_FROM_SYSTEM=1) -> FOUND

[suspicious.Path] \\AVG_SYS_TASK_0814avt -- C:\ProgramData\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe (--TASK_START_SYS --CMPID=0814avt --mid=14c40f7e61da47d2a0f6a59d735378e2-fe46cae6a6cdbb31590cfce24f630f978c5ebb53) -> FOUND

[suspicious.Path] \\AVG_SYS_TASK_0814avt_DELETE -- C:\ProgramData\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe (/DELETE_FROM_SYSTEM=1) -> FOUND

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 2 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

[C:\Windows\System32\drivers\etc\hosts] ::1       localhost

 

¤¤¤ Antirootkit : 5 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

[EAT:Addr] (iexplore.exe) nvSCPAPI.dll - DllCanUnloadNow : C:\Windows\SysWOW64\Dxtrans.dll @ 0x6cd521ee

[EAT:Addr] (iexplore.exe) nvSCPAPI.dll - DllEnumClassObjects : C:\Windows\SysWOW64\Dxtrans.dll @ 0x6cd61e66

[EAT:Addr] (iexplore.exe) nvSCPAPI.dll - DllGetClassObject : C:\Windows\SysWOW64\Dxtrans.dll @ 0x6cd53e77

[EAT:Addr] (iexplore.exe) nvSCPAPI.dll - DllRegisterServer : C:\Windows\SysWOW64\Dxtrans.dll @ 0x6cd5cfd4

[EAT:Addr] (iexplore.exe) nvSCPAPI.dll - DllUnregisterServer : C:\Windows\SysWOW64\Dxtrans.dll @ 0x6cd5cfd4

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD1003FZEX-00MK2 SCSI Disk Device +++++

--- User ---

[MBR] 0086f36f0b7bc8b257f89fc226376c3d

[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB

User = LL1 ... OK

User = LL2 ... OK

 

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.(re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your reply, also give an update on any remaining issues or concerns....

 

Kevin..

 

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014

Ran by Main at 2014-09-12 03:40:14 Run:1

Running from C:\Users\Main\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

HKU\S-1-5-21-1572626095-2694189744-3355439159-1000\...\Run: [Ohwqics] => regsvr32.exe C:\Users\Main\AppData\Local\Ohwqics\siftDLL.dll <===== ATTENTION

C:\Users\Main\AppData\Local\Ohwqics

HKU\S-1-5-21-1572626095-2694189744-3355439159-1000\...\MountPoints2: {45cc0743-fb19-11e3-a198-74d435b79111} - E:\autorun.exe

S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]

C:\Users\Main\AppData\Roaming\Eceqyf

C:\Users\Main\AppData\Roaming\Ynisehk

C:\Users\Main\AppData\Local\Olngics

 C:\Users\Main\AppData\Local\Ohwqics

C:\Users\Main\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Main\AppData\Local\Temp\Quarantine.exe

C:\Users\Main\AppData\Local\Temp\tmp1b9ed42e.exe

Task: {18EDFE87-CD7A-4717-9C9F-03F5B57C4D44} - System32\Tasks\AVG_SYS_TASK_0814avt => C:\ProgramData\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe [2014-08-19] ()

C:\ProgramData\Avg_Update_0814avt

Task: {8A2B109C-1C0E-4CFC-B919-8823B8FEEAEB} - System32\Tasks\AVG_SYS_TASK_0614t => C:\ProgramData\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe [2014-07-03] ()

C:\ProgramData\Avg_Update_0614t

Task: {DBC12322-B66C-41E1-8ADB-7443CCBE1999} - System32\Tasks\AVG_SYS_TASK_0614t_DELETE => C:\ProgramData\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe [2014-07-03] ()

Task: {F72CC6DB-74CE-4DE2-A53C-5B29BD1ABCDC} - System32\Tasks\AVG_SYS_TASK_0814avt_DELETE => C:\ProgramData\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe [2014-08-19] ()

Task: C:\Windows\Tasks\AVG_SYS_TASK_0614t.job => C:\ProgramData\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe

Task: C:\Windows\Tasks\AVG_SYS_TASK_0614t_DELETE.job => C:\ProgramData\Avg_Update_0614t\AVG-Secure-Search-Update_0614t.exe

Task: C:\Windows\Tasks\AVG_SYS_TASK_0814avt.job => C:\ProgramData\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe

Task: C:\Windows\Tasks\AVG_SYS_TASK_0814avt_DELETE.job => C:\ProgramData\Avg_Update_0814avt\AVG-Secure-Search-Update_0814avt.exe

Emptytemp:

End

 

*****************

 

HKU\S-1-5-21-1572626095-2694189744-3355439159-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ohwqics => value deleted successfully.

C:\Users\Main\AppData\Local\Ohwqics => Moved successfully.

"HKU\S-1-5-21-1572626095-2694189744-3355439159-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45cc0743-fb19-11e3-a198-74d435b79111}" => Key deleted successfully.

"HKCR\CLSID\{45cc0743-fb19-11e3-a198-74d435b79111}" => Key not found.

cpuz137 => Service deleted successfully.

gdrv => Service deleted successfully.

GPUZ => Service deleted successfully.

XFDriver64 => Service deleted successfully.

C:\Users\Main\AppData\Roaming\Eceqyf => Moved successfully.

C:\Users\Main\AppData\Roaming\Ynisehk => Moved successfully.

C:\Users\Main\AppData\Local\Olngics => Moved successfully.

"C:\Users\Main\AppData\Local\Ohwqics" => File/Directory not found.

C:\Users\Main\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.

C:\Users\Main\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\Main\AppData\Local\Temp\tmp1b9ed42e.exe => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18EDFE87-CD7A-4717-9C9F-03F5B57C4D44}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18EDFE87-CD7A-4717-9C9F-03F5B57C4D44}" => Key deleted successfully.

C:\Windows\System32\Tasks\AVG_SYS_TASK_0814avt => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_0814avt" => Key deleted successfully.

C:\ProgramData\Avg_Update_0814avt => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A2B109C-1C0E-4CFC-B919-8823B8FEEAEB}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A2B109C-1C0E-4CFC-B919-8823B8FEEAEB}" => Key deleted successfully.

C:\Windows\System32\Tasks\AVG_SYS_TASK_0614t => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_0614t" => Key deleted successfully.

C:\ProgramData\Avg_Update_0614t => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBC12322-B66C-41E1-8ADB-7443CCBE1999}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBC12322-B66C-41E1-8ADB-7443CCBE1999}" => Key deleted successfully.

C:\Windows\System32\Tasks\AVG_SYS_TASK_0614t_DELETE => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_0614t_DELETE" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F72CC6DB-74CE-4DE2-A53C-5B29BD1ABCDC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F72CC6DB-74CE-4DE2-A53C-5B29BD1ABCDC}" => Key deleted successfully.

C:\Windows\System32\Tasks\AVG_SYS_TASK_0814avt_DELETE => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_0814avt_DELETE" => Key deleted successfully.

C:\Windows\Tasks\AVG_SYS_TASK_0614t.job => Moved successfully.

C:\Windows\Tasks\AVG_SYS_TASK_0614t_DELETE.job => Moved successfully.

C:\Windows\Tasks\AVG_SYS_TASK_0814avt.job => Moved successfully.

C:\Windows\Tasks\AVG_SYS_TASK_0814avt_DELETE.job => Moved successfully.

EmptyTemp: => Removed 1.3 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/12/2014

Scan Time: 3:51:45 AM

Logfile: mwb log.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.12.02

Rootkit Database: v2014.09.10.02

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Main

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 317350

Time Elapsed: 10 min, 10 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 


# AdwCleaner v3.309 - Report created 12/09/2014 at 04:24:52

# Updated 02/09/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Main - MAIN-CYBER

# Running from : C:\Users\Main\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17280

 

 

-\\ Mozilla Firefox v32.0 (x86 en-US)

 

[ File : C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\x9jmgwv9.default-1410398568131\prefs.js ]

 

 

-\\ Google Chrome v37.0.2062.120

 

[ File : C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [6165 octets] - [29/08/2014 19:48:51]

AdwCleaner[R1].txt - [1057 octets] - [29/08/2014 20:26:31]

AdwCleaner[R2].txt - [1126 octets] - [02/09/2014 12:35:34]

AdwCleaner[R3].txt - [1132 octets] - [10/09/2014 02:02:16]

AdwCleaner[R4].txt - [1371 octets] - [12/09/2014 04:12:24]

AdwCleaner[s0].txt - [6259 octets] - [29/08/2014 19:50:08]

AdwCleaner[s1].txt - [1190 octets] - [02/09/2014 12:36:40]

AdwCleaner[s2].txt - [1194 octets] - [10/09/2014 02:13:14]

AdwCleaner[s3].txt - [1438 octets] - [12/09/2014 04:24:52]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1498 octets] ##########

 

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Professional x64

Ran by Main on Fri 09/12/2014 at  4:35:31.90

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 09/12/2014 at  4:39:31.77

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 


 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.21, June 2013

Started On Mon Jun 17 11:10:55 2013

->Scan ERROR: resource process://pid:164 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Jun 17 11:11:08 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)

Started On Fri Aug 29 18:51:15 2014

 

Engine: 1.1.10802.0

Signatures: 1.179.1796.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 29 18:52:34 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)

Started On Wed Sep 10 01:50:00 2014

 

Engine: 1.1.10904.0

Signatures: 1.183.882.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 10 01:55:17 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)

Started On Fri Sep 12 04:41:24 2014

 

Engine: 1.1.10904.0

Signatures: 1.183.882.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 12 04:44:55 2014

 

 

Return code: 0 (0x0)

 

 

As of now there aren't any instances of iexplorer.exe while I have chrome and firefox open. Also, firefox now runs pages w/flash just fine.




Link to post
Share on other sites

Thanks for the log and update, to complete we need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Thank you,

 

Kevin....

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dllC:\Users\All Users\Microsoft\Crypto\RSA64\rsa64.dllC:\ProgramData\Microsoft\Crypto\RSA64C:\Users\All Users\Microsoft\Crypto\RSA64:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post that log, also let me know if there are any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

Wasn't able to copy anything in the results window because of the reboot prompt. Even just closed it instead of hitting ok and it still rebooted. Below is the log though.

 

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Main\Desktop\cmd.bat deleted successfully.
C:\Users\Main\Desktop\cmd.txt deleted successfully.
LoadLibrary failed for C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll moved successfully.
File/Folder C:\Users\All Users\Microsoft\Crypto\RSA64\rsa64.dll not found.
C:\ProgramData\Microsoft\Crypto\RSA64\temp folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\fe5f0606391e1b3a67fcf91ded957196 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\fd1d770eae128471eaf90474121fb853 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\fd0906d1b9a29f743942a8f2ba1cf356 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\fb82943a65bdf6f17c2edd45ef085436 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\fa0312874982058f2a37031f943de8af folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f9740fb8e5d9bd67090e6a4a79b9b594 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f95984828746c96ec6d7bd2660eaa37a folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f79950bfc116defcf813826c3faa1da5 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f707a21bc61e1dfc86f9a25ee89d3f77 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f67053f260071632df0c442f28dc3436 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f61f8952ae17e58eef25f6c55042092b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f5869b5fba46e0f303f93514700d6fee folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f4801e9eb1c828f1b54015688f356fc7 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f44590a9b1d5a5fd2726a3317ed94f51 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f43ae4106b93cbde73df9afbb713fecf folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f40e69b1040d029b2cabee7e9788cd64 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f319ffd612c98e9ea096ed656ea29486 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f2a1cbf2a2362efa2ef657332b901ab0 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f255ebd2004e0d2bcc0220f534426a42 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f1b9453b4d24b5500f794baf34940d5a folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f0d8839b83a91ab0d5510d2347713e63 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\eed74297d2e15ec8c03031db7b0c4460 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ed3e72e92efa5da72552ca3a92c2174a folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ed378d7d8dab0c80450743b4f3dcbc07 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\eceafb13b9f8104d80fa0c3ee5edfffa folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ec9aa7b80f1442d543374ecfc8565649 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e994fd39697acf0fae065238a1e92274 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e964793654202d601f434e41e2733aa4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e959c0f7a27fe041ef6dfe10784751c6 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e8c28050e65e6ed958737d5f0e560d6e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e87232558e406b3f4fa55d303760b4e4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e7cab7129510b045fa319443d079a1d1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e78c2b198890d32f8b5c8b77e2835fb6 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e743528acf4010f84595a60e4968243c folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e6cc1ed5849dc432d00beca28f4169ab folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e4bffcea5bd4cd32701b28403cfd5b93 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e4378f57dd20df41cf543f1684702c8b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e3cacc3180a10c4979af4cdc9d8a669a folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e3410070fcfeab010674e69ba4e3b282 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e22e02e62bc20cd2f9d2fa7938f26891 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\e02c1cfd596c439a6d6c826bc1ff88df folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\dfc42d24f0238936783ac57936911a0c folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\df7adb7a3ba423912d80c4a8c50002a4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\df461ea041daab70ac41947fbf3ed152 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\dee6de940620e2876ccacdaa80784e7e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\dee312c62457fe61887e9c02ae26a02f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\deb7a3f5242dc7a28fcedca914323cd1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\de50ad986429018cc4c02754ecdb3ad1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\de3b762cae0a173b9b5879dd467e87ad folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\dd82a46061b577d82e3bf3f33424e5c2 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\dc0159ca1496213532fe2e1a4d280335 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\dbf05b813355fcace4041017fec984d5 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\dba1f9d7ce7ba029c4d0b7bad00d911b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\db26b9cbd377e7c50235de5222ce51a5 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\da32ca0f17f969464b61d2675ba51259 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d98630f02676adea5dd7ede9be7d48c1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d76db9ab9d0522e88a94641d5c2e4fe2 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d72dd576e8b279d9026c5155b5bc849a folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d6f2b3b2ec680fa24764fa02972402d7 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d672c7bfd78fbb179d86cafe49836650 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d6560c95aa468f99f7b74f160abda2c4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d454574aea1d65078eb22b4bd3087aec folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d447908840bf527518af74efb430f333 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d4076b565339ab61071f01f234ed8ae0 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d065f9397bb0b12dceeba5d7d1c1b59b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d03be3ec15fdc00a4428e23253d3d1fb folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\cec6c85a7bf9770323e16af12d5f97c7 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ceaf270b6af67d74dc7992781b573918 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\cd1efc332a1f98da5d411b4f043b9d0b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\cceb2090a7bd581a06ed739b81c598cc folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\cce38618c1046a7d580aee2c23a34c50 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\cc3345146a227449591c880e60fb3290 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\caabf3f09b18153817f68f8e3bd4c260 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c8030376d5b0fdf19cd205f5463c07fe folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c7fb1bb88003bb1f8de3601547ec5b06 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c74158bb15b5a06bb9710b5f85d4d577 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c67bd5654b98689a487edf8c33846de9 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c534aa57bb447a7f804d89af667232ef folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c41c0464eea4fcccaa9cb8da5832c5c0 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c2e8f08dbe9015ea90464136d40c11b6 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c19e281100ca372267bb973205017756 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c184c99b5815e68f6d7a353dabc6d2dd folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c11a2b0e4f10f7241a17fdc51b50dbf4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c0eb03e877c667e5307341db99f8a744 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\c0c3b69047687e69763355ca60a6c5f0 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\be2aa5f38d71d71a85ce93bdbd2d9fa4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\bce3d69939a8d5097af785085bb94942 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\bc41279a2faca9234014f4e9a619c194 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\bba637deb5abc56a942e1c137d078c9f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\bb5bce5f0d51b20bb7acd9298b6af16e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ba17f94b38150b4886c4238b5d33df2b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b9c8c4e9817af2c90fb1d545732d0666 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b9ae21de1beae7ae12ee1dc61a1015bb folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b91f4809d27fe3ac219491fa84474eef folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b86e68ec40ee8d8d9672145633cee8c1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b710c16489d1540436189d57f7facbc3 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b4dba0128b260c700dc85036060473c4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b4c197c913f9f3645d35f5561cc7fba0 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b3f79b1db13455a3c13aa2235b0217ed folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b3bbe7257f863234e31b3bc5d9c51f71 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b3b30bd50c0bacc5d164db0d57c03cb6 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b355ca9f7a6c41db2090a747d2077f8e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b21c8ce66cfa317f5d14af2bf3327e62 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b1de5b70b0f2b15c3f5fae446e18badd folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b1a815ccab345cdfcb717d7397fd394b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b1a0ac53a40868da95442673c0e7d028 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b179340e21d751efb028acdc822417d3 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b12207fd6872b808d143359a21809646 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b1112dbc4ab06cd706ff51a55ba5ddc1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b07006a1eeadc2069604372e36047a9b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b06977b2f701946de2bbd8802be74396 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\b0120e70e7f0e56a1f59ed0933fa87d1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\af9dcf7836c58d150219bba95f7334df folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ae2d8e3b5ad90b9f8f7367ccd0eab0f3 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ae02e0cbaeec36cc5a2a74f28cd71da4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\add027359594bf6ab5a50d375fd1b64f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ada7bb80586738961bfe873977b8ecbd folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ad2859b1f4d469c4273ad12d5f105ba5 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ace375c1bbf19a2fd62d74bb1bcea950 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ac352afcc608b2eb13cde40fc0f17812 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\aa7b9f22674dfbbf4b4eb7fc24332b5b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\aa71a2bf08d86d3b493036261047c541 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\aa43b7a01c62fe7c2273662e5c241c83 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\a9d7635ca9fe76ccfec5ab7eb111d2eb folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\a8e82aafdc983fa245702aef4a75240e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\a64fd52f8e7e5bbdebe6d2e773f25641 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\a503069404df729d43d205f39e7492e7 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\a4eeebd9ad07f67f634a63fbaf5566d2 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\a4ca0d353881fb39a348f274c5c55f6e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\a483f36d94c305b7ff3c766ed3be898b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\a3ad54614abffcf892aa2b6579191f21 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\a36e5142517ef6c7705e0251e1a8fdba folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\a0b00f35ee0eed30a5dd57e8de5b8767 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\a08ce3868f2c8b40a69cd4b7ba1f187e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9f6571813f53b541d50d4e6c21b53fe2 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9f5ffc3dcba175b976034c2d292f3d68 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9f2bfef64b3567f178fa16fd6c947d1b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9cefdd16f5c6482bda72607076944634 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9cad99d73ede1920a7c0dfd11f85f2fe folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9b7d36486ccdfe80ca3a9cfc352bcde6 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9ab788ef8433514428c59026579ea33b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9989dbf2440eddfbb8954ae1f628441c folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\996ec65f62eabfa0fcb8e3555f6aa601 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\996a895f45e62a09eb18e03828d6db17 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\98feee54fa52f22d75b7f5ea81560876 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\98e98582ed0d51f4158f23b4725131b5 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\97bfe895577cc42ad238462ac3d9540f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\97a1d0f7aa07698301b1300c54aac9d1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9625e26f4dd058c348d493c6bf730e50 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9530428d457a6fc523d21310b2f674d8 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\93aecf5cdfb9898e77bd7b4e55ac1c35 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9370fdc925387d4bbadc54ac75ffc615 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\930633faecc09efa2f1834a179a38223 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9198c6d4454e20bd72c7ffda1a399bfe folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\91702eef676ec0b8709383f8a96e5e3d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\907adc51dfb9434bf646d8cbb4999b20 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8f660a9dc3d2a1365c96dd0d1a9a664e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8f458b827517d2a601287e8c19b967f2 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8ebaeb5d13c1e69a301aa978b2bf002d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8e8b06023caa27ef926fd02404d76a58 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8e2f00fbd62e6f9068a1a408ca7934db folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8db3f439d76ddce19b4d676a105e7a63 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8da94383f076993256eb13a31a14cef1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8d824a8372fa3f8458ae407ea0dde39d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8d56e18738caf5c8a653da174290b38c folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8c568d51349c8ee90bf592e226d78009 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8b08b396ecd9cdc4b9ef51640b77729d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8a80bfe2e3ec9a999cf99534d79274b4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\89d93d51f278176e767ef548cb4c990a folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\89d167f01250e5503e25d3e10c41f36a folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\89b07c478a5e735ae462989844de59c5 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\88e795d1f1cfaa529dcf50c321065dba folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\87f82ed763d43975d2601e0508a43513 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\878774870a7cedf81c305b65881dee64 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8721067c3a7a0bd7501f384536dc9a36 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\86fc620ab7678418be3864b5cec2b098 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\86428a7f666022d95016bdbf346fcb5d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\85f00a46f8cdc529d4a9ebdbeb839b95 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8502c6421a39e9c1c104383866c3f760 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\848c15df23a0731daf3f41f83e3385f3 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\842bd8f52f082f1bb008cea1ac4c8199 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\83fc227026d3952465bd858339a3dc09 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\83fad88a74f38785f9fc511594e283a6 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\83e519510458b5aeba0e64b40aaa8932 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\837bd00d581369b9bcf0a6e859dd4aad folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8353e69297f225b0f14332b5575d4288 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\82d30a88c2a1dbf5c0c01f9caa950613 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\82be74803be319097bd1cac7a66b26b8 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8287e7bcfbc6ebc9dedaa57d9f5bc4c3 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\816fdb189028bbe405b02dbe584eef08 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8158791db1bc2eb8d93e1cf8a1155406 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8153097807ffdbe7999641e5257b0c28 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7fc0a56c5099687fe82f9af051181db1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7ebc00e8ff94d2798a39fa350c0f9617 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7c7e6242cd912bf04c343636867044f1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7b5470d8c9ffcf484ff3fbf33b537da9 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7b539e7b398f0dc6474639bcfd836190 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7aeaf46c38b871dbaf6fd53de148f4bf folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7a4a1ae3288d11cadb6c5cc8b0396584 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\79ab69945dd2243bba4d88cb4016992f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\78ddf642a7ea3efe1d1ef03af2490824 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\78b7a3ece8696566b42d349a550b667d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\785393fb8ec786c273642b1c8659d032 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\76b651a714f1064ead6f18de27e2f827 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\74ebd74f010e2305741959fe756f32cc folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\744dfbe1776feb42ca314134a5613df1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7407affc6e899a98d1db68d1d0b8dff3 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\72d328ce205f8949cc769727df068d49 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7267eb3164f795b3c75212f60ef95150 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7173526887edc729885f3dfd6129e543 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\700ea9421ba2c17402970d5c68e7dc3c folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\6fe22895684ed858613883840c60f334 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\6f7355b5c294a07ae22a5a0391490156 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\6f1f92f14188de6ed411e21d93f9397d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\6dd1d6d8766fc1c1c7c4a279031724a3 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\6cb650747bb61894e776f9b56a2586fd folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\6c2ab975ff18dd66bb804f10fda0efdd folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\6ad3c3ca877874d808b8eaab921b8601 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\6a8d42c72e9141bcb5ba64a6909e3543 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\6a09fcc16192ccae0b5ff337580f1422 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\69bc54704cd94ba918f21a9f48180c0f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\694eeebb9bf004b7f1007ddf5c16c48f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\68cf7f689e765c9066446b39f3ca24ab folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\684bfe31506604f0df03acb0cfb7aadf folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\6828fdffc6eb6ec6d4c4a8f0167efaed folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\66a9f9bd1abff331a0fb694c57116109 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\65e2b9235f761936c6701ccd990fc55f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\658d83d196ed6732eb37cb3968a287b1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\657118206258cfb842020a9fde2c3a17 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\653adebd49bb6a1f2457e81a1297390d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\619e4bf60f581f01cd4c74e58920778c folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\612eb35e698542c1429e27b745b20b4f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\611c352d1031c8744b2a846b571d5985 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\610d1ef152f1f7313bbad22dbd8d1908 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\60df4e65ed6db4f52453b8e812e2170f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\6028d4ed815e46ba664b8b3970e3a72e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5ceda7e952bbd9bc156d1f65f9129304 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5cbf219da48fdce4155e3ad30d2564e6 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5c1f2d6512cf0687b42ce83c886f478b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5bdfeacb3d0962584bbdfde4b411af37 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5b19a468f77bdb5c7b803f1940cc16fd folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5adf26c6eb16be26fca2a2b029ad5df9 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5ab09c048040c67ea23f3313e75729b6 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5a77e7f33e9c76ef36317dd5e1d60462 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\599a33291d9cf3c859e4e84934a42380 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\598608089d66022185cb487235fbb37a folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\58f3537daa74b712d59ead842b875bad folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\58ecec502ab6baba40af8e088e2eff19 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5877ede32e682f4b38a2f2dc90eed73f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\57c803cedf60616be45a3db2dddfb4e9 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\57c6dca212b6dad82a09ca25c2cf8aee folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\55c184af5de15dfed450541ecd35d292 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5589626a22860b34c982d42a6e2a9190 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\556c6f609258e264dfa7ba49dfa9ccda folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\54b9141e6ec500c7570c6bc92c13d584 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\547c84c255de461241b9f50c4842426f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\54106aa0a6cac65acc646ff2ac3890d3 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5316d433b648c9f6934fa426d488f6e4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\52beabc99ecaeec3291e8a04bbdc4883 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\52a848bbc6eee02b9bfb8391744babf4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\520175f9d578a04e1eb598c530e58736 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\51dc847fb407a8611b4d50c7e2d41fe8 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\51c151ec56ac73bf84cb90fbba296647 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\519797005954c292aee82600e66a7676 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5160e94b5bd09f9767497b792f661234 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\5151ba30864070c052b3186f51d82708 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\50b5e6bc2b174751ec382fd5cc1bd619 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\4ff2fcfc0e31017d673ba28979f796cd folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\4fa70469231c1367e7921e671ad692a3 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\4f3d8e2eaf74903ee18b071e0877611e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\4ddf6745c7b7bd6014719bdd88a8045d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\4d645d550e85eccc56c0fbdd7c3cccb1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\4b6c6fe03d3728d337679bd5fe2e3b42 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\4b57201ee16d88bd488843d6e553af8e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\4ae37f5640e236c1534a88ac2f590e1b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\4a0b0e9b440c6cf91dfef28def7206ba folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\49321fa5c3ff4cb269b06c029b07b90e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\46ebf580fb360766fa2c23c335df22b9 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\45c3a6f6bdb0531de792538fe38ee79b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\453fcdd2ab8b8ec0e6d7a02abfb60c08 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\452dbed9096f176dbce987077aff9cbd folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\4457aa4b2444c6e3405d9f80bf19859d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\4318e53302e1320fa3df84cadb6df08b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\42f9690591ba51574ecf94f9d6cd32a8 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\41eb39c57328b294e6f4a80a4e2a392c folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\41283aa2f27a03db8ac6e1d1365f013e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\3e4cab2324a96b21ec4a957e4b6a278d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\3e0897f4866213254bfbd3cbe589d73d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\3db03e6d2a092e35ca4fdab3991ad920 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\3d2f4135827435e8dc8fac82abe0a55c folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\3b9642e09e0244e6c2bf77baa365b9e6 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\38827483d9949c58ec4998d920cbede4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\380f536bdda9c3462644840e3189aaff folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\380aa151fd2b21bfdadd32e7dc6e8ce2 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\35a00029d6228bf63dc8e34a2452c45a folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\3586ad2a5380c39305cb2bfe40b8f871 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\34868bebcab633a75504c9c1295803d7 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\34351923f39a53c6960fb0c94751bf89 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\335fb25d71319cee42107de3174e7d77 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\32ba9e758cf61542ef914154ecc03495 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\326601d189060fe4af73b04833a07cd1 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\31f2cecc46967f73a81fbd588858ce11 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\318e94665f25bd8f7023c6dc4a88329d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\317a93707a629aa4ccc91527d4a75562 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\30f02c3b767a6f27c191e1c73e59dc2d folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\30e9fad8b35a41b33fe9e392772b787c folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\304ec5a802b5584d54972cc82ecf8403 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2feb303ec9676494b3cbc8464b0aaa75 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2f8c75cf0f37c080e168fb0779476aad folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2f773b46df7da2cba7ab8a55bea2ce9f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2eb6f0cdaccad7b5bc3c0b8eee9ebec4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2eae38c3e5851ce784c44d06234a5799 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2e03ae3bd358e60e18498fc929fc0259 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2df2a1b15b9512293928598c5845bf3b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2dba1c2392297ec9a0be428179193eda folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2d417a212dc93c3af4614927c9a7be78 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2c7d5ba0ae79c834ba0b152501a687d4 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2bd4c28725f8344a45dbd43db2f12379 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2b6c5d616235cd3e7e45d04c6158c681 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2b44870d387875f531d81baa3d5e9707 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2ace00fe42dfc95d4321673192bb7b9f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2a941b4540175f2832d1d3c1a9854f8b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\297d400f224a3bbac0e44b391cbc59c6 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2622776de895dbd04a0baff4c32ce4aa folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\254b93b432bbe46e8bbbd52c102756ad folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\24a853f3cef9ec1b2333857ad5c7ac06 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\23d54896edbda8728bc8f3e32b61c849 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\2336703243bdc96fd95ab1027f2785ee folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\233449b860b1296a994ec056307b26ca folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\22c5a059d6ed480fdc5acb52653650be folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\221acc24042ca1210daa1a9add486906 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\21124b0323df66f9412caccf76188e0b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\20f62c2e8c4e45f0205a31bea891be01 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\20e14cc22aac244941b3ba9526c69a83 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\20a6c3e5ea325d9820ade27f358f9f7b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\207b82ef6b733b685933e15ba0b62c82 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1f3378130858cbf31317c4af610f2601 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1ee6c466f57da195f9dc75349b035095 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1ee3b38553b58092142809a9d50f5f6e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1ed848ef51fe6115485222bc770760e0 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1eb3de86e4e212d94f21e5496953deed folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1d92bedb07f62e3183f40484ee39bb63 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1c2d0fb0f666aed965a87a91d9dee2d3 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1c08f21ed97dc0a434d8158c73677324 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1b933cd6b6f3dd7f6f329efc85519a33 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1b1db6e88a9e3e7753f1440624119dc2 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\19756d7e6e70b4d7cdf8cd428359e70e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\18e1cd83034c18bc475346c7d1120010 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1873cd6a925cf4577bf9b351cd8a6c94 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\18665cad2b98c12e2ea41363974d72e2 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\185bde093fb1c7c922d2663328917eca folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\185bc7683a1e6bad3729308517d39dee folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\18474902db40b9986a3eb37c55dd8702 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\175c5a7e5fc7356fabd3b1b33417a42f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\16b1251bfb61e78a08ae48fd67ff6401 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\165f537fca89029a06d0e5aafebd91df folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\15f5c2d0593b774d4f8a4534966737fc folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1547098e5cb8530a1be52466094ea88a folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\15449da89fb4f7b4f57b71960ee4673f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\153445bd93efabd0bf06ff6078ea433c folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\149454133062bb89308e08e484a0702f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\138a9a5b772d6e512f1df4270f22a097 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\13597b80952c65dab26b1b6184917e00 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1336ebf8cb8032a7a4d2965a63d87279 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1196bc5bed482435d35f3d8115ff31de folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\11384f18df142eafcee58d064a356462 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1084509bc0fddbd5e2243f612ecaa755 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1010632dd9fb060345c0c873f6062d4f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0f958a735806b0374add034fed4f2363 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0f7102fd62e09170501dcfd206472246 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0f44d3cfe06d90d6468cc5f28824eb67 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0ea9c04e0cb26e5e74a299cf0274dd7e folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0d0aec8cceaca18daae6859509f7a862 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0c57580be7c50d496eaca6e32e9d755b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0c2d69b4bd56478b80f0d876509d75a9 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0bb5612a2687200b089407f7fc972581 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0a8408ec6af81836a5b28ced0fc67144 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0a7755a9973eb9dc9c01fd7e38418998 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0a643a24a32647e18befbb6738b3f964 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0a4cc81f4ea34e772ee9259f772d0557 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\09f29ba82e791fe5e56d91db4b185d01 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\080b2a9f37eedbbea3da90e6074d1ffe folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\077680b6c575abd9ed1cff6b0fc12d85 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\03ef8d0a00b177ed1e2e2399792f1c63 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\032d1069ae7b07f92362aec23883830a folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\02ff440ba9a407b0fa1ccd9a8f21ea15 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0222218a851fe0d546ad534e218c1e0f folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0160f25e0cf564eb38663a0a76a9d941 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\0095295056679678e726ba649ff5b642 folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\006176314211e0855cbcb3a47bd30e5b folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\cache\rules folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\cache\resume folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\cache folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys folder moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA64 folder moved successfully.
File/Folder C:\Users\All Users\Microsoft\Crypto\RSA64 not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Main
->Temp folder emptied: 1238996023 bytes
->Temporary Internet Files folder emptied: 2877961 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 26997070 bytes
->Google Chrome cache emptied: 406205704 bytes
->Flash cache emptied: 1157 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5374 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 23856971 bytes
 
Total Files Cleaned = 1,620.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 09122014_234341
 
Files moved on Reboot...
File C:\Users\Main\AppData\Local\Temp\etilqs_2QZGt24OJb5iSlD not found!
File C:\Users\Main\AppData\Local\Temp\etilqs_3paQ7BFDNbQWeDp not found!
File C:\Users\Main\AppData\Local\Temp\etilqs_F4elqiiwV713kTt not found!
C:\Users\Main\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\Main\AppData\Local\Temp\Sha5FB2.tmp not found!
File C:\Users\Main\AppData\Local\Temp\Sha5FB3.tmp not found!
C:\Users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\RzMaelstromVADStreamingService.log scheduled to be moved on reboot.
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

Excellent, run the following to clean up....

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Let me know if we can close out, thankyou,

 

Kevin

Link to post
Share on other sites

Thank you very much for the update, good to hear all went well...

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Take care and surf safe,

 

Kevin..... ;)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.