Jump to content

Need Help from Experts Please


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014

Ran by Gissel (administrator) on GISSEL-PC on 26-12-2014 12:59:43

Running from C:\Gissel

Loaded Profiles: Gissel &  (Available profiles: Gissel & Administrator)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: "https://mail.google.com/mail/u/0/#inbox", "https://mail.google.com/mail/u/0/?shva=1#inbox", "https://www.fiverr.com/", "https://mail.google.com/mail/u/1/#inbox", "chrome://newtab/"

CHR DefaultSuggestURL: Profile 1 ->

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)

S3 Disconnect Desktop Updater; C:\Program Files (x86)\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [358400 2014-12-01] (Disconnect)

R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2014-05-22] () [File not signed]

S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)

S3 ICDSPTSV; C:\Windows\SysWOW64\IcdSptSv.exe [69632 2003-04-01] (Sony Corporation) [File not signed]

R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2014-05-22] () [File not signed]

R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2014-05-22] () [File not signed]

U2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1494144 2012-09-11] (Microsoft Corporation)

R2 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2014-05-22] () [File not signed]

S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 1999-12-31] (Realtek Semiconductor)

R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-05-22] () [File not signed]

S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2014-05-22] () [File not signed]

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-09] ()

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-05-14] (Glarysoft Ltd)

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)

R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)

R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-22] (Glarysoft Ltd)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-15] (Kaspersky Lab ZAO)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-07-15] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-07-15] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-07-15] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)

S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()

S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()

S3 lvsels64; C:\Windows\System32\DRIVERS\lvsels64.sys [68064 2010-05-14] (Logitech Inc.)

R2 mbamchameleon; C:\Windows\system32\drivers\21A12DC9.sys [93400 2014-11-07] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-26] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-09-10] ()

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-26 10:40 - 2014-12-26 10:40 - 00000376 _____ () C:\Windows\PFRO.log

2014-12-26 02:03 - 2014-12-26 02:03 - 00001317 _____ () C:\Windows\IE11_main.log

2014-12-25 21:37 - 2014-12-26 12:59 - 00000000 ____D () C:\FRST

2014-12-25 20:02 - 2014-12-25 20:02 - 00003096 _____ () C:\Windows\System32\Tasks\{D9319D20-B939-42AF-9885-13731C40AAD5}

2014-12-25 20:02 - 2014-12-25 20:02 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Google

2014-12-25 20:02 - 2014-12-25 20:02 - 00000000 ____D () C:\Users\DefaultAppPool

2014-12-25 19:47 - 2014-12-26 10:35 - 00001021 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk

2014-12-25 19:47 - 2014-12-25 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN

2014-12-25 19:47 - 2014-12-25 19:47 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN

2014-12-25 19:46 - 2014-12-25 19:46 - 00003096 _____ () C:\Windows\System32\Tasks\{86F342A8-54EF-4973-A910-EF92EC70DE87}

2014-12-25 16:00 - 2014-12-25 16:00 - 00001243 _____ () C:\Users\Gissel.Gissel-PC\Desktop\iPhone Backup Extractor.lnk

2014-12-25 16:00 - 2014-12-25 16:00 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Roaming\Reincubate

2014-12-25 16:00 - 2014-12-25 16:00 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate

2014-12-25 12:51 - 2014-12-25 12:51 - 00000000 ____D () C:\New Folder (2)

2014-12-25 09:22 - 2014-12-25 09:22 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-25 00:59 - 2014-12-25 00:59 - 00961774 _____ () C:\ProgramData\SPLD91F.tmp

2014-12-24 14:41 - 2014-12-24 14:41 - 00090289 _____ () C:\Users\Gissel.Gissel-PC\Documents\Untitled (3).wma

2014-12-24 13:50 - 2014-12-24 13:50 - 86881989 _____ () C:\Users\Gissel.Gissel-PC\Documents\122414.wma

2014-12-23 23:33 - 2014-12-23 23:33 - 00961774 _____ () C:\ProgramData\SPL4A43.tmp

2014-12-23 22:16 - 2014-12-24 05:41 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\!SARAHSHARPE

2014-12-23 14:58 - 2014-12-26 10:45 - 00000000 ___RD () C:\Users\Gissel.Gissel-PC\Dropbox

2014-12-23 14:58 - 2014-12-23 15:02 - 00001014 _____ () C:\Users\Gissel.Gissel-PC\Desktop\Dropbox.lnk

2014-12-23 14:52 - 2014-12-23 14:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\71A40F68.sys

2014-12-23 14:30 - 2014-12-23 14:30 - 00001935 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk

2014-12-23 13:57 - 2014-12-23 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-12-22 22:27 - 2014-12-26 10:40 - 00002730 _____ () C:\Windows\setupact.log

2014-12-22 22:27 - 2014-12-22 22:27 - 00000000 _____ () C:\Windows\setuperr.log

2014-12-22 22:24 - 2014-12-22 22:24 - 00000086 _____ () C:\lxecPpx.log

2014-12-22 05:30 - 2014-12-22 17:03 - 00000414 _____ () C:\Windows\Tasks\GlaryOneClickOptimizer 5.job

2014-12-22 05:30 - 2014-12-22 05:30 - 00003218 _____ () C:\Windows\System32\Tasks\GlaryOneClickOptimizer 5

2014-12-22 05:13 - 2014-12-26 10:43 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5

2014-12-22 05:13 - 2014-12-26 10:42 - 00000334 _____ () C:\Windows\Tasks\GlaryInitialize 5.job

2014-12-22 05:13 - 2014-12-22 22:26 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Roaming\DiskDefrag

2014-12-22 05:13 - 2014-12-22 05:24 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys

2014-12-22 05:13 - 2014-12-22 05:24 - 00002976 _____ () C:\Windows\System32\Tasks\GU5SkipUAC

2014-12-22 05:13 - 2014-12-22 05:24 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5

2014-12-22 05:13 - 2014-12-22 05:24 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk

2014-12-22 05:13 - 2014-12-22 05:24 - 00001046 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk

2014-12-22 05:13 - 2014-12-22 05:13 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Roaming\GlarySoft

2014-12-22 05:13 - 2014-12-22 05:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5

2014-12-22 05:13 - 2014-05-14 01:39 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe

2014-12-22 05:13 - 2014-05-14 00:02 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys

2014-12-22 01:27 - 2014-12-22 01:27 - 00674910 _____ () C:\Users\Gissel.Gissel-PC\Desktop\forBruce.txt

2014-12-21 11:39 - 2014-12-21 11:39 - 00001519 _____ () C:\Users\Gissel.Gissel-PC\Desktop\Autoresponder sequence - 103+ Emails pack.zip - Shortcut.lnk

2014-12-21 11:39 - 2014-12-21 11:39 - 00001202 _____ () C:\Users\Gissel.Gissel-PC\Desktop\eStore.zip - Shortcut.lnk

2014-12-21 11:22 - 2014-12-21 11:22 - 00001214 _____ () C:\Users\Gissel.Gissel-PC\Desktop\__MACOSX - Shortcut.lnk

2014-12-21 11:21 - 2014-12-21 11:21 - 00001255 _____ () C:\Users\Gissel.Gissel-PC\Desktop\VV Bonus Pack - Shortcut.lnk

2014-12-21 10:41 - 2014-12-21 10:41 - 05023136 _____ () C:\ProgramData\SPL9D27.tmp

2014-12-21 09:58 - 2014-12-21 09:58 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\Ebooks

2014-12-21 09:50 - 2012-05-31 22:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll

2014-12-21 09:50 - 2012-05-31 22:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll

2014-12-21 09:50 - 2012-05-31 22:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll

2014-12-21 09:50 - 2012-05-31 22:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll

2014-12-21 09:50 - 2012-05-31 22:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll

2014-12-21 09:50 - 2012-05-31 22:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe

2014-12-21 09:50 - 2012-05-31 21:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll

2014-12-21 09:50 - 2012-05-31 21:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll

2014-12-21 09:50 - 2012-05-31 21:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll

2014-12-21 09:50 - 2012-05-31 21:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll

2014-12-21 09:50 - 2012-05-31 21:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll

2014-12-21 09:50 - 2012-05-31 21:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe

2014-12-20 16:34 - 2014-12-20 16:34 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices

2014-12-20 16:34 - 2014-12-20 16:34 - 00000000 ____D () C:\Windows\system32\BestPractices

2014-12-20 16:34 - 2014-12-20 16:34 - 00000000 ____D () C:\inetpub

2014-12-19 08:04 - 2014-12-19 08:04 - 00000000 ___RD () C:\Users\Gissel.Gissel-PC\Virtual Machines

2014-12-18 03:22 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 03:22 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-15 20:20 - 2014-12-15 20:20 - 00196846 _____ () C:\Users\Gissel.Gissel-PC\Desktop\FINAL.xlsx

2014-12-15 20:16 - 2014-12-15 20:43 - 11759487 _____ () C:\Users\Gissel.Gissel-PC\Documents\multi formats.xlsx

2014-12-15 01:51 - 2014-12-15 01:51 - 00184291 _____ () C:\Users\Gissel.Gissel-PC\Downloads\men_jacket_Words.html

2014-12-15 01:51 - 2014-12-15 01:51 - 00180289 _____ () C:\Users\Gissel.Gissel-PC\Downloads\men_jacket.html

2014-12-15 01:51 - 2014-12-15 01:51 - 00130738 _____ () C:\Users\Gissel.Gissel-PC\Downloads\Necktie_Words.html

2014-12-15 01:51 - 2014-12-15 01:51 - 00107199 _____ () C:\Users\Gissel.Gissel-PC\Downloads\Necktie.html

2014-12-14 22:47 - 2014-12-14 22:47 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\Wondershare Dr.Fone for iOS

2014-12-14 20:43 - 2014-12-14 20:43 - 00895266 _____ () C:\Users\Gissel.Gissel-PC\Downloads\120514A.html

2014-12-14 20:43 - 2014-12-14 20:43 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Downloads\120514A_files

2014-12-12 00:12 - 2014-12-12 00:12 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\EBAY PICS

2014-12-11 20:20 - 2014-12-11 20:21 - 00009740 _____ () C:\Users\Gissel.Gissel-PC\Documents\budget.xlsx

2014-12-10 13:49 - 2014-12-10 13:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\096D67B0.sys

2014-12-10 03:57 - 2014-12-10 03:57 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-10 03:10 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-10 03:10 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-09 23:48 - 2014-12-09 23:48 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-12-09 15:22 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-09 15:22 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-09 15:21 - 2014-12-03 19:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-09 15:21 - 2014-12-03 19:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-09 15:21 - 2014-12-03 19:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-09 15:21 - 2014-12-03 19:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-09 15:21 - 2014-12-03 19:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-09 15:21 - 2014-12-03 19:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-09 15:21 - 2014-12-03 19:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-09 15:21 - 2014-12-01 16:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-09 15:21 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-09 15:21 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-09 15:21 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-09 15:21 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-09 15:21 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-09 15:21 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-09 15:21 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-09 15:21 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-09 15:21 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-09 15:21 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-09 15:21 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-09 15:21 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-09 15:21 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-09 15:21 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-09 15:21 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-09 15:21 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-09 15:21 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-09 15:21 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-09 15:21 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-09 15:21 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-09 15:20 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-09 15:20 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-09 15:20 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-09 15:20 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-09 15:20 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-09 15:20 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-09 15:20 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-09 15:20 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-09 15:20 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-09 15:20 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-09 15:20 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-09 15:20 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-09 15:20 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-09 15:20 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-09 15:20 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-09 15:20 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-09 15:20 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-09 15:20 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-09 15:20 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-09 15:20 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-09 15:20 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-09 15:20 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-09 15:20 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-09 15:20 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-09 15:20 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-09 15:20 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-09 15:20 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-09 15:20 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-09 15:20 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-09 15:20 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-09 15:20 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-09 15:20 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-09 15:20 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-09 15:20 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-09 15:20 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-09 15:20 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-09 15:20 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-09 15:19 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-09 15:19 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-09 15:19 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-09 15:19 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-09 15:19 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-09 15:19 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-09 15:19 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-09 15:19 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-09 15:19 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-09 15:19 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-09 15:19 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-09 15:19 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-09 01:35 - 2014-12-10 03:36 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\Turbo Lister

2014-12-08 22:32 - 2014-12-08 22:33 - 00000402 _____ () C:\InstallHelper.log

2014-12-08 22:30 - 2014-12-08 22:30 - 00002007 _____ () C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk

2014-12-08 22:30 - 2014-12-08 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay

2014-12-08 22:30 - 2014-12-08 22:30 - 00000000 ____D () C:\ProgramData\eBay

2014-12-08 22:30 - 2014-12-08 22:30 - 00000000 ____D () C:\Program Files (x86)\eBay

2014-12-07 18:32 - 2014-12-07 18:32 - 00094779 _____ () C:\Users\Gissel.Gissel-PC\Documents\thisisitnow.wma

2014-12-07 18:31 - 2014-12-07 18:31 - 63884209 _____ () C:\Users\Gissel.Gissel-PC\Documents\Untitled (2).wma

2014-12-07 15:44 - 2014-12-26 12:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-07 15:44 - 2014-12-26 10:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-07 15:44 - 2014-12-19 15:45 - 00002230 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-07 15:44 - 2014-12-07 15:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-12-07 15:44 - 2014-12-07 15:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-12-07 15:44 - 2014-12-07 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-12-07 14:54 - 2014-12-07 14:54 - 00000020 _____ () C:\Windows\(ù¡

2014-12-06 03:05 - 2014-12-06 03:05 - 00001234 _____ () C:\Users\Administrator\Desktop\iPhone Backup Extractor.lnk

2014-12-06 03:05 - 2014-12-06 03:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Reincubate

2014-12-06 03:05 - 2014-12-06 03:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate

2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ___HD () C:\Wondershare_DrFone_iCloud_Backup

2014-12-05 22:13 - 2014-12-05 22:13 - 00001198 _____ () C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk

2014-12-05 22:13 - 2014-12-05 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare

2014-12-05 22:13 - 2014-12-05 22:13 - 00000000 ____D () C:\Program Files\Wondershare

2014-12-05 22:13 - 2014-08-08 16:15 - 00076384 _____ (http://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll

2014-12-05 22:13 - 2014-08-08 16:15 - 00052832 _____ (http://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\Drivers\libusb0.sys

2014-12-05 22:12 - 2014-12-05 22:13 - 00000000 ____D () C:\Users\Public\Documents\Wondershare

2014-12-05 21:38 - 2014-12-05 21:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\68AC47F1.sys

2014-12-05 20:38 - 2014-12-26 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-05 20:38 - 2014-12-26 01:47 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-05 20:38 - 2014-12-26 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-05 20:38 - 2014-12-26 01:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-05 20:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-05 20:38 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-05 20:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-04 05:14 - 2014-12-04 05:14 - 00006728 _____ () C:\Users\Gissel.Gissel-PC\Downloads\contacts.txt

2014-12-04 01:48 - 2014-12-04 01:48 - 00000972 _____ () C:\Users\Gissel.Gissel-PC\Downloads\DomainDownloadList-229732924.csv.gz

2014-12-04 00:52 - 2014-12-04 00:52 - 00003652 _____ () C:\Windows\System32\Tasks\Disconnect Desktop Updater

2014-12-04 00:52 - 2014-12-04 00:52 - 00001176 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disconnect Desktop.lnk

2014-12-04 00:52 - 2014-12-04 00:52 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Disconnect Desktop.lnk

2014-12-04 00:52 - 2014-12-04 00:52 - 00001164 _____ () C:\Users\Public\Desktop\Disconnect Desktop.lnk

2014-12-04 00:52 - 2014-12-04 00:52 - 00000000 ____D () C:\Program Files (x86)\Disconnect

2014-12-04 00:27 - 2014-12-04 00:27 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Disconnect

2014-12-04 00:03 - 2014-12-04 00:03 - 14147584 _____ () C:\Users\Administrator\Downloads\lastpass_x64.exe

2014-12-03 23:48 - 2014-12-03 23:48 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk

2014-12-03 23:48 - 2014-12-03 23:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass

2014-12-03 23:48 - 2014-12-03 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass

2014-12-03 23:43 - 2014-12-03 23:44 - 14147584 _____ () C:\Users\Gissel.Gissel-PC\Downloads\lastpass_x64 (2).exe

2014-12-03 17:31 - 2014-12-03 17:32 - 00084992 _____ () C:\ResetPassword.exe

2014-12-03 17:26 - 2014-12-03 17:34 - 00000000 ___HD () C:\Windows\msdownld.tmp

2014-12-03 17:19 - 2014-12-03 17:19 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-12-03 17:19 - 2014-12-03 17:19 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-12-03 17:19 - 2014-12-03 17:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-03 17:17 - 2014-12-03 17:17 - 00244104 _____ () C:\Users\Administrator\Downloads\Firefox Setup Stub 34.0.5.exe

2014-12-03 16:36 - 2014-12-03 16:36 - 00000000 ____D () C:\Users\Administrator\Documents\SightSpeed Recordings

2014-12-03 16:36 - 2014-12-03 16:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogiShrd

2014-12-03 16:34 - 2014-12-03 16:34 - 01056768 _____ () C:\new.sdb

2014-12-03 16:34 - 2014-12-03 16:34 - 00018348 _____ () C:\securityconfig.cfg

2014-12-03 16:34 - 2014-12-03 16:34 - 00018266 _____ () C:\securityconfig1.cfg

2014-12-02 20:03 - 2014-12-02 20:03 - 00003135 _____ () C:\Users\Gissel.Gissel-PC\Desktop\Income Reports - Shortcut.lnk

2014-12-01 12:25 - 2014-12-01 12:25 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Downloads\coats6

2014-12-01 11:19 - 2014-12-01 11:19 - 25770017 _____ () C:\Users\Gissel.Gissel-PC\Downloads\coats7.zip

2014-12-01 11:19 - 2014-12-01 11:19 - 15945735 _____ () C:\Users\Gissel.Gissel-PC\Downloads\coats6.zip

2014-12-01 11:17 - 2014-12-01 11:17 - 20469255 _____ () C:\Users\Gissel.Gissel-PC\Downloads\coats (1).zip

2014-12-01 11:17 - 2014-12-01 11:17 - 14647482 _____ () C:\Users\Gissel.Gissel-PC\Downloads\coats.zip

2014-11-30 17:13 - 2014-11-30 17:13 - 02843891 _____ () C:\Users\Gissel.Gissel-PC\Documents\BIRDSALL ADS.zip

2014-11-30 17:13 - 2014-11-30 17:13 - 00001924 _____ () C:\Users\Gissel.Gissel-PC\Desktop\BIRDSALL ADS - Shortcut (3).lnk

2014-11-30 17:12 - 2014-11-30 17:12 - 00001883 _____ () C:\Users\Gissel.Gissel-PC\Desktop\BIRDSALL ADS - Shortcut (2).lnk

2014-11-30 17:11 - 2014-11-30 17:11 - 00001883 _____ () C:\Users\Gissel.Gissel-PC\Desktop\BIRDSALL ADS - Shortcut.lnk

2014-11-28 11:04 - 2014-11-28 11:04 - 00000000 ____D () C:\New Folder

2014-11-28 04:51 - 2014-11-28 04:51 - 00025384 _____ () C:\Users\Gissel.Gissel-PC\Desktop\subsforimport.csv

2014-11-28 04:34 - 2014-11-28 08:07 - 00008919 _____ () C:\Users\Gissel.Gissel-PC\Desktop\subsforimport.csv.xlsx

2014-11-28 03:00 - 2014-11-28 03:00 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Roaming\TeknikForce

2014-11-28 02:39 - 2014-12-08 12:05 - 00004608 _____ () C:\Users\Gissel.Gissel-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-11-27 21:50 - 2014-11-27 20:38 - 00196608 _____ () C:\Users\Gissel.Gissel-PC\Downloads\4C83F4B3-52AC-4B2C-96EF-19823BCFB2B7.Diagnose.0.etl

2014-11-26 16:32 - 2014-11-26 16:32 - 01005568 _____ (Microsoft Corporation) C:\Users\Gissel.Gissel-PC\Downloads\dotNetFx45_Full_setup.exe

2014-11-26 16:30 - 2014-11-26 16:31 - 02829614 _____ () C:\Users\Gissel.Gissel-PC\Downloads\emailjeet.zip

2014-11-26 15:35 - 2014-11-26 15:35 - 00001487 _____ () C:\Users\Gissel.Gissel-PC\Documents\ebayincome G FOSSATI.csv

2014-11-26 15:09 - 2014-11-26 15:09 - 00016537 _____ () C:\Users\Gissel.Gissel-PC\Downloads\Download (3).csv

2014-11-26 15:04 - 2014-11-26 15:04 - 00016806 _____ () C:\Users\Gissel.Gissel-PC\Downloads\Download (2).csv

2014-11-26 14:27 - 2014-11-26 14:27 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Downloads\srp history_files

2014-11-26 14:26 - 2014-11-26 14:27 - 00010025 _____ () C:\Users\Gissel.Gissel-PC\Downloads\srp history.htm

2014-11-26 14:24 - 2014-11-26 14:24 - 00104410 _____ () C:\Users\Gissel.Gissel-PC\Downloads\AccountHistory11-27-2011_to_11-22-2014 (1).xls

2014-11-26 14:24 - 2014-11-26 14:24 - 00041449 _____ () C:\Users\Gissel.Gissel-PC\Downloads\AccountHistory12-11-2013_to_11-22-2014 (1).xls

2014-11-26 14:24 - 2014-11-26 14:24 - 00031176 _____ () C:\Users\Gissel.Gissel-PC\Downloads\AccountStatus_Sep-01-14_Nov-27-14 (1).csv

2014-11-26 01:12 - 2014-11-26 01:13 - 00031176 _____ () C:\Users\Gissel.Gissel-PC\Downloads\AccountStatus_Sep-01-14_Nov-27-14.csv

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-26 12:59 - 2014-10-27 09:13 - 00000000 ____D () C:\Gissel

2014-12-26 12:56 - 2014-03-28 04:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-12-26 12:48 - 2014-07-23 15:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-26 12:39 - 2014-09-04 06:21 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4044387434-2444748874-2753398286-1000UA.job

2014-12-26 12:34 - 2014-11-20 16:31 - 00000608 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4044387434-2444748874-2753398286-1000.job

2014-12-26 10:51 - 2014-01-11 14:22 - 01804294 _____ () C:\Windows\WindowsUpdate.log

2014-12-26 10:51 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-26 10:51 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-26 10:45 - 2014-10-29 20:09 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Roaming\Dropbox

2014-12-26 10:40 - 2014-01-21 08:43 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2014-12-26 10:40 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-25 20:15 - 2014-07-21 23:25 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Roaming\Skype

2014-12-25 20:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing

2014-12-25 16:32 - 2009-07-13 22:13 - 00823456 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-25 16:22 - 2014-08-16 07:40 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\MY EXCEL

2014-12-25 15:39 - 2014-09-04 06:21 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4044387434-2444748874-2753398286-1000Core.job

2014-12-25 12:51 - 2014-10-06 23:43 - 00000000 ____D () C:\Sandbox

2014-12-25 01:23 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-12-25 01:04 - 2014-07-15 09:54 - 00000258 __RSH () C:\Users\Gissel.Gissel-PC\ntuser.pol

2014-12-25 01:04 - 2014-07-15 09:54 - 00000000 ____D () C:\Users\Gissel.Gissel-PC

2014-12-24 20:21 - 2014-09-26 11:50 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\EBAY

2014-12-24 14:17 - 2014-11-23 01:00 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Desktop\TEMP

2014-12-24 06:36 - 2014-10-28 11:45 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\SUBSCRIBERS MASTER LIST

2014-12-23 19:43 - 2014-09-23 13:25 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\EMAIL LIST - ITSINTHELIST

2014-12-23 18:34 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries

2014-12-23 15:02 - 2014-10-29 20:12 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-12-23 14:23 - 2014-07-23 15:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-23 14:23 - 2014-02-08 11:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-23 14:23 - 2014-02-08 11:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-23 14:05 - 2014-08-08 16:23 - 00006796 _____ () C:\ProgramData\lxecscan.log

2014-12-22 05:36 - 2010-07-31 02:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services

2014-12-22 05:36 - 2010-07-31 01:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling

2014-12-22 05:36 - 2010-07-31 01:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools

2014-12-22 03:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv

2014-12-22 03:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\inetsrv

2014-12-17 07:25 - 2014-07-04 12:58 - 00000000 ____D () C:\Users\Administrator

2014-12-17 05:10 - 2014-02-14 04:03 - 00000000 ____D () C:\ProgramData\Skype

2014-12-17 05:09 - 2014-09-08 11:14 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-12-17 04:14 - 2014-09-01 19:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-12-17 04:14 - 2014-09-01 19:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-12-17 03:06 - 2014-09-01 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-12-17 02:37 - 2014-11-20 16:31 - 00003638 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4044387434-2444748874-2753398286-1000

2014-12-16 07:19 - 2014-11-23 21:32 - 00000000 ___RD () C:\Users\Bruce\Uploads

2014-12-16 07:19 - 2014-11-23 21:32 - 00000000 ___RD () C:\Users\Bruce\Shared

2014-12-16 07:19 - 2014-11-23 21:32 - 00000000 ___RD () C:\Users\Bruce\My Photo Stream

2014-12-16 07:19 - 2014-11-20 16:30 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Local\Citrix

2014-12-16 07:19 - 2014-07-24 21:04 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Local\Downloaded Installations

2014-12-16 07:19 - 2014-05-31 15:52 - 00000000 ____D () C:\Windows\pss

2014-12-16 07:19 - 2014-04-25 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-12-16 07:18 - 2014-08-05 20:49 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\locates

2014-12-16 07:18 - 2014-07-24 21:20 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\samsung

2014-12-16 07:18 - 2014-07-20 15:17 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\Traffic Elixar

2014-12-16 07:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration

2014-12-16 07:17 - 2014-10-28 13:54 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\BIRDSALL ADS

2014-12-16 07:17 - 2014-10-27 12:48 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\BIRDSALL

2014-12-16 07:17 - 2014-09-28 19:53 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\!EBAY.COM

2014-12-16 07:17 - 2014-08-15 18:39 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\HOUSEHOLD

2014-12-16 07:17 - 2014-07-23 18:15 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\!AMAZON.COM

2014-12-16 07:16 - 2014-04-13 22:32 - 00000000 ____D () C:\Users\Bruce

2014-12-16 07:15 - 2014-02-09 06:15 - 00000000 ____D () C:\Program Files (x86)\Java

2014-12-16 07:08 - 2014-01-11 14:09 - 00000000 ____D () C:\ProgramData\Recovery

2014-12-15 18:46 - 2014-02-09 07:01 - 00000000 ____D () C:\ProgramData\Oracle

2014-12-15 15:16 - 2014-07-24 21:20 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Local\CrashDumps

2014-12-14 22:58 - 2014-08-16 07:40 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\Documents\MY TXT

2014-12-14 06:56 - 2014-08-28 05:34 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Local\Adobe

2014-12-12 07:05 - 2014-06-20 19:32 - 00000000 ____D () C:\Spacekace

2014-12-10 03:57 - 2014-05-11 14:38 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-10 03:57 - 2014-05-04 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-10 03:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-10 03:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-10 03:51 - 2014-01-23 09:19 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-09 17:28 - 2014-08-25 22:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-08 13:33 - 2014-02-28 22:49 - 00000000 ____D () C:\Users\Gissel\Desktop\SUBLIME INSTANT LIFT ARIZONA

2014-12-07 15:44 - 2014-01-12 14:27 - 00000000 ____D () C:\Program Files (x86)\Google

2014-12-07 14:55 - 2010-07-31 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

2014-12-07 14:09 - 2014-07-24 21:20 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Roaming\Samsung

2014-12-07 14:09 - 2014-07-24 21:07 - 00000000 ____D () C:\Program Files (x86)\Samsung

2014-12-07 14:07 - 2014-07-24 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

2014-12-07 14:07 - 2014-07-24 21:07 - 00000000 ____D () C:\ProgramData\Samsung

2014-12-07 14:07 - 2010-07-31 01:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-12-07 03:56 - 2009-07-13 21:45 - 00555952 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-12-06 03:05 - 2014-07-15 19:39 - 00117792 _____ () C:\Users\Gissel.Gissel-PC\AppData\Local\GDIPFONTCACHEV1.DAT

2014-12-05 22:14 - 2014-05-29 02:55 - 00000000 ____D () C:\ProgramData\Wondershare

2014-12-05 22:13 - 2014-05-29 02:55 - 00000000 ___HD () C:\Program Files (x86)\Dr.Fone_Temp

2014-12-04 08:44 - 2014-10-28 01:53 - 00031270 _____ () C:\Users\Gissel.Gissel-PC\Documents\pennelson.txt.xlsx

2014-12-04 00:56 - 2014-07-09 04:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer

2014-12-03 23:49 - 2014-02-07 11:51 - 00000000 ____D () C:\Program Files (x86)\LastPass

2014-12-03 17:19 - 2014-07-01 16:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-03 16:55 - 2014-10-21 13:08 - 00000000 ____D () C:\Program Files (x86)\Wondershare

2014-12-03 16:45 - 2014-10-29 07:20 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack

2014-12-03 16:44 - 2014-09-30 11:31 - 00000000 ____D () C:\Program Files (x86)\The Net Results

2014-12-03 16:44 - 2014-02-11 19:04 - 00000000 ____D () C:\Program Files\CCleaner

2014-12-03 16:34 - 2014-07-04 12:58 - 00000258 __RSH () C:\Users\Administrator\ntuser.pol

2014-12-03 16:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\security

2014-12-03 11:27 - 2014-07-23 15:10 - 00000000 ____D () C:\Users\Gissel.Gissel-PC\AppData\Roaming\Apple Computer

2014-11-28 04:41 - 2014-10-28 11:41 - 00068611 _____ () C:\Users\Gissel.Gissel-PC\Documents\SUBSCRIBERS15figureday.csv

2014-11-27 16:40 - 2014-01-23 09:19 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-11-27 13:33 - 2014-11-23 05:08 - 02855091 _____ (Teknikforce ) C:\Program Files (x86)\emailjeet.exe

2014-11-27 02:44 - 2014-04-14 18:28 - 00000121 _____ () C:\Users\Gissel\Downloads\listen.m3u

 

Files to move or delete:

====================

C:\ProgramData\fontcacheev1.dat

 

 

Some content of TEMP:

====================

C:\Users\Administrator\AppData\Local\temp\oi_{589C02C6-DF28-4767-AA1D-15D59B80F5BB}.exe

C:\Users\Administrator\AppData\Local\temp\UNINSTALL.exe

C:\Users\Administrator\AppData\Local\temp\UNT2E62.tmp.exe

C:\Users\Administrator\AppData\Local\temp\UNT2E73.tmp.exe

C:\Users\Administrator\AppData\Local\temp\UNT2EA5.tmp.exe

C:\Users\Administrator\AppData\Local\temp\UNT2EC7.tmp.exe

C:\Users\Administrator\AppData\Local\temp\UNT2EC8.tmp.exe

C:\Users\Administrator\AppData\Local\temp\UNT2EC9.tmp.exe

C:\Users\Administrator\AppData\Local\temp\UNT2ECA.tmp.exe

C:\Users\Administrator\AppData\Local\temp\UNT2ECB.tmp.exe

C:\Users\Administrator\AppData\Local\temp\UNT2EDB.tmp.exe

C:\Users\Administrator\AppData\Local\temp\VOPackage.exe

C:\Users\Gissel.Gissel-PC\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl1e6fr.dll

C:\Users\Gissel.Gissel-PC\AppData\Local\temp\Execute2App.exe

C:\Users\Gissel.Gissel-PC\AppData\Local\temp\Kies3RemoveAll.exe

C:\Users\Gissel.Gissel-PC\AppData\Local\temp\msvcp90.dll

C:\Users\Gissel.Gissel-PC\AppData\Local\temp\msvcr90.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-25 18:29

 

==================== End Of Log ============================

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 
Can you describe your problem please?

Link to post
Share on other sites

Hello yes I can sir.  I intermitantly when opening a new tab or window will get chinese writing.  Sometimes it is the whole

screen and others appears to be an ad.  It first started when on ebay and has now become more frequent and on other random

sites.

 

As of today, appears to be slowing down.  Ebay says it is not on their end and suggested using a different browser.

 

Happens most frequently when on ebay.  
Thank you

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

I have 64 system.  System did not ask me where I wanted to save it to, therefore, it is not on my deskstop as instructed.  Ok or Not?

I got a UAC asking me if I wanted to let FRST have access to my computer.  The notice indicated that the Publisher was unknown.  I would think that

information would be available.  

Link to post
Share on other sites

I RAN It and saved both of them and cant find either one.   I will run again.  

 

This may be relavant information not sure though.  I was told by a technician at my ISP 

while troubleshooting a connection issue that the "share" tab has been removed from the IPV4

and that my computer is being 'shared' and accessed remotely.  I have been fighting this

for over a year now.  can you help me with this as well?

 

I will go and run a fbst again.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.