1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive-A Unable to Connect to the Proxy Server, Malware?

Discussion in 'Malware and Virus Removal Archive' started by nfreytag, 2015/08/06.

  1. 2015/08/06
    nfreytag

    nfreytag Inactive Thread Starter

    Joined:
    2015/08/06
    Messages:
    6
    Likes Received:
    0
    [Inactive-A] Unable to Connect to the Proxy Server, Malware?

    Hey There,

    I'm definitely considered a beginner when it comes to fixing problems that I have with my computer, but I figured I'd give this a shot. I downloaded unwanted malware onto my computer, and have used Ad-Aware and MalwareBytes to remove. The initial scan on both programs brought up issues but they were quarantined.

    Now, I'm still having issues with trying to open web pages in chrome and IE. I get the error "Unable to connect to the proxy server" ERR_PROXY_CONNECTION_FAILED.

    I have tried disabling using the Proxy Server box under LAN settings, but the box is greyed out, and I have a yellow alert saying "Some settings are managed by your system administrator ". I have no system administrator, I am the only user.

    I assume that this problem is quite common on this forum, but I'd really appreciate some help talking me through this, it's incredibly frustrating!

    After reading the announcement, I have run the FRST64.exe program and it has spit out the FRST.txt and Addition.txt logs which I will post as well.

    Thank you in advance for any help that is provided!

    Nick
     
    nfreytag,
    #1
  2. 2015/08/06
    nfreytag

    nfreytag Inactive Thread Starter

    Joined:
    2015/08/06
    Messages:
    6
    Likes Received:
    0
    FRST.txt (part 1)

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
    Ran by nfminer (administrator) on NFMINER-PC (06-08-2015 16:54:22)
    Running from C:\Users\nfminer\Desktop
    Loaded Profiles: nfminer (Available Profiles: nfminer)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser not detected!)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe
    (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTray.exe
    () C:\a\q5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.exe
    (YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
    (Goobzo) C:\Program Files (x86)\YTDownloader\BrowserHelper.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (YTDownloader) C:\Program Files (x86)\YTDownloader\DownloadHelper.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTray.exe [9549808 2015-06-24] ()
    HKLM-x32\...\Run: [cutoauto] => C:\a\wincheckfe.exe
    HKLM-x32\...\Run: [interpee] => C:\a\internetport3.exe
    HKLM-x32\...\Run: [autoauto] => 16448965.bat
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\Run: [rutoauto] => 16448965.bat
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\Run: [dutoauto] => C:\a\wincheckfe.exe
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\Run: [interpee] => C:\a\internetport3.exe
    Startup: C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk [2015-08-06]
    ShortcutTarget: intr.lnk -> C:\a\58967140.bat ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Policy restriction on ProxySettings)
    ProxyEnable: [HKLM-x32] => ProxyEnable is set
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyEnable: [S-1-5-21-562720426-3001973214-2539249035-1000] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-562720426-3001973214-2539249035-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-06] (Lavasoft Limited)
    Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
    Tcpip\..\Interfaces\{585FC42D-A245-49F0-B7CB-E1688CF92B30}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
    Tcpip\..\Interfaces\{C6B6BA06-5FA5-4880-B38E-C583DB1768D1}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
    FF Plugin HKU\S-1-5-21-562720426-3001973214-2539249035-1000: etrade.com/ETProPlugin -> C:\Program Files (x86)\E-TRADE Pro\npetproplugin.dll [2015-01-26] (E*Trade Financial)

    Chrome:
    =======
    CHR Profile: C:\Users\nfminer\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\nfminer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-06]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\nfminer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
    R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-08-05] ()
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe [716664 2015-06-24] ()
    R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-08-06] (Lavasoft Limited)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [13312 2015-08-06] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S2 c31ed948; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.99\OptProMon.dll ",ENT <==== ATTENTION
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc [X] <==== ATTENTION
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATTENTION

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
    R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
    R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender)
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
    R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC)
    R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC)
    S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-08-06] (Disc Soft Ltd)
    R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-06] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-08-05] (YTDownloader)
    S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
    S3 TRIXX; \??\C:\Users\nfminer\AppData\Local\Temp\TRIXX.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-06 16:55 - 2015-08-06 16:55 - 00000000 _____ C:\Users\nfminer\AppData\Local\apq5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.html
    2015-08-06 16:54 - 2015-08-06 16:54 - 00011872 _____ C:\Users\nfminer\Desktop\FRST.txt
    2015-08-06 16:54 - 2015-08-06 16:54 - 00000000 ____D C:\FRST
    2015-08-06 16:53 - 2015-08-06 16:53 - 02170368 _____ (Farbar) C:\Users\nfminer\Desktop\FRST64.exe
    2015-08-06 16:40 - 2015-08-06 16:54 - 00002154 _____ C:\Users\nfminer\Desktop\Google Chrome.lnk
    2015-08-06 16:39 - 2015-08-06 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-08-06 16:38 - 2015-08-06 16:43 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-08-06 16:38 - 2015-08-06 16:43 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-08-06 16:38 - 2015-08-06 16:38 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-08-06 16:38 - 2015-08-06 16:38 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-08-06 16:03 - 2015-08-06 16:03 - 00000476 __RSH C:\ProgramData\ntuser.pol
    2015-08-06 11:50 - 2015-08-06 11:50 - 00000000 ____D C:\ProgramData\BitDefender
    2015-08-06 11:44 - 2015-08-06 11:44 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\LavasoftStatistics
    2015-08-06 11:43 - 2015-08-06 12:06 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Lavasoft
    2015-08-06 11:43 - 2015-08-06 12:03 - 00002896 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
    2015-08-06 11:43 - 2015-08-06 12:03 - 00002896 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
    2015-08-06 11:43 - 2015-08-06 11:43 - 00422400 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
    2015-08-06 11:43 - 2015-08-06 11:43 - 00342016 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
    2015-08-06 11:43 - 2015-08-06 11:43 - 00000000 ____D C:\Users\nfminer\AppData\Local\Lavasoft
    2015-08-06 11:43 - 2015-08-06 11:43 - 00000000 ____D C:\Program Files (x86)\Lavasoft
    2015-08-06 11:42 - 2015-08-06 15:28 - 00002321 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2015-08-06 11:42 - 2015-08-06 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2015-08-06 11:42 - 2015-08-06 11:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2015-08-06 11:42 - 2015-01-06 13:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00156936 _____ C:\Windows\system32\bdfwcore.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
    2015-08-06 11:42 - 2015-01-06 13:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
    2015-08-06 11:41 - 2015-08-06 11:41 - 00000000 ____D C:\Program Files\Lavasoft
    2015-08-06 11:40 - 2015-08-06 11:40 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
    2015-08-06 11:39 - 2015-08-06 11:43 - 00000000 ____D C:\ProgramData\Lavasoft
    2015-08-06 11:39 - 2015-08-06 11:39 - 02009904 _____ C:\Users\nfminer\Downloads\Adaware_Installer.exe
    2015-08-06 11:27 - 2015-08-06 11:27 - 00000426 __RSH C:\Users\nfminer\ntuser.pol
    2015-08-06 11:14 - 2015-08-06 11:15 - 00000000 ____D C:\Users\nfminer\AppData\Local\BrowserHelper
    2015-08-06 10:30 - 2015-08-06 10:30 - 00000000 ____D C:\Windows\pss
    2015-08-06 02:57 - 2015-08-06 02:57 - 00003912 _____ C:\Windows\System32\Tasks\YTDownloaderUpd
    2015-08-06 02:57 - 2015-08-06 02:57 - 00003590 _____ C:\Windows\System32\Tasks\YTDownloader
    2015-08-06 02:57 - 2015-08-06 02:57 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
    2015-08-06 02:57 - 2015-08-06 02:57 - 00000000 ____D C:\Program Files (x86)\YTDownloader
    2015-08-06 02:55 - 2015-08-06 14:01 - 00000000 ____D C:\Program Files (x86)\ShopperPro
    2015-08-06 02:51 - 2015-08-06 10:07 - 00000000 ____D C:\Program Files (x86)\globalUpdate
    2015-08-06 02:51 - 2015-08-06 10:07 - 00000000 ____D C:\Program Files (x86)\ee63cdc6-5f91-44d3-a3dd-8241c1189391
    2015-08-06 02:51 - 2015-08-06 10:07 - 00000000 ____D C:\Program Files (x86)\7820b0eb-3626-4620-9e3a-dab3daac0de7
    2015-08-06 02:51 - 2015-08-06 02:51 - 00000000 ____D C:\Users\nfminer\AppData\Local\globalUpdate
    2015-08-06 02:48 - 2015-08-06 02:48 - 00000000 ____D C:\Users\nfminer\AppData\Local\CrashRpt
    2015-08-06 02:34 - 2015-08-06 15:26 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-08-06 02:34 - 2015-08-06 02:34 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-08-06 02:34 - 2015-08-06 02:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-08-06 02:34 - 2015-08-06 02:34 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-08-06 02:34 - 2015-08-06 02:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-08-06 02:34 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-08-06 02:34 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-08-06 02:34 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-08-06 02:33 - 2015-08-06 02:34 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\nfminer\Downloads\mbam-setup-2.1.8.1057.exe
    2015-08-06 02:25 - 2015-08-06 02:28 - 00000000 ____D C:\AdwCleaner
    2015-08-06 02:24 - 2015-08-06 02:24 - 02248704 _____ C:\Users\nfminer\Downloads\adwcleaner_4.208.exe
    2015-08-06 02:23 - 2015-08-06 16:53 - 00000000 ___HD C:\a
    2015-08-06 02:23 - 2015-08-06 03:42 - 00000000 ____D C:\Users\nfminer\AppData\Local\yuntnani
    2015-08-06 02:23 - 2015-08-06 02:23 - 00000000 ____D C:\Program Files (x86)\FastInternet
    2015-08-06 02:17 - 2015-08-06 02:17 - 00000019 _____ C:\Windows\SysWOW64\16448965.bat
    2015-08-06 02:15 - 2015-08-06 02:15 - 00003464 _____ C:\Windows\System32\Tasks\Woodoreerju
    2015-08-06 02:11 - 2015-08-06 15:25 - 00000346 ____H C:\Windows\Tasks\TANTVXMGQVTBIOHY.job
    2015-08-06 02:11 - 2015-08-06 15:25 - 00000334 _____ C:\Windows\Tasks\GDAQIZHHFD1.job
    2015-08-06 02:11 - 2015-08-06 02:11 - 00003384 _____ C:\Windows\System32\Tasks\TANTVXMGQVTBIOHY
    2015-08-06 02:11 - 2015-08-06 02:11 - 00002856 _____ C:\Windows\System32\Tasks\GDAQIZHHFD1
    2015-08-06 02:11 - 2015-08-06 02:11 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-08-06 02:11 - 2015-08-06 02:11 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
    2015-08-06 02:10 - 2015-08-06 15:22 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Eppink
    2015-08-06 02:02 - 2015-08-06 02:02 - 00000912 _____ C:\Windows\SysWOW64\${LOGFILE}
    2015-08-06 01:57 - 2015-08-06 02:45 - 00000000 ___HD C:\ProgramData\msx
    2015-08-06 01:54 - 2015-08-06 01:54 - 00631808 _____ C:\Windows\msx.dat
    2015-08-06 01:52 - 2009-06-10 14:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2015-08-06 01:43 - 2015-08-06 01:43 - 00020349 _____ C:\Windows\srtpoq.xml
    2015-08-06 01:32 - 2015-08-06 10:20 - 00000024 _____ C:\Users\nfminer\AppData\Roaming\appdataFr25.bin
    2015-08-06 01:12 - 2015-08-06 01:12 - 00000000 ____D C:\ProgramData\Free Download Manager
    2015-08-06 01:08 - 2015-08-06 01:08 - 00000000 ____D C:\Program Files (x86)\Disc Soft
    2015-08-06 01:07 - 2015-08-06 01:14 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\DAEMON Tools Lite
    2015-08-06 01:07 - 2015-08-06 01:09 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
    2015-08-06 01:07 - 2015-08-06 01:07 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
    2015-08-06 01:06 - 2015-08-06 01:07 - 13146016 _____ (Disc Soft Ltd) C:\Users\nfminer\Downloads\DTLite501-0406.exe
    2015-08-06 00:57 - 2015-08-06 01:44 - 00000000 ____D C:\Program Files (x86)\Free Download Manager
    2015-08-06 00:54 - 2015-08-06 00:59 - 00000000 ____D C:\Users\nfminer\Downloads\Vuze Leap
    2015-08-06 00:54 - 2015-08-06 00:56 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Vuze Leap
    2015-08-06 00:54 - 2015-08-06 00:54 - 00000946 _____ C:\Users\nfminer\Desktop\Vuze Leap.lnk
    2015-08-06 00:54 - 2015-08-06 00:54 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vuze Leap
    2015-08-06 00:49 - 2015-08-06 00:49 - 00129024 _____ (Azureus Software, Inc.) C:\Users\nfminer\Downloads\VuzeLeapStub.exe
    2015-08-06 00:47 - 2015-08-06 00:53 - 00003282 _____ C:\Windows\System32\Tasks\Windows Defrag
    2015-08-06 00:47 - 2015-08-06 00:53 - 00003282 _____ C:\Windows\System32\Tasks\Alfasistem Memory Job
    2015-08-06 00:47 - 2015-08-06 00:47 - 00108098 _____ C:\Users\nfminer\Downloads\SimCity 3000 Unlimited FULL GAME SERIAL PATCH Vallence .zip
    2015-08-06 00:47 - 2015-08-06 00:47 - 00000000 _____ C:\Users\nfminer\AppData\Roaming\903D.tmp
    2015-08-06 00:29 - 2015-08-06 00:29 - 00000000 ____D C:\Users\nfminer\AppData\Local\Microsoft Corporation
    2015-08-06 00:28 - 2015-08-06 00:28 - 00002127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
    2015-08-06 00:28 - 2015-08-06 00:28 - 00002115 _____ C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
    2015-08-06 00:28 - 2015-08-06 00:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
    2015-08-06 00:27 - 2015-08-06 00:27 - 08669472 _____ (Microsoft Corporation) C:\Users\nfminer\Downloads\Windows7UpgradeAdvisorSetup.exe
    2015-08-06 00:24 - 2015-08-06 00:24 - 00000000 ____D C:\Windows\system32\MRT
    2015-08-06 00:24 - 2015-08-06 00:24 - 00000000 ____D C:\Program Files (x86)\Webproxynet Unblock any website
    2015-08-06 00:24 - 2015-08-06 00:24 - 00000000 ____D C:\6b5688dacf6a6c48694dfd1d
    2015-08-06 00:24 - 2015-07-03 08:43 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-08-06 00:20 - 2015-08-06 12:20 - 00000380 _____ C:\Windows\Tasks\EasyTrain.job
    2015-08-06 00:20 - 2015-08-06 00:20 - 00003296 _____ C:\Windows\System32\Tasks\EasyTrain
    2015-08-06 00:18 - 2015-08-06 00:18 - 00000000 ____D C:\Users\nfminer\Downloads\SIMCITY3000_EXE_DE
    2015-08-06 00:17 - 2015-08-06 00:17 - 00375207 _____ C:\Users\nfminer\Downloads\SIMCITY3000_EXE_DE.ZIP
    2015-07-24 19:13 - 2015-07-24 19:13 - 00276536 _____ C:\Windows\Minidump\072415-71557-01.dmp
    2015-07-23 11:23 - 2015-07-23 11:23 - 00001945 _____ C:\Users\Public\Desktop\E-TRADE Pro.lnk
    2015-07-23 11:23 - 2015-07-23 11:23 - 00000070 _____ C:\Users\nfminer\Downloads\error.log
    2015-07-23 11:23 - 2015-07-23 11:23 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\E-TRADE Pro
    2015-07-23 11:23 - 2015-07-23 11:23 - 00000000 ____D C:\Program Files (x86)\E-TRADE Pro
    2015-07-23 11:14 - 2015-07-23 11:15 - 30643784 _____ (E*TRADE Financial) C:\Users\nfminer\Downloads\E-TRADE_Pro_Installer.exe
    2015-07-22 09:17 - 2015-07-22 09:17 - 00000632 _____ C:\Users\Public\Desktop\SURE Trader.lnk
    2015-07-22 09:17 - 2015-07-22 09:17 - 00000000 ____D C:\SURE Trader
    2015-07-22 09:17 - 2015-07-22 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SURE Trader
    2015-07-22 09:16 - 2015-07-22 09:16 - 06155672 _____ C:\Users\nfminer\Downloads\SUREDEMO (1).exe
    2015-07-21 21:10 - 2015-07-21 21:10 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
    2015-07-21 21:09 - 2015-07-21 21:09 - 10844437 _____ C:\Users\nfminer\Downloads\usb1.16.12.0.zip
    2015-07-21 21:00 - 2015-07-21 21:00 - 00276536 _____ C:\Windows\Minidump\072115-48079-01.dmp
    2015-07-21 20:48 - 2015-07-21 21:10 - 00031228 _____ C:\Windows\DPINST.LOG
    2015-07-21 20:46 - 2015-07-21 20:46 - 05294566 _____ C:\Users\nfminer\Downloads\Asmedia_USB3_V11430_XPVistaWin7.zip
    2015-07-21 20:17 - 2015-07-21 20:17 - 00347816 _____ (Microsoft Corporation) C:\Users\nfminer\Downloads\MicrosoftFixit.Devices.Run (1).exe
    2015-07-21 20:15 - 2015-07-21 20:15 - 00347816 _____ (Microsoft Corporation) C:\Users\nfminer\Downloads\MicrosoftFixit.Devices.Run.exe
    2015-07-21 15:59 - 2015-07-21 15:59 - 00262144 ____H C:\Windows\DUMP53d3.DMP
    2015-07-21 15:41 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-07-21 15:41 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-07-21 15:27 - 2015-07-21 15:27 - 00002575 _____ C:\Users\Public\Desktop\MIDI-OX.lnk
    2015-07-21 15:27 - 2015-07-21 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIDI-OX
    2015-07-21 15:27 - 2015-07-21 15:27 - 00000000 ____D C:\Program Files (x86)\MIDIOX
    2015-07-21 15:25 - 2015-07-21 15:25 - 00917504 _____ C:\Users\nfminer\Downloads\midioxse.exe
    2015-07-21 15:19 - 2015-07-21 15:19 - 00000000 ____D C:\Users\nfminer\Downloads\mpk_mini_editor_v.13_win_00
    2015-07-21 15:19 - 2015-07-21 15:19 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Cycling '74
    2015-07-21 15:14 - 2015-07-21 15:14 - 04610932 _____ C:\Users\nfminer\Downloads\mpk_mini_editor_v.13_win_00.zip
    2015-07-21 15:14 - 2015-07-21 15:14 - 00001115 _____ C:\Users\nfminer\Downloads\mpk_mini_presets_00.zip
    2015-07-21 11:08 - 2015-07-21 11:08 - 06155672 _____ C:\Users\nfminer\Downloads\SUREDEMO.exe
    2015-07-21 10:35 - 2015-07-21 10:35 - 00000000 ____D C:\Users\nfminer\Documents\TC
    2015-07-21 10:33 - 2015-07-21 10:41 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\TC2000
    2015-07-21 10:33 - 2015-07-21 10:33 - 00001905 _____ C:\Users\nfminer\Desktop\TC2000 12.6.lnk
    2015-07-21 10:33 - 2015-07-21 10:33 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\TC2000
    2015-07-21 10:33 - 2015-07-21 10:33 - 00000000 ____D C:\Users\nfminer\AppData\Local\Caphyon
    2015-07-21 10:31 - 2015-07-21 10:31 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Worden Brothers, Inc
    2015-07-21 09:46 - 2015-07-21 09:47 - 04399928 _____ (Worden Brothers, Inc.) C:\Users\nfminer\Downloads\TC2000Setup.exe
    2015-07-20 20:45 - 2015-07-20 20:45 - 02688178 _____ C:\Users\nfminer\Downloads\looperman-l-1247377-0085862-xyilent-xyilent-chords-2.wav
    2015-07-20 20:31 - 2015-07-20 20:31 - 03226322 _____ C:\Users\nfminer\Downloads\looperman-l-1186219-0086180-acidpro-cheb-khaled-hiya-chords.wav
    2015-07-20 15:58 - 2015-07-14 20:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-07-20 15:58 - 2015-07-14 20:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-07-20 15:58 - 2015-07-14 20:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-07-20 15:58 - 2015-07-14 20:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-07-20 15:58 - 2015-07-14 19:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-07-20 15:58 - 2015-07-14 19:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-07-20 15:58 - 2015-07-14 19:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-07-20 15:58 - 2015-07-14 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-07-20 15:58 - 2015-07-14 18:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-07-20 15:58 - 2015-07-14 18:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-07-20 14:26 - 2015-07-20 14:26 - 02419276 _____ C:\Users\nfminer\Downloads\looperman-l-1006731-0079378-skeiz-clumpy-chilli-traps.wav
    2015-07-20 14:18 - 2015-07-20 14:18 - 02646044 _____ C:\Users\nfminer\Downloads\looperman-l-1193372-0071963-ozoneofficial-martin-garrix-animals-drop-drums.wav
    2015-07-20 14:15 - 2015-07-20 14:15 - 00333510 _____ C:\Users\nfminer\Downloads\looperman-l-1132158-0076573-lolboy356-big-room-house-kick.wav
    2015-07-20 14:13 - 2015-07-20 14:13 - 01209644 _____ C:\Users\nfminer\Downloads\looperman-l-1475302-0086202-imnawtarappah-zomboy-drums.wav
    2015-07-20 14:11 - 2015-07-20 14:11 - 01474404 _____ C:\Users\nfminer\Downloads\looperman-l-1592215-0086211-mrroads442-hip-hop-police.wav
    2015-07-20 14:09 - 2015-07-20 14:10 - 01325762 _____ C:\Users\nfminer\Downloads\looperman-l-1247377-0074675-xyilent-xyilent-dance-drums.wav
    2015-07-19 21:17 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-07-19 21:16 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2015-07-19 21:16 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
    2015-07-19 21:16 - 2015-04-29 11:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-07-19 21:16 - 2015-04-29 11:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-07-19 21:16 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-07-19 21:16 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-07-19 21:16 - 2015-04-29 11:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-07-19 21:16 - 2015-04-29 11:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-07-19 21:16 - 2015-04-29 11:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-07-19 21:16 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-07-19 21:16 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-07-19 21:16 - 2015-04-29 11:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-07-19 21:16 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-07-19 21:16 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-07-19 21:16 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-07-19 21:16 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-07-19 21:16 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-07-19 21:16 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-07-19 21:16 - 2014-12-11 10:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-07-19 21:15 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-07-19 21:15 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-07-19 21:15 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-07-19 21:15 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-07-19 21:15 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-07-19 21:15 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-07-19 21:15 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
     
    nfreytag,
    #2


  3. to hide this advert.

  4. 2015/08/06
    nfreytag

    nfreytag Inactive Thread Starter

    Joined:
    2015/08/06
    Messages:
    6
    Likes Received:
    0
    FRST.txt (pt1)

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
    Ran by nfminer (administrator) on NFMINER-PC (06-08-2015 16:54:22)
    Running from C:\Users\nfminer\Desktop
    Loaded Profiles: nfminer (Available Profiles: nfminer)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser not detected!)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe
    (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTray.exe
    () C:\a\q5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.exe
    (YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
    (Goobzo) C:\Program Files (x86)\YTDownloader\BrowserHelper.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (YTDownloader) C:\Program Files (x86)\YTDownloader\DownloadHelper.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTray.exe [9549808 2015-06-24] ()
    HKLM-x32\...\Run: [cutoauto] => C:\a\wincheckfe.exe
    HKLM-x32\...\Run: [interpee] => C:\a\internetport3.exe
    HKLM-x32\...\Run: [autoauto] => 16448965.bat
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\Run: [rutoauto] => 16448965.bat
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\Run: [dutoauto] => C:\a\wincheckfe.exe
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\Run: [interpee] => C:\a\internetport3.exe
    Startup: C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk [2015-08-06]
    ShortcutTarget: intr.lnk -> C:\a\58967140.bat ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Policy restriction on ProxySettings)
    ProxyEnable: [HKLM-x32] => ProxyEnable is set
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyEnable: [S-1-5-21-562720426-3001973214-2539249035-1000] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-562720426-3001973214-2539249035-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
    Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-06] (Lavasoft Limited)
    Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-06] (Lavasoft Limited)
    Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
    Tcpip\..\Interfaces\{585FC42D-A245-49F0-B7CB-E1688CF92B30}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
    Tcpip\..\Interfaces\{C6B6BA06-5FA5-4880-B38E-C583DB1768D1}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
    FF Plugin HKU\S-1-5-21-562720426-3001973214-2539249035-1000: etrade.com/ETProPlugin -> C:\Program Files (x86)\E-TRADE Pro\npetproplugin.dll [2015-01-26] (E*Trade Financial)

    Chrome:
    =======
    CHR Profile: C:\Users\nfminer\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\nfminer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-06]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\nfminer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
    R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-08-05] ()
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe [716664 2015-06-24] ()
    R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-08-06] (Lavasoft Limited)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [13312 2015-08-06] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S2 c31ed948; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.99\OptProMon.dll ",ENT <==== ATTENTION
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc [X] <==== ATTENTION
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATTENTION

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
    R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
    R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender)
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
    R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC)
    R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC)
    S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-08-06] (Disc Soft Ltd)
    R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-06] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-08-05] (YTDownloader)
    S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
    S3 TRIXX; \??\C:\Users\nfminer\AppData\Local\Temp\TRIXX.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-06 16:55 - 2015-08-06 16:55 - 00000000 _____ C:\Users\nfminer\AppData\Local\apq5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.html
    2015-08-06 16:54 - 2015-08-06 16:54 - 00011872 _____ C:\Users\nfminer\Desktop\FRST.txt
    2015-08-06 16:54 - 2015-08-06 16:54 - 00000000 ____D C:\FRST
    2015-08-06 16:53 - 2015-08-06 16:53 - 02170368 _____ (Farbar) C:\Users\nfminer\Desktop\FRST64.exe
    2015-08-06 16:40 - 2015-08-06 16:54 - 00002154 _____ C:\Users\nfminer\Desktop\Google Chrome.lnk
    2015-08-06 16:39 - 2015-08-06 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-08-06 16:38 - 2015-08-06 16:43 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-08-06 16:38 - 2015-08-06 16:43 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-08-06 16:38 - 2015-08-06 16:38 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-08-06 16:38 - 2015-08-06 16:38 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-08-06 16:03 - 2015-08-06 16:03 - 00000476 __RSH C:\ProgramData\ntuser.pol
    2015-08-06 11:50 - 2015-08-06 11:50 - 00000000 ____D C:\ProgramData\BitDefender
    2015-08-06 11:44 - 2015-08-06 11:44 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\LavasoftStatistics
    2015-08-06 11:43 - 2015-08-06 12:06 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Lavasoft
    2015-08-06 11:43 - 2015-08-06 12:03 - 00002896 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
    2015-08-06 11:43 - 2015-08-06 12:03 - 00002896 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
    2015-08-06 11:43 - 2015-08-06 11:43 - 00422400 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
    2015-08-06 11:43 - 2015-08-06 11:43 - 00342016 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
    2015-08-06 11:43 - 2015-08-06 11:43 - 00000000 ____D C:\Users\nfminer\AppData\Local\Lavasoft
    2015-08-06 11:43 - 2015-08-06 11:43 - 00000000 ____D C:\Program Files (x86)\Lavasoft
    2015-08-06 11:42 - 2015-08-06 15:28 - 00002321 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2015-08-06 11:42 - 2015-08-06 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2015-08-06 11:42 - 2015-08-06 11:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2015-08-06 11:42 - 2015-01-06 13:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00156936 _____ C:\Windows\system32\bdfwcore.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
    2015-08-06 11:42 - 2015-01-06 13:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
    2015-08-06 11:41 - 2015-08-06 11:41 - 00000000 ____D C:\Program Files\Lavasoft
    2015-08-06 11:40 - 2015-08-06 11:40 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
    2015-08-06 11:39 - 2015-08-06 11:43 - 00000000 ____D C:\ProgramData\Lavasoft
    2015-08-06 11:39 - 2015-08-06 11:39 - 02009904 _____ C:\Users\nfminer\Downloads\Adaware_Installer.exe
    2015-08-06 11:27 - 2015-08-06 11:27 - 00000426 __RSH C:\Users\nfminer\ntuser.pol
    2015-08-06 11:14 - 2015-08-06 11:15 - 00000000 ____D C:\Users\nfminer\AppData\Local\BrowserHelper
    2015-08-06 10:30 - 2015-08-06 10:30 - 00000000 ____D C:\Windows\pss
    2015-08-06 02:57 - 2015-08-06 02:57 - 00003912 _____ C:\Windows\System32\Tasks\YTDownloaderUpd
    2015-08-06 02:57 - 2015-08-06 02:57 - 00003590 _____ C:\Windows\System32\Tasks\YTDownloader
    2015-08-06 02:57 - 2015-08-06 02:57 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
    2015-08-06 02:57 - 2015-08-06 02:57 - 00000000 ____D C:\Program Files (x86)\YTDownloader
    2015-08-06 02:55 - 2015-08-06 14:01 - 00000000 ____D C:\Program Files (x86)\ShopperPro
    2015-08-06 02:51 - 2015-08-06 10:07 - 00000000 ____D C:\Program Files (x86)\globalUpdate
    2015-08-06 02:51 - 2015-08-06 10:07 - 00000000 ____D C:\Program Files (x86)\ee63cdc6-5f91-44d3-a3dd-8241c1189391
    2015-08-06 02:51 - 2015-08-06 10:07 - 00000000 ____D C:\Program Files (x86)\7820b0eb-3626-4620-9e3a-dab3daac0de7
    2015-08-06 02:51 - 2015-08-06 02:51 - 00000000 ____D C:\Users\nfminer\AppData\Local\globalUpdate
    2015-08-06 02:48 - 2015-08-06 02:48 - 00000000 ____D C:\Users\nfminer\AppData\Local\CrashRpt
    2015-08-06 02:34 - 2015-08-06 15:26 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-08-06 02:34 - 2015-08-06 02:34 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-08-06 02:34 - 2015-08-06 02:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-08-06 02:34 - 2015-08-06 02:34 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-08-06 02:34 - 2015-08-06 02:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-08-06 02:34 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-08-06 02:34 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-08-06 02:34 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-08-06 02:33 - 2015-08-06 02:34 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\nfminer\Downloads\mbam-setup-2.1.8.1057.exe
    2015-08-06 02:25 - 2015-08-06 02:28 - 00000000 ____D C:\AdwCleaner
    2015-08-06 02:24 - 2015-08-06 02:24 - 02248704 _____ C:\Users\nfminer\Downloads\adwcleaner_4.208.exe
    2015-08-06 02:23 - 2015-08-06 16:53 - 00000000 ___HD C:\a
    2015-08-06 02:23 - 2015-08-06 03:42 - 00000000 ____D C:\Users\nfminer\AppData\Local\yuntnani
    2015-08-06 02:23 - 2015-08-06 02:23 - 00000000 ____D C:\Program Files (x86)\FastInternet
    2015-08-06 02:17 - 2015-08-06 02:17 - 00000019 _____ C:\Windows\SysWOW64\16448965.bat
    2015-08-06 02:15 - 2015-08-06 02:15 - 00003464 _____ C:\Windows\System32\Tasks\Woodoreerju
    2015-08-06 02:11 - 2015-08-06 15:25 - 00000346 ____H C:\Windows\Tasks\TANTVXMGQVTBIOHY.job
    2015-08-06 02:11 - 2015-08-06 15:25 - 00000334 _____ C:\Windows\Tasks\GDAQIZHHFD1.job
    2015-08-06 02:11 - 2015-08-06 02:11 - 00003384 _____ C:\Windows\System32\Tasks\TANTVXMGQVTBIOHY
    2015-08-06 02:11 - 2015-08-06 02:11 - 00002856 _____ C:\Windows\System32\Tasks\GDAQIZHHFD1
    2015-08-06 02:11 - 2015-08-06 02:11 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-08-06 02:11 - 2015-08-06 02:11 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
    2015-08-06 02:10 - 2015-08-06 15:22 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Eppink
    2015-08-06 02:02 - 2015-08-06 02:02 - 00000912 _____ C:\Windows\SysWOW64\${LOGFILE}
    2015-08-06 01:57 - 2015-08-06 02:45 - 00000000 ___HD C:\ProgramData\msx
    2015-08-06 01:54 - 2015-08-06 01:54 - 00631808 _____ C:\Windows\msx.dat
    2015-08-06 01:52 - 2009-06-10 14:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2015-08-06 01:43 - 2015-08-06 01:43 - 00020349 _____ C:\Windows\srtpoq.xml
    2015-08-06 01:32 - 2015-08-06 10:20 - 00000024 _____ C:\Users\nfminer\AppData\Roaming\appdataFr25.bin
    2015-08-06 01:12 - 2015-08-06 01:12 - 00000000 ____D C:\ProgramData\Free Download Manager
    2015-08-06 01:08 - 2015-08-06 01:08 - 00000000 ____D C:\Program Files (x86)\Disc Soft
    2015-08-06 01:07 - 2015-08-06 01:14 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\DAEMON Tools Lite
    2015-08-06 01:07 - 2015-08-06 01:09 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
    2015-08-06 01:07 - 2015-08-06 01:07 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
    2015-08-06 01:06 - 2015-08-06 01:07 - 13146016 _____ (Disc Soft Ltd) C:\Users\nfminer\Downloads\DTLite501-0406.exe
    2015-08-06 00:57 - 2015-08-06 01:44 - 00000000 ____D C:\Program Files (x86)\Free Download Manager
    2015-08-06 00:54 - 2015-08-06 00:59 - 00000000 ____D C:\Users\nfminer\Downloads\Vuze Leap
    2015-08-06 00:54 - 2015-08-06 00:56 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Vuze Leap
    2015-08-06 00:54 - 2015-08-06 00:54 - 00000946 _____ C:\Users\nfminer\Desktop\Vuze Leap.lnk
    2015-08-06 00:54 - 2015-08-06 00:54 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vuze Leap
    2015-08-06 00:49 - 2015-08-06 00:49 - 00129024 _____ (Azureus Software, Inc.) C:\Users\nfminer\Downloads\VuzeLeapStub.exe
    2015-08-06 00:47 - 2015-08-06 00:53 - 00003282 _____ C:\Windows\System32\Tasks\Windows Defrag
    2015-08-06 00:47 - 2015-08-06 00:53 - 00003282 _____ C:\Windows\System32\Tasks\Alfasistem Memory Job
    2015-08-06 00:47 - 2015-08-06 00:47 - 00108098 _____ C:\Users\nfminer\Downloads\SimCity 3000 Unlimited FULL GAME SERIAL PATCH Vallence .zip
    2015-08-06 00:47 - 2015-08-06 00:47 - 00000000 _____ C:\Users\nfminer\AppData\Roaming\903D.tmp
    2015-08-06 00:29 - 2015-08-06 00:29 - 00000000 ____D C:\Users\nfminer\AppData\Local\Microsoft Corporation
    2015-08-06 00:28 - 2015-08-06 00:28 - 00002127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
    2015-08-06 00:28 - 2015-08-06 00:28 - 00002115 _____ C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
    2015-08-06 00:28 - 2015-08-06 00:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
    2015-08-06 00:27 - 2015-08-06 00:27 - 08669472 _____ (Microsoft Corporation) C:\Users\nfminer\Downloads\Windows7UpgradeAdvisorSetup.exe
    2015-08-06 00:24 - 2015-08-06 00:24 - 00000000 ____D C:\Windows\system32\MRT
    2015-08-06 00:24 - 2015-08-06 00:24 - 00000000 ____D C:\Program Files (x86)\Webproxynet Unblock any website
    2015-08-06 00:24 - 2015-08-06 00:24 - 00000000 ____D C:\6b5688dacf6a6c48694dfd1d
    2015-08-06 00:24 - 2015-07-03 08:43 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-08-06 00:20 - 2015-08-06 12:20 - 00000380 _____ C:\Windows\Tasks\EasyTrain.job
    2015-08-06 00:20 - 2015-08-06 00:20 - 00003296 _____ C:\Windows\System32\Tasks\EasyTrain
    2015-08-06 00:18 - 2015-08-06 00:18 - 00000000 ____D C:\Users\nfminer\Downloads\SIMCITY3000_EXE_DE
    2015-08-06 00:17 - 2015-08-06 00:17 - 00375207 _____ C:\Users\nfminer\Downloads\SIMCITY3000_EXE_DE.ZIP
    2015-07-24 19:13 - 2015-07-24 19:13 - 00276536 _____ C:\Windows\Minidump\072415-71557-01.dmp
    2015-07-23 11:23 - 2015-07-23 11:23 - 00001945 _____ C:\Users\Public\Desktop\E-TRADE Pro.lnk
    2015-07-23 11:23 - 2015-07-23 11:23 - 00000070 _____ C:\Users\nfminer\Downloads\error.log
    2015-07-23 11:23 - 2015-07-23 11:23 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\E-TRADE Pro
    2015-07-23 11:23 - 2015-07-23 11:23 - 00000000 ____D C:\Program Files (x86)\E-TRADE Pro
    2015-07-23 11:14 - 2015-07-23 11:15 - 30643784 _____ (E*TRADE Financial) C:\Users\nfminer\Downloads\E-TRADE_Pro_Installer.exe
    2015-07-22 09:17 - 2015-07-22 09:17 - 00000632 _____ C:\Users\Public\Desktop\SURE Trader.lnk
    2015-07-22 09:17 - 2015-07-22 09:17 - 00000000 ____D C:\SURE Trader
    2015-07-22 09:17 - 2015-07-22 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SURE Trader
    2015-07-22 09:16 - 2015-07-22 09:16 - 06155672 _____ C:\Users\nfminer\Downloads\SUREDEMO (1).exe
    2015-07-21 21:10 - 2015-07-21 21:10 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
    2015-07-21 21:09 - 2015-07-21 21:09 - 10844437 _____ C:\Users\nfminer\Downloads\usb1.16.12.0.zip
    2015-07-21 21:00 - 2015-07-21 21:00 - 00276536 _____ C:\Windows\Minidump\072115-48079-01.dmp
    2015-07-21 20:48 - 2015-07-21 21:10 - 00031228 _____ C:\Windows\DPINST.LOG
    2015-07-21 20:46 - 2015-07-21 20:46 - 05294566 _____ C:\Users\nfminer\Downloads\Asmedia_USB3_V11430_XPVistaWin7.zip
    2015-07-21 20:17 - 2015-07-21 20:17 - 00347816 _____ (Microsoft Corporation) C:\Users\nfminer\Downloads\MicrosoftFixit.Devices.Run (1).exe
    2015-07-21 20:15 - 2015-07-21 20:15 - 00347816 _____ (Microsoft Corporation) C:\Users\nfminer\Downloads\MicrosoftFixit.Devices.Run.exe
    2015-07-21 15:59 - 2015-07-21 15:59 - 00262144 ____H C:\Windows\DUMP53d3.DMP
    2015-07-21 15:41 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-07-21 15:41 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-07-21 15:27 - 2015-07-21 15:27 - 00002575 _____ C:\Users\Public\Desktop\MIDI-OX.lnk
    2015-07-21 15:27 - 2015-07-21 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIDI-OX
    2015-07-21 15:27 - 2015-07-21 15:27 - 00000000 ____D C:\Program Files (x86)\MIDIOX
    2015-07-21 15:25 - 2015-07-21 15:25 - 00917504 _____ C:\Users\nfminer\Downloads\midioxse.exe
    2015-07-21 15:19 - 2015-07-21 15:19 - 00000000 ____D C:\Users\nfminer\Downloads\mpk_mini_editor_v.13_win_00
    2015-07-21 15:19 - 2015-07-21 15:19 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Cycling '74
    2015-07-21 15:14 - 2015-07-21 15:14 - 04610932 _____ C:\Users\nfminer\Downloads\mpk_mini_editor_v.13_win_00.zip
    2015-07-21 15:14 - 2015-07-21 15:14 - 00001115 _____ C:\Users\nfminer\Downloads\mpk_mini_presets_00.zip
    2015-07-21 11:08 - 2015-07-21 11:08 - 06155672 _____ C:\Users\nfminer\Downloads\SUREDEMO.exe
    2015-07-21 10:35 - 2015-07-21 10:35 - 00000000 ____D C:\Users\nfminer\Documents\TC
    2015-07-21 10:33 - 2015-07-21 10:41 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\TC2000
    2015-07-21 10:33 - 2015-07-21 10:33 - 00001905 _____ C:\Users\nfminer\Desktop\TC2000 12.6.lnk
    2015-07-21 10:33 - 2015-07-21 10:33 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\TC2000
    2015-07-21 10:33 - 2015-07-21 10:33 - 00000000 ____D C:\Users\nfminer\AppData\Local\Caphyon
    2015-07-21 10:31 - 2015-07-21 10:31 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Worden Brothers, Inc
    2015-07-21 09:46 - 2015-07-21 09:47 - 04399928 _____ (Worden Brothers, Inc.) C:\Users\nfminer\Downloads\TC2000Setup.exe
    2015-07-20 20:45 - 2015-07-20 20:45 - 02688178 _____ C:\Users\nfminer\Downloads\looperman-l-1247377-0085862-xyilent-xyilent-chords-2.wav
    2015-07-20 20:31 - 2015-07-20 20:31 - 03226322 _____ C:\Users\nfminer\Downloads\looperman-l-1186219-0086180-acidpro-cheb-khaled-hiya-chords.wav
    2015-07-20 15:58 - 2015-07-14 20:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-07-20 15:58 - 2015-07-14 20:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-07-20 15:58 - 2015-07-14 20:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-07-20 15:58 - 2015-07-14 20:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-07-20 15:58 - 2015-07-14 19:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-07-20 15:58 - 2015-07-14 19:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-07-20 15:58 - 2015-07-14 19:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-07-20 15:58 - 2015-07-14 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-07-20 15:58 - 2015-07-14 18:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-07-20 15:58 - 2015-07-14 18:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-07-20 14:26 - 2015-07-20 14:26 - 02419276 _____ C:\Users\nfminer\Downloads\looperman-l-1006731-0079378-skeiz-clumpy-chilli-traps.wav
    2015-07-20 14:18 - 2015-07-20 14:18 - 02646044 _____ C:\Users\nfminer\Downloads\looperman-l-1193372-0071963-ozoneofficial-martin-garrix-animals-drop-drums.wav
    2015-07-20 14:15 - 2015-07-20 14:15 - 00333510 _____ C:\Users\nfminer\Downloads\looperman-l-1132158-0076573-lolboy356-big-room-house-kick.wav
    2015-07-20 14:13 - 2015-07-20 14:13 - 01209644 _____ C:\Users\nfminer\Downloads\looperman-l-1475302-0086202-imnawtarappah-zomboy-drums.wav
    2015-07-20 14:11 - 2015-07-20 14:11 - 01474404 _____ C:\Users\nfminer\Downloads\looperman-l-1592215-0086211-mrroads442-hip-hop-police.wav
    2015-07-20 14:09 - 2015-07-20 14:10 - 01325762 _____ C:\Users\nfminer\Downloads\looperman-l-1247377-0074675-xyilent-xyilent-dance-drums.wav
    2015-07-19 21:17 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-07-19 21:16 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2015-07-19 21:16 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
    2015-07-19 21:16 - 2015-04-29 11:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-07-19 21:16 - 2015-04-29 11:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-07-19 21:16 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-07-19 21:16 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-07-19 21:16 - 2015-04-29 11:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-07-19 21:16 - 2015-04-29 11:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-07-19 21:16 - 2015-04-29 11:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-07-19 21:16 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-07-19 21:16 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-07-19 21:16 - 2015-04-29 11:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-07-19 21:16 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-07-19 21:16 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-07-19 21:16 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-07-19 21:16 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-07-19 21:16 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-07-19 21:16 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-07-19 21:16 - 2014-12-11 10:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-07-19 21:15 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-07-19 21:15 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-07-19 21:15 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-07-19 21:15 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-07-19 21:15 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-07-19 21:15 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-07-19 21:15 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-07-19 21:15 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-07-19 21:15 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-07-19 21:15 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
     
    nfreytag,
    #3
  5. 2015/08/06
    nfreytag

    nfreytag Inactive Thread Starter

    Joined:
    2015/08/06
    Messages:
    6
    Likes Received:
    0
    FRST.txt (pt2)

    2015-07-19 21:15 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-07-19 21:15 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-07-19 21:15 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-07-19 21:15 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-07-19 21:15 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-07-19 21:15 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-07-19 21:15 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-07-19 21:15 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-07-19 21:15 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-07-19 21:14 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-07-19 21:14 - 2015-07-02 14:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-07-19 21:14 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-07-19 21:14 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-07-19 21:14 - 2015-07-02 13:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-07-19 21:14 - 2015-07-02 13:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-07-19 21:14 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-07-19 21:14 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-07-19 21:14 - 2015-07-02 13:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-07-19 21:14 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-07-19 21:14 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-07-19 21:14 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-07-19 21:14 - 2015-06-26 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-07-19 21:14 - 2015-06-26 19:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-07-19 21:14 - 2015-06-26 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-07-19 21:14 - 2015-06-26 18:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-07-19 21:14 - 2015-06-25 11:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-07-19 21:14 - 2015-06-25 10:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-07-19 21:14 - 2015-06-25 01:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-07-19 21:14 - 2015-06-20 13:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-07-19 21:14 - 2015-06-20 12:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-07-19 21:14 - 2015-06-20 12:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-07-19 21:14 - 2015-06-20 12:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-07-19 21:14 - 2015-06-20 12:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-07-19 21:14 - 2015-06-20 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-07-19 21:14 - 2015-06-20 12:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-07-19 21:14 - 2015-06-20 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-07-19 21:14 - 2015-06-20 12:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-07-19 21:14 - 2015-06-20 12:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-07-19 21:14 - 2015-06-20 12:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-07-19 21:14 - 2015-06-20 12:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-07-19 21:14 - 2015-06-20 12:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-07-19 21:14 - 2015-06-20 12:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-07-19 21:14 - 2015-06-20 12:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-07-19 21:14 - 2015-06-20 12:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-07-19 21:14 - 2015-06-20 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-07-19 21:14 - 2015-06-20 11:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-07-19 21:14 - 2015-06-20 11:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-07-19 21:14 - 2015-06-20 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-07-19 21:14 - 2015-06-20 11:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-07-19 21:14 - 2015-06-20 11:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-07-19 21:14 - 2015-06-20 11:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-07-19 21:14 - 2015-06-19 11:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-07-19 21:14 - 2015-06-19 11:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-07-19 21:14 - 2015-06-19 11:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-07-19 21:14 - 2015-06-19 11:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-07-19 21:14 - 2015-06-19 11:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-07-19 21:14 - 2015-06-19 11:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-07-19 21:14 - 2015-06-19 11:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-07-19 21:14 - 2015-06-19 11:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-07-19 21:14 - 2015-06-19 11:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-07-19 21:14 - 2015-06-19 11:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-07-19 21:14 - 2015-06-19 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-07-19 21:14 - 2015-06-19 10:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-07-19 21:14 - 2015-06-19 10:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-07-19 21:14 - 2015-06-19 10:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-07-19 21:14 - 2015-06-19 10:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-07-19 21:14 - 2015-06-19 10:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-07-19 21:14 - 2015-06-19 10:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-07-19 21:14 - 2015-06-19 10:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-07-19 21:14 - 2015-06-19 10:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-07-19 21:14 - 2015-06-17 10:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-07-19 21:14 - 2015-06-17 10:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-07-19 21:14 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-07-19 21:14 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-07-19 21:14 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-07-19 21:14 - 2015-03-24 20:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-07-19 21:14 - 2015-03-24 20:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-07-19 21:14 - 2015-03-24 20:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-07-19 21:14 - 2015-03-24 20:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-07-19 21:14 - 2015-03-24 20:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-07-19 21:14 - 2015-03-24 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-07-19 21:14 - 2015-03-24 20:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-07-19 21:14 - 2015-03-24 20:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-07-19 21:14 - 2015-03-24 20:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-07-19 21:14 - 2015-03-24 20:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-07-19 21:14 - 2015-03-24 20:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-07-19 21:14 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-07-19 21:14 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-07-19 21:14 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-07-19 21:14 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-07-19 21:14 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-07-19 21:14 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-07-19 21:14 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-07-19 21:14 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-07-19 21:14 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-07-19 21:14 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-07-19 21:14 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-07-19 21:14 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-07-19 21:13 - 2015-07-04 11:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2015-07-19 21:13 - 2015-07-04 10:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2015-07-19 21:13 - 2015-07-01 13:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-07-19 21:13 - 2015-07-01 13:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-07-19 21:13 - 2015-07-01 13:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-07-19 21:13 - 2015-07-01 13:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-07-19 21:13 - 2015-07-01 13:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-07-19 21:13 - 2015-07-01 13:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-07-19 21:13 - 2015-07-01 13:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-07-19 21:13 - 2015-07-01 13:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-07-19 21:13 - 2015-07-01 13:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-07-19 21:13 - 2015-07-01 13:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-07-19 21:13 - 2015-07-01 13:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-07-19 21:13 - 2015-07-01 13:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-07-19 21:13 - 2015-07-01 13:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-07-19 21:13 - 2015-07-01 13:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-07-19 21:13 - 2015-07-01 13:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-07-19 21:13 - 2015-07-01 13:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-07-19 21:13 - 2015-07-01 13:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-07-19 21:13 - 2015-07-01 13:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-07-19 21:13 - 2015-07-01 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-07-19 21:13 - 2015-07-01 13:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-07-19 21:13 - 2015-07-01 13:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-07-19 21:13 - 2015-07-01 13:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-07-19 21:13 - 2015-07-01 13:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-07-19 21:13 - 2015-07-01 13:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-07-19 21:13 - 2015-07-01 13:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-07-19 21:13 - 2015-07-01 13:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-07-19 21:13 - 2015-07-01 13:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-07-19 21:13 - 2015-07-01 13:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-07-19 21:13 - 2015-07-01 13:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-07-19 21:13 - 2015-07-01 13:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-07-19 21:13 - 2015-07-01 13:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-07-19 21:13 - 2015-07-01 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-07-19 21:13 - 2015-07-01 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-07-19 21:13 - 2015-07-01 13:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-07-19 21:13 - 2015-07-01 13:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-07-19 21:13 - 2015-07-01 12:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-07-19 21:13 - 2015-07-01 12:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-07-19 21:13 - 2015-07-01 12:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-07-19 21:13 - 2015-06-15 14:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-07-19 21:13 - 2015-06-15 14:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-07-19 21:13 - 2015-06-15 14:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-07-19 21:13 - 2015-06-15 14:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2015-07-19 21:13 - 2015-06-15 14:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2015-07-19 21:13 - 2015-06-15 14:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2015-07-19 21:13 - 2015-06-15 14:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2015-07-19 21:13 - 2015-06-15 14:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-07-19 21:13 - 2015-06-15 14:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2015-07-19 21:13 - 2015-06-15 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2015-07-19 21:13 - 2015-06-15 14:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2015-07-19 21:13 - 2015-06-15 14:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2015-07-19 21:13 - 2015-04-24 11:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-07-19 21:13 - 2015-04-24 10:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2015-07-19 21:13 - 2015-03-16 22:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-07-19 21:13 - 2015-03-16 22:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-07-19 21:13 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-07-19 21:13 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-07-19 21:13 - 2015-03-16 21:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-07-19 21:13 - 2015-03-09 20:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-07-19 21:13 - 2015-03-09 20:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-07-19 21:13 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-07-19 21:13 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-07-19 21:13 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-07-19 21:13 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-07-19 21:12 - 2015-06-03 13:17 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-07-19 21:12 - 2015-05-08 20:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-07-19 21:12 - 2015-05-08 20:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-07-19 21:12 - 2015-05-08 20:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-07-19 21:12 - 2015-05-08 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-07-19 21:12 - 2015-05-08 20:26 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-07-19 21:12 - 2015-05-08 20:26 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-07-19 21:12 - 2015-05-08 20:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-07-19 21:12 - 2015-05-08 20:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-07-19 21:12 - 2015-05-08 20:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-07-19 21:12 - 2015-05-08 20:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-07-19 21:12 - 2015-05-08 20:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-07-19 21:12 - 2015-05-08 20:12 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-07-19 21:12 - 2015-05-08 20:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 19:01 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-07-19 21:12 - 2015-05-08 19:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-07-19 21:12 - 2015-05-08 18:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 18:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-07-19 21:12 - 2015-05-08 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-07-19 21:12 - 2015-03-16 22:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-07-19 21:12 - 2015-03-16 22:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-07-19 21:12 - 2015-03-16 22:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-07-19 21:12 - 2015-03-16 22:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-07-19 21:12 - 2015-03-16 22:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-07-19 21:12 - 2015-03-16 22:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-07-19 21:12 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-07-19 21:12 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-07-19 21:12 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-07-19 21:12 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-07-19 21:12 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-07-19 21:12 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-07-19 21:12 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-07-19 21:12 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-07-19 21:12 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-07-19 21:11 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-07-19 21:11 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-07-19 21:11 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-07-19 21:11 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-07-19 21:11 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-07-19 21:10 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-07-19 21:10 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-07-19 20:52 - 2015-07-19 20:52 - 00002056 _____ C:\Users\nfminer\Desktop\FL Studio 12 (64bit).lnk
    2015-07-19 20:52 - 2015-07-19 20:52 - 00002040 _____ C:\Users\nfminer\Desktop\FL Studio 12.lnk
    2015-07-19 20:52 - 2015-07-19 20:52 - 00001138 _____ C:\Users\nfminer\Desktop\ASIO4ALL v2 Instruction Manual.lnk
    2015-07-19 20:52 - 2015-07-19 20:52 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
    2015-07-19 20:52 - 2015-07-19 20:52 - 00000000 ____D C:\Program Files\Common Files\VST2
    2015-07-19 20:52 - 2015-07-19 20:52 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
    2015-07-19 20:52 - 2015-07-19 20:52 - 00000000 ____D C:\Program Files (x86)\VstPlugins
    2015-07-19 20:52 - 2015-07-19 20:52 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
    2015-07-19 20:51 - 2015-07-19 20:51 - 00000000 ____D C:\Users\nfminer\Documents\Image-Line
    2015-07-19 20:51 - 2015-07-19 20:51 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2015-07-19 20:51 - 2015-07-19 20:51 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Image-Line
    2015-07-19 20:51 - 2015-07-19 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
    2015-07-19 20:51 - 2015-07-19 20:51 - 00000000 ____D C:\Program Files\Image-Line
    2015-07-19 20:36 - 2015-07-19 20:52 - 00000000 ____D C:\Program Files (x86)\Image-Line
    2015-07-19 20:34 - 2015-07-19 20:35 - 454828488 _____ (Image-Line) C:\Users\nfminer\Downloads\flstudio_12.0.2.exe
    2015-07-19 19:39 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2015-07-19 19:39 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2015-07-19 19:39 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2015-07-19 19:39 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2015-07-19 19:39 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2015-07-19 19:39 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2015-07-19 19:38 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2015-07-19 19:38 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-06 16:39 - 2013-12-13 21:56 - 00000000 ____D C:\Program Files (x86)\Google
    2015-08-06 16:27 - 2009-07-13 21:45 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-08-06 16:27 - 2009-07-13 21:45 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-08-06 16:03 - 2013-12-13 04:21 - 01402166 _____ C:\Windows\WindowsUpdate.log
    2015-08-06 15:25 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-08-06 15:25 - 2009-07-13 21:51 - 00044645 _____ C:\Windows\setupact.log
    2015-08-06 12:02 - 2010-11-20 20:47 - 00195186 _____ C:\Windows\PFRO.log
    2015-08-06 11:38 - 2013-12-13 21:55 - 00000000 ____D C:\Users\nfminer\AppData\Local\Deployment
    2015-08-06 11:27 - 2013-12-13 21:31 - 00000000 ____D C:\Users\nfminer
    2015-08-06 11:24 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2015-08-06 10:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-08-06 10:07 - 2013-12-13 21:38 - 00000000 ____D C:\Program Files (x86)\AMD
    2015-08-06 02:57 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\System
    2015-08-06 02:49 - 2013-12-24 20:40 - 00000000 ____D C:\ProgramData\Package Cache
    2015-08-06 02:30 - 2013-12-13 21:31 - 00001325 _____ C:\Users\nfminer\Desktop\Internet Explorer.lnk
    2015-08-06 01:40 - 2013-12-13 21:56 - 00000000 ____D C:\Users\nfminer\AppData\Local\Google
    2015-07-31 23:06 - 2009-07-13 22:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-07-24 19:13 - 2013-12-24 21:27 - 260147379 _____ C:\Windows\MEMORY.DMP
    2015-07-24 19:13 - 2013-12-14 11:15 - 00000000 ____D C:\Windows\Minidump
    2015-07-22 01:28 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2015-07-21 20:05 - 2009-07-13 21:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-07-21 16:01 - 2011-04-12 01:28 - 00000000 ____D C:\Program Files\Windows Journal
    2015-07-21 16:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2015-07-21 16:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
    2015-07-21 16:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-07-21 15:54 - 2013-12-24 20:43 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-07-21 15:27 - 2013-12-13 21:31 - 00000000 ____D C:\Users\nfminer\AppData\Local\VirtualStore
    2015-07-19 20:42 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
    2015-07-19 20:24 - 2013-12-13 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Genie

    ==================== Files in the root of some directories =======

    2015-08-06 00:47 - 2015-08-06 00:47 - 0000000 _____ () C:\Users\nfminer\AppData\Roaming\903D.tmp
    2015-08-06 01:32 - 2015-08-06 10:20 - 0000024 _____ () C:\Users\nfminer\AppData\Roaming\appdataFr25.bin
    2013-12-24 19:52 - 2013-12-24 19:52 - 0000017 _____ () C:\Users\nfminer\AppData\Local\resmon.resmoncfg

    Some files in TEMP:
    ====================
    C:\Users\nfminer\AppData\Local\Temp\0207b413-3408-46b3-827d-13a8e0083498.exe
    C:\Users\nfminer\AppData\Local\Temp\5C81.tmp.exe
    C:\Users\nfminer\AppData\Local\Temp\bitool.dll
    C:\Users\nfminer\AppData\Local\Temp\C071.tmp.exe
    C:\Users\nfminer\AppData\Local\Temp\D6DE.tmp.exe
    C:\Users\nfminer\AppData\Local\Temp\i4jdel0.exe
    C:\Users\nfminer\AppData\Local\Temp\Quarantine.exe
    C:\Users\nfminer\AppData\Local\Temp\setup_418.exe
    C:\Users\nfminer\AppData\Local\Temp\sqlite3.dll
    C:\Users\nfminer\AppData\Local\Temp\Uninstall.exe
    C:\Users\nfminer\AppData\Local\Temp\VOPackage_1712.exe
    C:\Users\nfminer\AppData\Local\Temp\ytdieamodc_amodc_setup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-08-02 13:04

    ==================== End of log ============================
     
    nfreytag,
    #4
  6. 2015/08/06
    nfreytag

    nfreytag Inactive Thread Starter

    Joined:
    2015/08/06
    Messages:
    6
    Likes Received:
    0
    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
    Ran by nfminer (2015-08-06 16:55:11)
    Running from C:\Users\nfminer\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-562720426-3001973214-2539249035-500 - Administrator - Disabled)
    Guest (S-1-5-21-562720426-3001973214-2539249035-501 - Limited - Disabled)
    nfminer (S-1-5-21-562720426-3001973214-2539249035-1000 - Administrator - Enabled) => C:\Users\nfminer

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ad-Aware Antivirus (HKLM\...\{A041066D-37EF-46FC-9DF7-465A07F1C5CF}_AdAwareUpdater) (Version: 11.7.485.8398 - Lavasoft)
    AdAwareInstaller (Version: 11.7.485.8398 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.7.485.8398 - Lavasoft) Hidden
    AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
    AntispamEngine (Version: 2.4.3171.0 - Lavasoft) Hidden
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
    AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
    E-TRADE Pro 1.06 (HKLM-x32\...\4285-0367-3118-9779) (Version: 1.06 - E*TRADE Financial)
    FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
    FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
    FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
    OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
    Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version: - )
    Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - ) <==== ATTENTION
    SURE Trader 3.8.0.2 (HKLM-x32\...\SURE Trader) (Version: 3.8.0.2 - DAS, Inc.)
    TC2000 (HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\TC2000 1.0.0) (Version: 1.0.0 - Worden Brothers, Inc.)
    TC2000 (x32 Version: 1.0.0 - Worden Brothers, Inc.) Hidden
    Vuze Leap 1.3 (HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\{a9a27088-7578-499d-ad2b-67ba95a4def4}) (Version: 1.3 - Azureus Software, Inc.)
    Web Companion (HKLM-x32\...\{7834f6ea-075e-4a53-bbf0-05a9ea156d4b}) (Version: 2.0.1025.2130 - Lavasoft)
    Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    YTDownloader (HKLM-x32\...\YTDownloader) (Version: - YTDownloader) <==== ATTENTION

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {04330760-1D9C-4F52-8163-1E6CDB45E3FB} - \ShopperProJSUpd No Task File <==== ATTENTION
    Task: {09C5B026-42D8-46B4-AC18-ED504FF70955} - \bvxvyxvec No Task File <==== ATTENTION
    Task: {2366F42A-CAB2-471D-9287-F4037E25B3A9} - System32\Tasks\Woodoreerju => C:\ProgramData\Woodoreerju\1.0.4.1\coxsenlo.exe
    Task: {32D7099C-30F4-445E-9FDC-4CEB1ADE62D6} - \One System Care Run Delay No Task File <==== ATTENTION
    Task: {49F99070-B0B8-495D-80CC-F1F45307BD8D} - System32\Tasks\Windows Defrag => C:\Users\nfminer\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
    Task: {5E020F4C-89DD-4197-A400-0636BF02F543} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-08-05] (Goobzo) <==== ATTENTION
    Task: {670A8DA7-03C7-4967-A477-52B74D82EB30} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
    Task: {68F3DF2F-BE05-45B1-8A53-82F5B97CD41B} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-08-05] (YTDownloader) <==== ATTENTION
    Task: {6A8D1035-F7CE-4AD8-AB5C-7D6E5AD843CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
    Task: {75D18AEA-FF2F-4CC1-9AB1-23072008E455} - \SMupdate1 No Task File <==== ATTENTION
    Task: {8A2250D8-BC5E-404D-8A9C-4E7563C06DCF} - System32\Tasks\GDAQIZHHFD1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
    Task: {A8F93732-ADE2-4DCC-8EF0-53452CFFDD8B} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
    Task: {AF7DAFFD-D327-4479-A346-EE1167A312A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
    Task: {CB0E8D49-E474-45B5-BDEB-0BE3C73BC5A0} - \Optimizer Pro Schedule No Task File <==== ATTENTION
    Task: {E15D3312-ADC4-4441-A324-9F82FD3D5790} - System32\Tasks\Alfasistem Memory Job => C:\Program Files (x86)\Alfasistem Memory\ tmjob.exe
    Task: {E418D6F1-415A-42E3-9DD4-7A0DA595B3DD} - \One System Care Monitor No Task File <==== ATTENTION
    Task: {F84C59FC-1D8B-474E-B96F-6C7D56871837} - System32\Tasks\TANTVXMGQVTBIOHY => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
    Task: {F990B812-3CD9-4A0C-828F-69FFE413D9CD} - System32\Tasks\EasyTrain => c:\programdata\{8412078a-9ebd-6b00-8412-2078a9eb1e2a}\download simcity 3000 unlimited.exe <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\EasyTrain.job => c:\programdata\{8412078a-9ebd-6b00-8412-2078a9eb1e2a}\download simcity 3000 unlimited.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GDAQIZHHFD1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\TANTVXMGQVTBIOHY.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION

    ==================== Loaded Modules (Whitelisted) ==============

    2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
    2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
    2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
    2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2015-08-05 02:57 - 2015-08-05 02:57 - 00112560 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
    2015-06-24 19:14 - 2015-06-24 19:14 - 00716664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe
    2015-06-24 19:18 - 2015-06-24 19:18 - 00107536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_thread-vc120-mt-1_58.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00025616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_system-vc120-mt-1_58.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_chrono-vc120-mt-1_58.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00056856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_date_time-vc120-mt-1_58.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00122904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_filesystem-vc120-mt-1_58.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 12893184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareServiceKernel.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 03480032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\RCF.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00911376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_regex-vc120-mt-1_58.dll
    2015-06-24 19:17 - 2015-06-24 19:17 - 00709120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareActivation.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00474128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareApplicationUpdater.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00847360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareGamingMode.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00100848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareReset.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00122864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTime.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01010704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareDefinitionsUpdater.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00905248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareDefinitionsUpdaterScheduler.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01146368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareIgnoreList.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00243200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareQuarantine.dll
    2015-06-24 19:17 - 2015-06-24 19:17 - 01050120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareAntiMalwareEngine.dll
    2015-06-24 19:17 - 2015-06-24 19:17 - 00205832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareAntiRootkitEngine.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01210376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareScannerHistory.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01337336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareScanner.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00035856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_timer-vc120-mt-1_58.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01018888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareScannerScheduler.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01174544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareRealTimeProtection.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00244224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareIncompatibles.dll
    2015-06-24 19:17 - 2015-06-24 19:17 - 00933368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareAntiSpam.dll
    2015-06-24 19:17 - 2015-06-24 19:17 - 00883200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareAntiPhishing.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 03263496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareParentalControl.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 02984960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareWebProtection.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01324040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareEmailProtection.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00059416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_iostreams-vc120-mt-1_58.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01312264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareNetworkProtection.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01013744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwarePromo.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00365560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareFeedback.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 02958352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareThreatWorkAlliance.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01261560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwarePinCode.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01014264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareNotice.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01002488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareAvcEngine.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 01222168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareRealTimeProtectionHistory.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00468992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareStatistics.dll
    2015-08-06 11:42 - 2015-01-06 13:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
    2015-08-06 11:50 - 2015-08-06 11:50 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
    2015-08-06 11:50 - 2015-08-06 11:50 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
    2015-08-06 11:50 - 2015-08-06 11:50 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
    2015-08-06 11:50 - 2015-08-06 11:50 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
    2015-08-06 11:43 - 2015-08-06 11:43 - 00013312 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    2015-08-06 11:43 - 2015-08-06 11:43 - 00005632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
    2015-08-06 11:43 - 2015-08-06 11:43 - 00028160 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 02790408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareShellExtension.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 09549808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTray.exe
    2015-06-24 19:18 - 2015-06-24 19:18 - 00492048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_locale-vc120-mt-1_58.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 02266104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\HtmlFramework.dll
    2015-06-24 19:18 - 2015-06-24 19:18 - 00868360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTrayDefaultSkin.dll
    2015-08-06 02:23 - 2015-08-06 15:28 - 00057251 _____ () C:\a\q5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.exe
    2015-08-06 15:28 - 2015-08-06 15:28 - 00011264 _____ () C:\Users\nfminer\AppData\Local\Temp\nsr6642.tmp\System.dll
    2015-08-06 15:28 - 2015-08-06 15:28 - 00020992 _____ () C:\Users\nfminer\AppData\Local\Temp\nsr6642.tmp\inetc.dll
    2015-08-06 16:39 - 2015-07-30 23:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
    2015-08-06 16:39 - 2015-07-30 23:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
    2015-08-06 16:39 - 2015-07-30 23:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\webcompanion.com -> hxxp://webcompanion.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 68.105.28.11 - 68.105.29.11
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [TCP Query User{81DC5E0C-6DCB-451D-BE70-C0535E6726ED}C:\users\nfminer\appdata\local\temp\temp1_reddcoin-qt-v111-win.zip\reddcoin-qt.exe] => (Allow) C:\users\nfminer\appdata\local\temp\temp1_reddcoin-qt-v111-win.zip\reddcoin-qt.exe
    FirewallRules: [UDP Query User{9A35FC17-BA43-4A31-B259-DD5CD2E9B8DC}C:\users\nfminer\appdata\local\temp\temp1_reddcoin-qt-v111-win.zip\reddcoin-qt.exe] => (Allow) C:\users\nfminer\appdata\local\temp\temp1_reddcoin-qt-v111-win.zip\reddcoin-qt.exe
    FirewallRules: [TCP Query User{7791C37B-B09B-4E3A-8E3F-F97FB07E2F59}C:\users\nfminer\appdata\local\temp\temp2_reddcoin-qt-v111-win.zip\reddcoin-qt.exe] => (Allow) C:\users\nfminer\appdata\local\temp\temp2_reddcoin-qt-v111-win.zip\reddcoin-qt.exe
    FirewallRules: [UDP Query User{EA46D951-E046-4C98-BA88-76DFEA354F3D}C:\users\nfminer\appdata\local\temp\temp2_reddcoin-qt-v111-win.zip\reddcoin-qt.exe] => (Allow) C:\users\nfminer\appdata\local\temp\temp2_reddcoin-qt-v111-win.zip\reddcoin-qt.exe
    FirewallRules: [TCP Query User{D6D9823B-B111-4E80-987E-0A79EEE3DB6F}C:\users\nfminer\desktop\reddcoin-qt.exe] => (Allow) C:\users\nfminer\desktop\reddcoin-qt.exe
    FirewallRules: [UDP Query User{F01D2AB6-2B08-40FF-86D9-EE7F684038B6}C:\users\nfminer\desktop\reddcoin-qt.exe] => (Allow) C:\users\nfminer\desktop\reddcoin-qt.exe
    FirewallRules: [{FA56D017-AF76-4B0D-9AED-A61AF69BBC33}] => (Allow) C:\Users\nfminer\AppData\Roaming\Vuze Leap\VuzeLeap.exe
    FirewallRules: [{70BBD490-AC4C-404A-9E7F-E24EB050EC65}] => (Allow) C:\Users\nfminer\AppData\Roaming\Vuze Leap\VuzeLeap.exe
    FirewallRules: [{F0426609-150D-47E6-BBCA-6C4ED333F41E}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{5404AD41-ED1E-4D3B-B3DB-54600BA3273B}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{15F4D3B1-9884-422C-BFC4-A864DE0E3859}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{0991711A-5715-4BA3-AE33-7F0158CF1F94}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{CB2A1918-5E90-466D-9C8E-13F249C0A927}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{2915B0A5-1438-4C47-9653-1BF7C6C1282E}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{FB7E7210-1724-4518-8041-8706111BA0AF}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{B87ACDC4-D756-41C6-902C-55B7359D0942}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{84152998-6F5E-4FB0-B5FF-F918CEFE8F44}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{0B79C101-0FB1-447D-B103-21E96567B18C}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{3E885F06-8593-4334-840F-A21C4934BBB2}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{6ED52A10-74EC-4C47-A3D5-97C920D0540B}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{65403141-27F0-4EE0-8F01-822BC0204C5E}] => (Allow) C:\a\q5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.exe
    FirewallRules: [{AAB83D31-39A7-4485-8E97-6DAA0AC1B280}] => (Allow) C:\a\q5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.exe
    FirewallRules: [{C808B7A8-9035-4699-AEB5-46015BEEF21C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Universal Serial Bus (USB) Controller
    Description: Universal Serial Bus (USB) Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Universal Serial Bus (USB) Controller
    Description: Universal Serial Bus (USB) Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

    Name: Ethernet Controller
    Description: Ethernet Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

    Name: SM Bus Controller
    Description: SM Bus Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/06/2015 03:26:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 12:04:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 11:05:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 10:45:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 10:41:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 10:33:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 10:10:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 09:41:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 02:54:32 AM) (Source: MsiInstaller) (EventID: 11316) (User: nfminer-PC)
    Description: Product: globalupdate Helper -- Error 1316. The specified account already exists.

    Error: (08/06/2015 02:49:20 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\TEMP\4nsvbfvp.exe /norestart /quiet /install; Description = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501; Error = 0x81000101).


    System errors:
    =============
    Error: (08/06/2015 03:29:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
    %%2

    Error: (08/06/2015 03:27:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (08/06/2015 03:25:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the OptimizerPro Monitoring service to connect.

    Error: (08/06/2015 03:25:11 PM) (Source: volsnap) (EventID: 25) (User: )
    Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

    Error: (08/06/2015 12:07:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
    %%2

    Error: (08/06/2015 12:05:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (08/06/2015 12:03:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the OptimizerPro Monitoring service to connect.

    Error: (08/06/2015 12:02:42 PM) (Source: volsnap) (EventID: 25) (User: )
    Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

    Error: (08/06/2015 11:06:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    %%2

    Error: (08/06/2015 11:06:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
    %%2


    Microsoft Office:
    =========================
    Error: (08/06/2015 03:26:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 12:04:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 11:05:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 10:45:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 10:41:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 10:33:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 10:10:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 09:41:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/06/2015 02:54:32 AM) (Source: MsiInstaller) (EventID: 11316) (User: nfminer-PC)
    Description: Product: globalupdate Helper -- Error 1316. The specified account already exists.
    (NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (08/06/2015 02:49:20 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Windows\TEMP\4nsvbfvp.exe /norestart /quiet /installMicrosoft Visual C++ 2013 Redistributable (x86) - 12.0.305010x81000101


    ==================== Memory info ===========================

    Processor: AMD A6-6400K APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 53%
    Total physical RAM: 3879.44 MB
    Available physical RAM: 1807.97 MB
    Total Virtual: 7757.07 MB
    Available Virtual: 5050.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:82.87 GB) (Free:44.05 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (PRESARIO_RP) (Fixed) (Total:9.26 GB) (Free:1.41 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 93.2 GB) (Disk ID: 4D3C4D3B)
    Partition 1: (Active) - (Size=82.9 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=9.3 GB) - (Type=0C)
    Partition 3: (Not Active) - (Size=1 GB) - (Type=D7)

    ==================== End of log ============================
     
    nfreytag,
    #5
  7. 2015/08/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Uninstall following unwanted programs:

    Shopper-Pro
    YTDownloader

    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

    broni,
    #6
  8. 2015/08/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Reopened.
     
    broni,
    #7
  9. 2015/08/26
    nfreytag

    nfreytag Inactive Thread Starter

    Joined:
    2015/08/06
    Messages:
    6
    Likes Received:
    0
    Hey Broni,

    Thanks again for your help thus far. After running the fixlist.txt file, IE seems to be running smoothly, and the proxy server error doesn't seem to be popping up. Below is the contents of the Fixlog.txt file that was created after running FRST64.

    Fix result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
    Ran by nfminer (2015-08-26 17:48:36) Run:1
    Running from C:\Users\nfminer\Desktop
    Loaded Profiles: nfminer (Available Profiles: nfminer)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    () C:\a\q5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.exe
    C:\a\q5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.exe
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [cutoauto] => C:\a\wincheckfe.exe
    C:\a\wincheckfe.exe
    HKLM-x32\...\Run: [interpee] => C:\a\internetport3.exe
    C:\a\internetport3.exe
    HKLM-x32\...\Run: [autoauto] => 16448965.bat
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\Run: [rutoauto] => 16448965.bat
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\Run: [dutoauto] => C:\a\wincheckfe.exe
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\...\Run: [interpee] => C:\a\internetport3.exe
    Startup: C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk [2015-08-06]
    ShortcutTarget: intr.lnk -> C:\a\58967140.bat ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Policy restriction on ProxySettings)
    ProxyEnable: [HKLM-x32] => ProxyEnable is set
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyEnable: [S-1-5-21-562720426-3001973214-2539249035-1000] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-562720426-3001973214-2539249035-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
    RemoveProxy:
    S2 c31ed948; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.99\OptProMon.dll ",ENT <==== ATTENTION
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc [X] <==== ATTENTION
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATTENTION
    c:\Program Files (x86)\Optimizer Pro 3.99\OptProMon.dll
    c:\Program Files (x86)\Optimizer Pro 3.99
    S3 TRIXX; \??\C:\Users\nfminer\AppData\Local\Temp\TRIXX.sys [X]
    2015-08-06 16:55 - 2015-08-06 16:55 - 00000000 _____ C:\Users\nfminer\AppData\Local\apq5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.html
    2015-08-06 02:51 - 2015-08-06 10:07 - 00000000 ____D C:\Program Files (x86)\globalUpdate
    2015-08-06 02:51 - 2015-08-06 10:07 - 00000000 ____D C:\Program Files (x86)\ee63cdc6-5f91-44d3-a3dd-8241c1189391
    2015-08-06 02:51 - 2015-08-06 10:07 - 00000000 ____D C:\Program Files (x86)\7820b0eb-3626-4620-9e3a-dab3daac0de7
    2015-08-06 02:23 - 2015-08-06 16:53 - 00000000 ___HD C:\a
    2015-08-06 02:23 - 2015-08-06 03:42 - 00000000 ____D C:\Users\nfminer\AppData\Local\yuntnani
    2015-08-06 02:23 - 2015-08-06 02:23 - 00000000 ____D C:\Program Files (x86)\FastInternet
    2015-08-06 02:17 - 2015-08-06 02:17 - 00000019 _____ C:\Windows\SysWOW64\16448965.bat
    2015-08-06 02:15 - 2015-08-06 02:15 - 00003464 _____ C:\Windows\System32\Tasks\Woodoreerju
    2015-08-06 02:11 - 2015-08-06 15:25 - 00000346 ____H C:\Windows\Tasks\TANTVXMGQVTBIOHY.job
    2015-08-06 02:11 - 2015-08-06 15:25 - 00000334 _____ C:\Windows\Tasks\GDAQIZHHFD1.job
    2015-08-06 02:11 - 2015-08-06 02:11 - 00003384 _____ C:\Windows\System32\Tasks\TANTVXMGQVTBIOHY
    2015-08-06 02:11 - 2015-08-06 02:11 - 00002856 _____ C:\Windows\System32\Tasks\GDAQIZHHFD1
    2015-08-06 02:11 - 2015-08-06 02:11 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-08-06 02:11 - 2015-08-06 02:11 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
    2015-08-06 02:10 - 2015-08-06 15:22 - 00000000 ____D C:\Users\nfminer\AppData\Roaming\Eppink
    2015-08-06 02:02 - 2015-08-06 02:02 - 00000912 _____ C:\Windows\SysWOW64\${LOGFILE}
    2015-08-06 01:57 - 2015-08-06 02:45 - 00000000 ___HD C:\ProgramData\msx
    2015-08-06 01:54 - 2015-08-06 01:54 - 00631808 _____ C:\Windows\msx.dat
    2015-08-06 01:52 - 2009-06-10 14:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2015-08-06 01:43 - 2015-08-06 01:43 - 00020349 _____ C:\Windows\srtpoq.xml
    2015-08-06 01:32 - 2015-08-06 10:20 - 00000024 _____ C:\Users\nfminer\AppData\Roaming\appdataFr25.bin
    2015-08-06 00:47 - 2015-08-06 00:47 - 0000000 _____ () C:\Users\nfminer\AppData\Roaming\903D.tmp
    2015-08-06 01:32 - 2015-08-06 10:20 - 0000024 _____ () C:\Users\nfminer\AppData\Roaming\appdataFr25.bin
    2013-12-24 19:52 - 2013-12-24 19:52 - 0000017 _____ () C:\Users\nfminer\AppData\Local\resmon.resmoncfg
    C:\Users\nfminer\AppData\Local\Temp\0207b413-3408-46b3-827d-13a8e0083498.exe
    C:\Users\nfminer\AppData\Local\Temp\5C81.tmp.exe
    C:\Users\nfminer\AppData\Local\Temp\bitool.dll
    C:\Users\nfminer\AppData\Local\Temp\C071.tmp.exe
    C:\Users\nfminer\AppData\Local\Temp\D6DE.tmp.exe
    C:\Users\nfminer\AppData\Local\Temp\i4jdel0.exe
    C:\Users\nfminer\AppData\Local\Temp\Quarantine.exe
    C:\Users\nfminer\AppData\Local\Temp\setup_418.exe
    C:\Users\nfminer\AppData\Local\Temp\sqlite3.dll
    C:\Users\nfminer\AppData\Local\Temp\Uninstall.exe
    C:\Users\nfminer\AppData\Local\Temp\VOPackage_1712.exe
    C:\Users\nfminer\AppData\Local\Temp\ytdieamodc_amodc_setup.exe
    Task: {04330760-1D9C-4F52-8163-1E6CDB45E3FB} - \ShopperProJSUpd No Task File <==== ATTENTION
    Task: {09C5B026-42D8-46B4-AC18-ED504FF70955} - \bvxvyxvec No Task File <==== ATTENTION
    Task: {2366F42A-CAB2-471D-9287-F4037E25B3A9} - System32\Tasks\Woodoreerju => C:\ProgramData\Woodoreerju\1.0.4.1\coxsenlo.exe
    Task: {32D7099C-30F4-445E-9FDC-4CEB1ADE62D6} - \One System Care Run Delay No Task File <==== ATTENTION
    Task: {49F99070-B0B8-495D-80CC-F1F45307BD8D} - System32\Tasks\Windows Defrag => C:\Users\nfminer\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
    Task: {5E020F4C-89DD-4197-A400-0636BF02F543} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-08-05] (Goobzo) <==== ATTENTION
    Task: {670A8DA7-03C7-4967-A477-52B74D82EB30} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
    Task: {68F3DF2F-BE05-45B1-8A53-82F5B97CD41B} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-08-05] (YTDownloader) <==== ATTENTION
    C:\ProgramData\Woodoreerju\1.0.4.1\coxsenlo.exe
    C:\Users\nfminer\AppData\Roaming\Updater\winupd.exe
    C:\PROGRA~1\COMMON~1\System\SysMenu.dll
    Task: {75D18AEA-FF2F-4CC1-9AB1-23072008E455} - \SMupdate1 No Task File <==== ATTENTION
    Task: {8A2250D8-BC5E-404D-8A9C-4E7563C06DCF} - System32\Tasks\GDAQIZHHFD1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
    Task: {A8F93732-ADE2-4DCC-8EF0-53452CFFDD8B} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
    C:\ProgramData\FlashBeat\FlashBeat.exe
    Task: {CB0E8D49-E474-45B5-BDEB-0BE3C73BC5A0} - \Optimizer Pro Schedule No Task File <==== ATTENTION
    Task: {E15D3312-ADC4-4441-A324-9F82FD3D5790} - System32\Tasks\Alfasistem Memory Job => C:\Program Files (x86)\Alfasistem Memory\tmjob.exe
    Task: {E418D6F1-415A-42E3-9DD4-7A0DA595B3DD} - \One System Care Monitor No Task File <==== ATTENTION
    C:\Program Files (x86)\Alfasistem Memory\tmjob.exe
    Task: {F84C59FC-1D8B-474E-B96F-6C7D56871837} - System32\Tasks\TANTVXMGQVTBIOHY => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
    Task: {F990B812-3CD9-4A0C-828F-69FFE413D9CD} - System32\Tasks\EasyTrain => c:\programdata\{8412078a-9ebd-6b00-8412-2078a9eb1e2a}\download simcity 3000 unlimited.exe <==== ATTENTION
    Task: C:\Windows\Tasks\EasyTrain.job => c:\programdata\{8412078a-9ebd-6b00-8412-2078a9eb1e2a}\download simcity 3000 unlimited.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GDAQIZHHFD1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
    Task: C:\Windows\Tasks\TANTVXMGQVTBIOHY.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
    C:\ProgramData\Service1291\Service1291.exe
    FirewallRules: [{F0426609-150D-47E6-BBCA-6C4ED333F41E}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{5404AD41-ED1E-4D3B-B3DB-54600BA3273B}] => (Allow) C:\a\internetport3.exe
    FirewallRules: [{15F4D3B1-9884-422C-BFC4-A864DE0E3859}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{0991711A-5715-4BA3-AE33-7F0158CF1F94}] => (Allow) C:\a\getcap.exe
    FirewallRules: [{CB2A1918-5E90-466D-9C8E-13F249C0A927}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{2915B0A5-1438-4C47-9653-1BF7C6C1282E}] => (Allow) C:\a\wincheckfe.exe
    FirewallRules: [{FB7E7210-1724-4518-8041-8706111BA0AF}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{B87ACDC4-D756-41C6-902C-55B7359D0942}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{84152998-6F5E-4FB0-B5FF-F918CEFE8F44}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{0B79C101-0FB1-447D-B103-21E96567B18C}] => (Allow) C:\a\wcheckf.exe
    FirewallRules: [{3E885F06-8593-4334-840F-A21C4934BBB2}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{6ED52A10-74EC-4C47-A3D5-97C920D0540B}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{65403141-27F0-4EE0-8F01-822BC0204C5E}] => (Allow) C:\a\q5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.exe
    FirewallRules: [{AAB83D31-39A7-4485-8E97-6DAA0AC1B280}] => (Allow) C:\a\q5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.exe

    *****************

    C:\a\q5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.exe => No running process found
    "C:\a\q5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.exe" => File/Folder not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cutoauto => value not found.
    "C:\a\wincheckfe.exe" => File/Folder not found.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\interpee => value not found.
    "C:\a\internetport3.exe" => File/Folder not found.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\autoauto => value not found.
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\Software\Microsoft\Windows\CurrentVersion\Run\\rutoauto => value not found.
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\Software\Microsoft\Windows\CurrentVersion\Run\\dutoauto => value not found.
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\Software\Microsoft\Windows\CurrentVersion\Run\\interpee => value not found.
    C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk => moved successfully.
    C:\a\58967140.bat => moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    "C:\Users\nfminer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk" => File/Folder not found.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-562720426-3001973214-2539249035-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully

    ========= RemoveProxy: =========

    HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-562720426-3001973214-2539249035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    c31ed948 => service removed successfully
    globalUpdate => service removed successfully
    globalUpdatem => service removed successfully
    "c:\Program Files (x86)\Optimizer Pro 3.99\OptProMon.dll" => File/Folder not found.
    "c:\Program Files (x86)\Optimizer Pro 3.99" => File/Folder not found.
    TRIXX => service removed successfully
    C:\Users\nfminer\AppData\Local\apq5t7vYAoxUpBjbt606Jn-ni-2015-08-06-ni-12694.html => moved successfully.
    C:\Program Files (x86)\globalUpdate => moved successfully.
    C:\Program Files (x86)\ee63cdc6-5f91-44d3-a3dd-8241c1189391 => moved successfully.
    C:\Program Files (x86)\7820b0eb-3626-4620-9e3a-dab3daac0de7 => moved successfully.
    C:\a => moved successfully.
    C:\Users\nfminer\AppData\Local\yuntnani => moved successfully.
    C:\Program Files (x86)\FastInternet => moved successfully.
    C:\Windows\SysWOW64\16448965.bat => moved successfully.
    C:\Windows\System32\Tasks\Woodoreerju => moved successfully.
    C:\Windows\Tasks\TANTVXMGQVTBIOHY.job => moved successfully.
    C:\Windows\Tasks\GDAQIZHHFD1.job => moved successfully.
    C:\Windows\System32\Tasks\TANTVXMGQVTBIOHY => moved successfully.
    C:\Windows\System32\Tasks\GDAQIZHHFD1 => moved successfully.
    C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
    C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully.
    C:\Users\nfminer\AppData\Roaming\Eppink => moved successfully.
    C:\Windows\SysWOW64\${LOGFILE} => moved successfully.
    C:\ProgramData\msx => moved successfully.
    C:\Windows\msx.dat => moved successfully.
    C:\Windows\system32\Drivers\etc\hp.bak => moved successfully.
    C:\Windows\srtpoq.xml => moved successfully.
    C:\Users\nfminer\AppData\Roaming\appdataFr25.bin => moved successfully.
    C:\Users\nfminer\AppData\Roaming\903D.tmp => moved successfully.
    "C:\Users\nfminer\AppData\Roaming\appdataFr25.bin" => File/Folder not found.
    C:\Users\nfminer\AppData\Local\resmon.resmoncfg => moved successfully.
    C:\Users\nfminer\AppData\Local\Temp\0207b413-3408-46b3-827d-13a8e0083498.exe => moved successfully.
    "C:\Users\nfminer\AppData\Local\Temp\5C81.tmp.exe" => File/Folder not found.
    C:\Users\nfminer\AppData\Local\Temp\bitool.dll => moved successfully.
    "C:\Users\nfminer\AppData\Local\Temp\C071.tmp.exe" => File/Folder not found.
    "C:\Users\nfminer\AppData\Local\Temp\D6DE.tmp.exe" => File/Folder not found.
    C:\Users\nfminer\AppData\Local\Temp\i4jdel0.exe => moved successfully.
    C:\Users\nfminer\AppData\Local\Temp\Quarantine.exe => moved successfully.
    C:\Users\nfminer\AppData\Local\Temp\setup_418.exe => moved successfully.
    C:\Users\nfminer\AppData\Local\Temp\sqlite3.dll => moved successfully.
    C:\Users\nfminer\AppData\Local\Temp\Uninstall.exe => moved successfully.
    C:\Users\nfminer\AppData\Local\Temp\VOPackage_1712.exe => moved successfully.
    C:\Users\nfminer\AppData\Local\Temp\ytdieamodc_amodc_setup.exe => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04330760-1D9C-4F52-8163-1E6CDB45E3FB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04330760-1D9C-4F52-8163-1E6CDB45E3FB}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09C5B026-42D8-46B4-AC18-ED504FF70955}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09C5B026-42D8-46B4-AC18-ED504FF70955}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxvec => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2366F42A-CAB2-471D-9287-F4037E25B3A9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2366F42A-CAB2-471D-9287-F4037E25B3A9}" => key removed successfully
    C:\Windows\System32\Tasks\Woodoreerju not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Woodoreerju" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32D7099C-30F4-445E-9FDC-4CEB1ADE62D6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32D7099C-30F4-445E-9FDC-4CEB1ADE62D6}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49F99070-B0B8-495D-80CC-F1F45307BD8D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49F99070-B0B8-495D-80CC-F1F45307BD8D}" => key removed successfully
    C:\Windows\System32\Tasks\Windows Defrag => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Defrag" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E020F4C-89DD-4197-A400-0636BF02F543}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E020F4C-89DD-4197-A400-0636BF02F543}" => key removed successfully
    C:\Windows\System32\Tasks\YTDownloaderUpd => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{670A8DA7-03C7-4967-A477-52B74D82EB30}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{670A8DA7-03C7-4967-A477-52B74D82EB30}" => key removed successfully
    C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68F3DF2F-BE05-45B1-8A53-82F5B97CD41B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68F3DF2F-BE05-45B1-8A53-82F5B97CD41B}" => key removed successfully
    C:\Windows\System32\Tasks\YTDownloader => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader" => key removed successfully
    "C:\ProgramData\Woodoreerju\1.0.4.1\coxsenlo.exe" => File/Folder not found.
    "C:\Users\nfminer\AppData\Roaming\Updater\winupd.exe" => File/Folder not found.
    C:\PROGRA~1\COMMON~1\System\SysMenu.dll => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75D18AEA-FF2F-4CC1-9AB1-23072008E455}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75D18AEA-FF2F-4CC1-9AB1-23072008E455}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1 => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A2250D8-BC5E-404D-8A9C-4E7563C06DCF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A2250D8-BC5E-404D-8A9C-4E7563C06DCF}" => key removed successfully
    C:\Windows\System32\Tasks\GDAQIZHHFD1 not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GDAQIZHHFD1" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8F93732-ADE2-4DCC-8EF0-53452CFFDD8B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F93732-ADE2-4DCC-8EF0-53452CFFDD8B}" => key removed successfully
    C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => key removed successfully
    "C:\ProgramData\FlashBeat\FlashBeat.exe" => File/Folder not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB0E8D49-E474-45B5-BDEB-0BE3C73BC5A0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB0E8D49-E474-45B5-BDEB-0BE3C73BC5A0}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E15D3312-ADC4-4441-A324-9F82FD3D5790}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E15D3312-ADC4-4441-A324-9F82FD3D5790}" => key removed successfully
    C:\Windows\System32\Tasks\Alfasistem Memory Job => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Alfasistem Memory Job" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E418D6F1-415A-42E3-9DD4-7A0DA595B3DD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E418D6F1-415A-42E3-9DD4-7A0DA595B3DD}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found.
    "C:\Program Files (x86)\Alfasistem Memory\tmjob.exe" => File/Folder not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F84C59FC-1D8B-474E-B96F-6C7D56871837}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F84C59FC-1D8B-474E-B96F-6C7D56871837}" => key removed successfully
    C:\Windows\System32\Tasks\TANTVXMGQVTBIOHY not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TANTVXMGQVTBIOHY" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F990B812-3CD9-4A0C-828F-69FFE413D9CD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F990B812-3CD9-4A0C-828F-69FFE413D9CD}" => key removed successfully
    C:\Windows\System32\Tasks\EasyTrain => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasyTrain" => key removed successfully
    C:\Windows\Tasks\EasyTrain.job => moved successfully.
    C:\Windows\Tasks\GDAQIZHHFD1.job not found.
    C:\Windows\Tasks\TANTVXMGQVTBIOHY.job not found.
    "C:\ProgramData\Service1291\Service1291.exe" => File/Folder not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0426609-150D-47E6-BBCA-6C4ED333F41E} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5404AD41-ED1E-4D3B-B3DB-54600BA3273B} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15F4D3B1-9884-422C-BFC4-A864DE0E3859} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0991711A-5715-4BA3-AE33-7F0158CF1F94} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB2A1918-5E90-466D-9C8E-13F249C0A927} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2915B0A5-1438-4C47-9653-1BF7C6C1282E} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB7E7210-1724-4518-8041-8706111BA0AF} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B87ACDC4-D756-41C6-902C-55B7359D0942} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84152998-6F5E-4FB0-B5FF-F918CEFE8F44} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B79C101-0FB1-447D-B103-21E96567B18C} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E885F06-8593-4334-840F-A21C4934BBB2} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6ED52A10-74EC-4C47-A3D5-97C920D0540B} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65403141-27F0-4EE0-8F01-822BC0204C5E} => value not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AAB83D31-39A7-4485-8E97-6DAA0AC1B280} => value not found.

    ==== End of Fixlog 17:48:41 ====
     
    nfreytag,
    #8
  10. 2015/08/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported ".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
    broni,
    #9
  11. 2015/09/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still with me?
     
    broni,
    #10
  12. 2015/09/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
    broni,
    #11

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...