Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
HELP!!! Im infected with GoSave
Message
<blockquote data-quote="mario09" data-source="post: 270744" data-attributes="member: 28595"><p>I'm infected with GoSave</p><p></p><p>below are the AWD cleaner report follwed by FRST report.</p><p></p><p>NEED HELP!!!!!</p><p></p><p></p><p># AdwCleaner v3.311 - Report created 01/10/2014 at 10:46:10</p><p># Updated 30/09/2014 by Xplode</p><p># Operating System : Windows 7 Professional Service Pack 1 (64 bits)</p><p># Username : MARIO - MARIO-PC</p><p># Running from : C:\Users\MARIO\Downloads\adwcleaner_3.311.exe</p><p># Option : Scan</p><p></p><p>***** [ Services ] *****</p><p></p><p></p><p>***** [ Files / Folders ] *****</p><p></p><p>Folder Found : C:\Program Files (x86)\GioSaVe</p><p>Folder Found : C:\ProgramData\GioSaVe</p><p>Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p>Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop</p><p></p><p>***** [ Scheduled Tasks ] *****</p><p></p><p></p><p>***** [ Shortcuts ] *****</p><p></p><p></p><p>***** [ Registry ] *****</p><p></p><p></p><p>***** [ Browsers ] *****</p><p></p><p>-\\ Internet Explorer v11.0.9600.17280</p><p></p><p></p><p>-\\ Google Chrome v37.0.2062.120</p><p></p><p>[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]</p><p></p><p>Found [Extension] : fenijknkpfhhbigjookphnnkeckecdop</p><p></p><p>[ File : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\preferences ]</p><p></p><p>Found [Extension] : fenijknkpfhhbigjookphnnkeckecdop</p><p></p><p>*************************</p><p></p><p>AdwCleaner[R0].txt - [5093 octets] - [29/09/2014 10:51:56]</p><p>AdwCleaner[R1].txt - [1019 octets] - [29/09/2014 10:59:41]</p><p>AdwCleaner[R2].txt - [1136 octets] - [29/09/2014 11:04:19]</p><p>AdwCleaner[R3].txt - [1256 octets] - [30/09/2014 11:51:54]</p><p>AdwCleaner[R4].txt - [3195 octets] - [01/10/2014 10:46:10]</p><p>AdwCleaner[S0].txt - [5365 octets] - [29/09/2014 10:52:46]</p><p>AdwCleaner[S1].txt - [1228 octets] - [29/09/2014 11:00:52]</p><p>AdwCleaner[S2].txt - [1344 octets] - [29/09/2014 11:05:31]</p><p>AdwCleaner[S3].txt - [1464 octets] - [30/09/2014 11:56:58]</p><p></p><p>########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [3495 octets] ##########</p><p></p><p></p><p></p><p></p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02</p><p>Ran by MARIO (administrator) on MARIO-PC on 01-10-2014 10:47:54</p><p>Running from C:\Users\MARIO\Downloads</p><p>Loaded Profile: MARIO (Available profiles: MARIO & Guest)</p><p>Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe</p><p>( ) C:\Windows\System32\lmabcoms.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe</p><p>(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe</p><p>(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE</p><p>(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe</p><p>() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe</p><p>(Dropbox, Inc.) C:\Users\MARIO\AppData\Roaming\Dropbox\bin\Dropbox.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe</p><p>(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)</p><p>HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)</p><p>HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)</p><p>HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)</p><p>HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)</p><p>HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp</p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated)</p><p>HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch</p><p>HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)</p><p>HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)</p><p>HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1104912 2014-08-20] (AVG Technologies CZ, s.r.o.)</p><p>HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKLM\...\Policies\Explorer: [NoControlPanel] 0</p><p>HKU\S-1-5-21-3932655772-945513827-433234080-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)</p><p>HKU\S-1-5-21-3932655772-945513827-433234080-1000\...\Policies\Explorer: [] </p><p>HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)</p><p>IFEO\acad.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\aclauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\acsignapply.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\adrefman.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\aeccb.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\aecdbmigrationutility.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\aeckeynoteeditor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\aeclaunchcurrentproject.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\connect.service.contentservice.admin.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\dwgcheckstandards.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\gaaihodoc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\gpdfdirect.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\pc3exe.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\pdfrouter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\plu26.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\styexe.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>Startup: C:\Users\MARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk</p><p>ShortcutTarget: Dropbox.lnk -> C:\Users\MARIO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk, Inc.)</p><p>GroupPolicy: Group Policy on Chrome detected <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/?pc=UP97&ocid=UP97DHP" target="_blank">http://www.msn.com/?pc=UP97&ocid=UP97DHP</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://dell13.msn.com/?pc=DCJB" target="_blank">http://dell13.msn.com/?pc=DCJB</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = <a href="http://g.msn.com/1ewenusDefaultPack/UP97_FRPage" target="_blank">http://g.msn.com/1ewenusDefaultPack/UP97_FRPage</a></p><p>SearchScopes: HKLM - {B92B109E-78F8-438A-8DEF-06EDB96ED4A7} URL = <a href="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB" target="_blank">http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB</a></p><p>SearchScopes: HKLM-x32 - {B92B109E-78F8-438A-8DEF-06EDB96ED4A7} URL = <a href="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB" target="_blank">http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB</a></p><p>SearchScopes: HKCU - {B92B109E-78F8-438A-8DEF-06EDB96ED4A7} URL = </p><p>BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)</p><p>BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)</p><p>Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: Default -> hxxp://google.com/</p><p>CHR StartupUrls: Default -> "hxxp://xfinity.comcast.net/?cid=insDate09292012", "hxxp://<a href="http://www.xfinity.com/?cid=insDate02242012" target="_blank">www.xfinity.com/?cid=insDate02242012</a>"</p><p>CHR DefaultSearchKeyword: Default -> 77F49E0198065CA9C494608595862A10AFC1E507424D89D2D599104DABC0A36B</p><p>CHR DefaultSearchURL: Default -> 6A779ABA880A049D2ACBB197AFD4DF1D816B7E7AE1404702E981C8E0745D5F7D</p><p>CHR Profile: C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Angry Birds) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-20]</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]</p><p>CHR Extension: (Gmail Offline) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-03-21]</p><p>CHR Extension: (GoSAve) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop [2014-09-23]</p><p>CHR Extension: (Google Wallet) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]</p><p>CHR Extension: (GoSAve) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop\3.0 [2014-09-23]</p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]</p><p>S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2014-08-28] (Autodesk)</p><p>R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [846864 2014-08-20] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)</p><p>S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)</p><p>R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2012-09-28] ( ) [File not signed]</p><p>R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( ) [File not signed]</p><p>S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()</p><p>S4 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)</p><p>R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)</p><p>R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2538808 2014-09-04] (AVG Technologies)</p><p>R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]</p><p>R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)</p><p>R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)</p><p>R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)</p><p>R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation)</p><p>R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)</p><p>R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-08-28] (TuneUp Software)</p><p>R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)</p><p>R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-10-01 10:45 - 2014-10-01 10:45 - 01375089 _____ () C:\Users\MARIO\Downloads\adwcleaner_3.311.exe</p><p>2014-10-01 10:19 - 2014-10-01 10:29 - 00026651 _____ () C:\Users\MARIO\Desktop\dds.txt</p><p>2014-10-01 10:19 - 2014-10-01 10:29 - 00017682 _____ () C:\Users\MARIO\Desktop\attach.txt</p><p>2014-10-01 10:18 - 2014-10-01 10:18 - 00688992 ____R (Swearware) C:\Users\MARIO\Desktop\dds.com</p><p>2014-09-30 16:26 - 2014-09-30 16:26 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard</p><p>2014-09-30 16:21 - 2014-09-30 16:21 - 05152768 _____ () C:\Users\MARIO\Downloads\HPSupportSolutionsFramework-11.51.0027.msi</p><p>2014-09-30 13:00 - 2014-09-30 13:00 - 00000000 _____ () C:\Windows\setuperr.log</p><p>2014-09-30 11:47 - 2014-09-30 11:47 - 00002173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk</p><p>2014-09-30 11:47 - 2014-09-30 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015</p><p>2014-09-30 11:47 - 2014-09-04 13:23 - 00040248 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe</p><p>2014-09-30 11:47 - 2014-09-04 13:23 - 00029496 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll</p><p>2014-09-30 11:47 - 2014-09-04 13:23 - 00025400 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll</p><p>2014-09-30 11:46 - 2014-09-30 11:46 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\AVG</p><p>2014-09-29 13:08 - 2014-09-29 13:11 - 108977370 _____ () C:\Users\MARIO\Downloads\Surflodge.zip</p><p>2014-09-29 13:07 - 2014-09-29 13:07 - 09728078 _____ () C:\Users\MARIO\Downloads\BidFiles_1412010330934.zip</p><p>2014-09-29 12:47 - 2014-09-29 12:47 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\AVG2015</p><p>2014-09-29 12:46 - 2014-09-29 12:46 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\TuneUp Software</p><p>2014-09-29 12:46 - 2014-09-29 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG</p><p>2014-09-29 12:44 - 2014-09-29 12:46 - 00000000 ____D () C:\ProgramData\AVG2015</p><p>2014-09-29 12:44 - 2014-09-29 12:44 - 00000000 ___HD () C:\$AVG</p><p>2014-09-29 12:42 - 2014-10-01 09:50 - 00000000 ____D () C:\ProgramData\MFAData</p><p>2014-09-29 12:42 - 2014-09-29 12:50 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Avg2015</p><p>2014-09-29 12:42 - 2014-09-29 12:42 - 00000000 ____D () C:\Users\MARIO\AppData\Local\MFAData</p><p>2014-09-29 12:41 - 2014-09-29 12:41 - 00000932 _____ () C:\Users\Public\Desktop\AVG.lnk</p><p>2014-09-29 12:41 - 2014-09-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen</p><p>2014-09-29 12:40 - 2014-09-30 11:47 - 00000000 ____D () C:\ProgramData\Avg</p><p>2014-09-29 12:40 - 2014-09-30 11:45 - 00000000 ____D () C:\Program Files (x86)\AVG</p><p>2014-09-29 12:39 - 2014-09-30 11:46 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Avg</p><p>2014-09-29 12:39 - 2014-09-29 12:41 - 00000000 ____D () C:\Users\MARIO\AppData\Local\AvgSetupLog</p><p>2014-09-29 12:38 - 2014-09-29 12:39 - 15722448 _____ (AVG Technologies) C:\Users\MARIO\Downloads\avg_gsr_stb_all_329p1_100.exe</p><p>2014-09-29 11:19 - 2014-09-29 11:19 - 00050450 _____ () C:\Users\MARIO\Downloads\Shortcut.txt</p><p>2014-09-29 11:18 - 2014-09-29 11:19 - 00051617 _____ () C:\Users\MARIO\Downloads\Addition.txt</p><p>2014-09-29 11:17 - 2014-10-01 10:47 - 00021482 _____ () C:\Users\MARIO\Downloads\FRST.txt</p><p>2014-09-29 11:17 - 2014-10-01 10:47 - 00000000 ____D () C:\FRST</p><p>2014-09-29 11:15 - 2014-09-29 11:16 - 02108928 _____ (Farbar) C:\Users\MARIO\Downloads\FRST64.exe</p><p>2014-09-29 10:59 - 2014-09-29 10:59 - 01373475 _____ () C:\Users\MARIO\Downloads\adwcleaner_3.310 (1).exe</p><p>2014-09-29 10:51 - 2014-10-01 10:47 - 00000000 ____D () C:\AdwCleaner</p><p>2014-09-29 10:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll</p><p>2014-09-29 08:53 - 2014-09-29 08:53 - 02347384 _____ (ESET) C:\Users\MARIO\Downloads\esetsmartinstaller_enu.exe</p><p>2014-09-29 08:31 - 2014-09-29 08:31 - 00000017 _____ () C:\Users\MARIO\AppData\Local\resmon.resmoncfg</p><p>2014-09-29 08:31 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</p><p>2014-09-29 08:30 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll</p><p>2014-09-25 16:21 - 2014-09-25 16:21 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer</p><p>2014-09-24 15:08 - 2014-09-24 15:10 - 27795406 _____ () C:\Users\MARIO\Downloads\Specs.zip</p><p>2014-09-24 15:03 - 2014-09-24 15:55 - 1504227570 _____ () C:\Users\MARIO\Downloads\Ritz Residences as of 20140813.zip</p><p>2014-09-24 10:18 - 2014-09-24 10:18 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk</p><p>2014-09-24 10:18 - 2014-09-24 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes</p><p>2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\Program Files\iTunes</p><p>2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\Program Files\iPod</p><p>2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\Program Files (x86)\iTunes</p><p>2014-09-23 08:21 - 2014-09-23 08:30 - 00000000 ____D () C:\ProgramData\7db0f665df3d752b</p><p>2014-09-23 08:21 - 2014-09-23 08:26 - 00000000 ____D () C:\ProgramData\GioSaVe</p><p>2014-09-23 08:21 - 2014-09-23 08:24 - 00000394 __RSH () C:\ProgramData\ntuser.pol</p><p>2014-09-23 08:21 - 2014-09-23 08:24 - 00000000 ____D () C:\Program Files (x86)\GioSaVe</p><p>2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Comodo</p><p>2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google</p><p>2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo</p><p>2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$</p><p>2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo</p><p>2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google</p><p>2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo</p><p>2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Administrator</p><p>2014-09-18 14:59 - 2014-09-18 15:00 - 00085472 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-DEMOLITIONPLAN.dwg</p><p>2014-09-18 14:59 - 2014-09-18 14:59 - 00122528 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-DEMOLITIONPLAN.bak</p><p>2014-09-18 14:59 - 2014-09-18 14:59 - 00022323 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-DEMOLITIONPLAN.pcp</p><p>2014-09-18 14:56 - 2014-09-18 16:21 - 00569824 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION 2.dwg</p><p>2014-09-18 14:56 - 2014-09-18 15:56 - 00570560 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION 2.bak</p><p>2014-09-16 13:45 - 2014-09-16 14:48 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\uTorrent</p><p>2014-09-11 09:01 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2014-09-11 09:01 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll</p><p>2014-09-11 09:01 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2014-09-11 09:01 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll</p><p>2014-09-11 09:01 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2014-09-11 09:01 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe</p><p>2014-09-11 09:01 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2014-09-11 09:01 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe</p><p>2014-09-11 09:01 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2014-09-11 09:01 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2014-09-11 09:01 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2014-09-11 09:01 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2014-09-11 09:01 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2014-09-11 09:01 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll</p><p>2014-09-11 09:01 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2014-09-11 09:01 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2014-09-11 09:01 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2014-09-11 09:01 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2014-09-11 09:01 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll</p><p>2014-09-11 08:52 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll</p><p>2014-09-11 08:52 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll</p><p>2014-09-11 07:55 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll</p><p>2014-09-11 07:55 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll</p><p>2014-09-11 07:55 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll</p><p>2014-09-11 07:55 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll</p><p>2014-09-11 07:55 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll</p><p>2014-09-11 07:55 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll</p><p>2014-09-11 07:55 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</p><p>2014-09-11 07:55 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll</p><p>2014-09-11 07:55 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll</p><p>2014-09-11 07:55 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll</p><p>2014-09-11 07:55 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll</p><p>2014-09-09 15:26 - 2014-09-16 16:34 - 00499424 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION.dwg</p><p>2014-09-09 15:26 - 2014-09-16 16:25 - 00501216 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION.bak</p><p>2014-09-09 15:26 - 2014-09-09 15:26 - 00022321 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION.pcp</p><p>2014-09-02 11:31 - 2014-09-02 11:31 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Skype</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-10-01 09:54 - 2013-11-16 01:14 - 01707681 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-10-01 09:52 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-10-01 09:52 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-10-01 09:46 - 2014-06-17 09:05 - 00000000 ___RD () C:\Users\MARIO\Dropbox</p><p>2014-10-01 09:46 - 2014-06-17 08:49 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\Dropbox</p><p>2014-10-01 09:46 - 2013-11-15 23:49 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup</p><p>2014-10-01 09:45 - 2014-03-20 16:58 - 00162776 _____ () C:\Users\MARIO\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2014-10-01 09:45 - 2013-11-16 00:08 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks</p><p>2014-10-01 09:45 - 2013-11-16 00:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks</p><p>2014-10-01 09:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-10-01 09:44 - 2009-07-14 00:51 - 00055050 _____ () C:\Windows\setupact.log</p><p>2014-10-01 09:44 - 2009-07-14 00:45 - 00559280 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-09-30 16:26 - 2014-03-25 18:01 - 00000000 ____D () C:\Program Files (x86)\HP</p><p>2014-09-30 13:00 - 2010-11-20 23:47 - 00183604 _____ () C:\Windows\PFRO.log</p><p>2014-09-30 12:57 - 2014-03-23 21:29 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\Skype</p><p>2014-09-30 12:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep</p><p>2014-09-29 15:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache</p><p>2014-09-29 13:12 - 2014-03-24 08:07 - 00000000 ____D () C:\Users\MARIO\Documents\Estimates</p><p>2014-09-29 10:39 - 2014-05-08 12:26 - 00000000 ____D () C:\ProgramData\TEMP</p><p>2014-09-29 10:15 - 2014-07-18 08:40 - 00209299 _____ () C:\ProgramData\LMabscan.log</p><p>2014-09-29 10:14 - 2014-03-20 17:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask</p><p>2014-09-25 16:21 - 2014-04-11 10:00 - 00161648 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2014-09-23 08:26 - 2014-03-20 17:46 - 00000000 ____D () C:\Program Files (x86)\Google</p><p>2014-09-23 08:21 - 2014-04-11 10:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google</p><p>2014-09-23 08:21 - 2014-03-20 17:46 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Google</p><p>2014-09-23 08:21 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy</p><p>2014-09-23 08:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy</p><p>2014-09-22 08:53 - 2014-03-20 22:28 - 00000000 ____D () C:\Users\MARIO\AppData\Local\cache</p><p>2014-09-18 16:18 - 2014-03-26 12:25 - 00009304 _____ () C:\Users\MARIO\Documents\plot.log</p><p>2014-09-18 07:31 - 2014-06-17 08:57 - 00001021 _____ () C:\Users\MARIO\Desktop\Dropbox.lnk</p><p>2014-09-18 07:31 - 2014-06-17 08:52 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox</p><p>2014-09-15 14:58 - 2014-06-17 12:34 - 07127040 _____ () C:\Users\MARIO\Documents\HOME.rvt</p><p>2014-09-15 14:33 - 2014-06-17 12:34 - 07127040 _____ () C:\Users\MARIO\Documents\HOME.0022.rvt</p><p>2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe</p><p>2014-09-11 09:01 - 2014-07-15 11:31 - 00000000 ____D () C:\ProgramData\Microsoft Help</p><p>2014-09-11 09:00 - 2011-02-10 10:33 - 00776444 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2014-09-11 08:59 - 2014-03-20 17:32 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-09-11 08:59 - 2009-07-14 01:13 - 00776444 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-09-11 08:53 - 2014-03-20 17:32 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-09-11 08:52 - 2014-05-06 08:34 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p>2014-09-10 12:37 - 2014-06-17 12:34 - 07155712 _____ () C:\Users\MARIO\Documents\HOME.0021.rvt</p><p>2014-09-10 12:30 - 2014-06-17 12:34 - 06819840 _____ () C:\Users\MARIO\Documents\HOME.0020.rvt</p><p>2014-09-09 16:34 - 2014-06-17 12:34 - 06373376 _____ () C:\Users\MARIO\Documents\HOME.0019.rvt</p><p>2014-09-09 15:25 - 2014-06-17 12:34 - 06373376 _____ () C:\Users\MARIO\Documents\HOME.0018.rvt</p><p>2014-09-09 15:25 - 2014-06-17 12:34 - 06373376 _____ () C:\Users\MARIO\Documents\HOME.0017.rvt</p><p>2014-09-09 13:03 - 2014-06-17 12:34 - 05939200 _____ () C:\Users\MARIO\Documents\HOME.0016.rvt</p><p>2014-09-09 13:01 - 2014-06-17 12:34 - 05808128 _____ () C:\Users\MARIO\Documents\HOME.0015.rvt</p><p>2014-09-09 12:29 - 2014-06-17 12:34 - 05492736 _____ () C:\Users\MARIO\Documents\HOME.0014.rvt</p><p>2014-09-09 11:53 - 2014-06-17 12:34 - 05406720 _____ () C:\Users\MARIO\Documents\HOME.0013.rvt</p><p>2014-09-09 11:52 - 2014-08-28 14:55 - 00228096 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-Level1.dwg</p><p>2014-09-05 15:24 - 2014-08-28 14:55 - 00219360 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-Level1.bak</p><p>2014-09-02 11:37 - 2013-11-15 23:52 - 00000000 ____D () C:\ProgramData\Skype</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\MARIO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplscfhq.dll</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-09-29 15:13</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="mario09, post: 270744, member: 28595"] I'm infected with GoSave below are the AWD cleaner report follwed by FRST report. NEED HELP!!!!! # AdwCleaner v3.311 - Report created 01/10/2014 at 10:46:10 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : MARIO - MARIO-PC # Running from : C:\Users\MARIO\Downloads\adwcleaner_3.311.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\Program Files (x86)\GioSaVe Folder Found : C:\ProgramData\GioSaVe Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Google Chrome v37.0.2062.120 [ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [Extension] : fenijknkpfhhbigjookphnnkeckecdop [ File : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [Extension] : fenijknkpfhhbigjookphnnkeckecdop ************************* AdwCleaner[R0].txt - [5093 octets] - [29/09/2014 10:51:56] AdwCleaner[R1].txt - [1019 octets] - [29/09/2014 10:59:41] AdwCleaner[R2].txt - [1136 octets] - [29/09/2014 11:04:19] AdwCleaner[R3].txt - [1256 octets] - [30/09/2014 11:51:54] AdwCleaner[R4].txt - [3195 octets] - [01/10/2014 10:46:10] AdwCleaner[S0].txt - [5365 octets] - [29/09/2014 10:52:46] AdwCleaner[S1].txt - [1228 octets] - [29/09/2014 11:00:52] AdwCleaner[S2].txt - [1344 octets] - [29/09/2014 11:05:31] AdwCleaner[S3].txt - [1464 octets] - [30/09/2014 11:56:58] ########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [3495 octets] ########## Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02 Ran by MARIO (administrator) on MARIO-PC on 01-10-2014 10:47:54 Running from C:\Users\MARIO\Downloads Loaded Profile: MARIO (Available profiles: MARIO & Guest) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe ( ) C:\Windows\System32\lmabcoms.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Dropbox, Inc.) C:\Users\MARIO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1104912 2014-08-20] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-3932655772-945513827-433234080-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-3932655772-945513827-433234080-1000\...\Policies\Explorer: [] HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.) IFEO\acad.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\aclauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\acsignapply.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\adrefman.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\aeccb.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\aecdbmigrationutility.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\aeckeynoteeditor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\aeclaunchcurrentproject.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\connect.service.contentservice.admin.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\dwgcheckstandards.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\gaaihodoc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\gpdfdirect.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\pc3exe.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\pdfrouter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\plu26.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\styexe.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" Startup: C:\Users\MARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\MARIO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/?pc=UP97&ocid=UP97DHP[/url] HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://dell13.msn.com/?pc=DCJB[/url] HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [url]http://g.msn.com/1ewenusDefaultPack/UP97_FRPage[/url] SearchScopes: HKLM - {B92B109E-78F8-438A-8DEF-06EDB96ED4A7} URL = [url]http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB[/url] SearchScopes: HKLM-x32 - {B92B109E-78F8-438A-8DEF-06EDB96ED4A7} URL = [url]http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB[/url] SearchScopes: HKCU - {B92B109E-78F8-438A-8DEF-06EDB96ED4A7} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation) Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://xfinity.comcast.net/?cid=insDate09292012", "hxxp://[url="http://www.xfinity.com/?cid=insDate02242012"]www.xfinity.com/?cid=insDate02242012[/url]" CHR DefaultSearchKeyword: Default -> 77F49E0198065CA9C494608595862A10AFC1E507424D89D2D599104DABC0A36B CHR DefaultSearchURL: Default -> 6A779ABA880A049D2ACBB197AFD4DF1D816B7E7AE1404702E981C8E0745D5F7D CHR Profile: C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Angry Birds) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (Gmail Offline) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-03-21] CHR Extension: (GoSAve) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop [2014-09-23] CHR Extension: (Google Wallet) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20] CHR Extension: (GoSAve) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop\3.0 [2014-09-23] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed] S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2014-08-28] (Autodesk) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [846864 2014-08-20] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.) S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2012-09-28] ( ) [File not signed] R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( ) [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] () S4 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2538808 2014-09-04] (AVG Technologies) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed] R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-08-28] (TuneUp Software) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 10:45 - 2014-10-01 10:45 - 01375089 _____ () C:\Users\MARIO\Downloads\adwcleaner_3.311.exe 2014-10-01 10:19 - 2014-10-01 10:29 - 00026651 _____ () C:\Users\MARIO\Desktop\dds.txt 2014-10-01 10:19 - 2014-10-01 10:29 - 00017682 _____ () C:\Users\MARIO\Desktop\attach.txt 2014-10-01 10:18 - 2014-10-01 10:18 - 00688992 ____R (Swearware) C:\Users\MARIO\Desktop\dds.com 2014-09-30 16:26 - 2014-09-30 16:26 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-09-30 16:21 - 2014-09-30 16:21 - 05152768 _____ () C:\Users\MARIO\Downloads\HPSupportSolutionsFramework-11.51.0027.msi 2014-09-30 13:00 - 2014-09-30 13:00 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-30 11:47 - 2014-09-30 11:47 - 00002173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk 2014-09-30 11:47 - 2014-09-30 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015 2014-09-30 11:47 - 2014-09-04 13:23 - 00040248 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe 2014-09-30 11:47 - 2014-09-04 13:23 - 00029496 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll 2014-09-30 11:47 - 2014-09-04 13:23 - 00025400 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll 2014-09-30 11:46 - 2014-09-30 11:46 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\AVG 2014-09-29 13:08 - 2014-09-29 13:11 - 108977370 _____ () C:\Users\MARIO\Downloads\Surflodge.zip 2014-09-29 13:07 - 2014-09-29 13:07 - 09728078 _____ () C:\Users\MARIO\Downloads\BidFiles_1412010330934.zip 2014-09-29 12:47 - 2014-09-29 12:47 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\AVG2015 2014-09-29 12:46 - 2014-09-29 12:46 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\TuneUp Software 2014-09-29 12:46 - 2014-09-29 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-09-29 12:44 - 2014-09-29 12:46 - 00000000 ____D () C:\ProgramData\AVG2015 2014-09-29 12:44 - 2014-09-29 12:44 - 00000000 ___HD () C:\$AVG 2014-09-29 12:42 - 2014-10-01 09:50 - 00000000 ____D () C:\ProgramData\MFAData 2014-09-29 12:42 - 2014-09-29 12:50 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Avg2015 2014-09-29 12:42 - 2014-09-29 12:42 - 00000000 ____D () C:\Users\MARIO\AppData\Local\MFAData 2014-09-29 12:41 - 2014-09-29 12:41 - 00000932 _____ () C:\Users\Public\Desktop\AVG.lnk 2014-09-29 12:41 - 2014-09-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2014-09-29 12:40 - 2014-09-30 11:47 - 00000000 ____D () C:\ProgramData\Avg 2014-09-29 12:40 - 2014-09-30 11:45 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-09-29 12:39 - 2014-09-30 11:46 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Avg 2014-09-29 12:39 - 2014-09-29 12:41 - 00000000 ____D () C:\Users\MARIO\AppData\Local\AvgSetupLog 2014-09-29 12:38 - 2014-09-29 12:39 - 15722448 _____ (AVG Technologies) C:\Users\MARIO\Downloads\avg_gsr_stb_all_329p1_100.exe 2014-09-29 11:19 - 2014-09-29 11:19 - 00050450 _____ () C:\Users\MARIO\Downloads\Shortcut.txt 2014-09-29 11:18 - 2014-09-29 11:19 - 00051617 _____ () C:\Users\MARIO\Downloads\Addition.txt 2014-09-29 11:17 - 2014-10-01 10:47 - 00021482 _____ () C:\Users\MARIO\Downloads\FRST.txt 2014-09-29 11:17 - 2014-10-01 10:47 - 00000000 ____D () C:\FRST 2014-09-29 11:15 - 2014-09-29 11:16 - 02108928 _____ (Farbar) C:\Users\MARIO\Downloads\FRST64.exe 2014-09-29 10:59 - 2014-09-29 10:59 - 01373475 _____ () C:\Users\MARIO\Downloads\adwcleaner_3.310 (1).exe 2014-09-29 10:51 - 2014-10-01 10:47 - 00000000 ____D () C:\AdwCleaner 2014-09-29 10:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-09-29 08:53 - 2014-09-29 08:53 - 02347384 _____ (ESET) C:\Users\MARIO\Downloads\esetsmartinstaller_enu.exe 2014-09-29 08:31 - 2014-09-29 08:31 - 00000017 _____ () C:\Users\MARIO\AppData\Local\resmon.resmoncfg 2014-09-29 08:31 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-29 08:30 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-25 16:21 - 2014-09-25 16:21 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer 2014-09-24 15:08 - 2014-09-24 15:10 - 27795406 _____ () C:\Users\MARIO\Downloads\Specs.zip 2014-09-24 15:03 - 2014-09-24 15:55 - 1504227570 _____ () C:\Users\MARIO\Downloads\Ritz Residences as of 20140813.zip 2014-09-24 10:18 - 2014-09-24 10:18 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-24 10:18 - 2014-09-24 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\Program Files\iTunes 2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\Program Files\iPod 2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-23 08:21 - 2014-09-23 08:30 - 00000000 ____D () C:\ProgramData\7db0f665df3d752b 2014-09-23 08:21 - 2014-09-23 08:26 - 00000000 ____D () C:\ProgramData\GioSaVe 2014-09-23 08:21 - 2014-09-23 08:24 - 00000394 __RSH () C:\ProgramData\ntuser.pol 2014-09-23 08:21 - 2014-09-23 08:24 - 00000000 ____D () C:\Program Files (x86)\GioSaVe 2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Comodo 2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Administrator 2014-09-18 14:59 - 2014-09-18 15:00 - 00085472 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-DEMOLITIONPLAN.dwg 2014-09-18 14:59 - 2014-09-18 14:59 - 00122528 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-DEMOLITIONPLAN.bak 2014-09-18 14:59 - 2014-09-18 14:59 - 00022323 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-DEMOLITIONPLAN.pcp 2014-09-18 14:56 - 2014-09-18 16:21 - 00569824 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION 2.dwg 2014-09-18 14:56 - 2014-09-18 15:56 - 00570560 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION 2.bak 2014-09-16 13:45 - 2014-09-16 14:48 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\uTorrent 2014-09-11 09:01 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 09:01 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 09:01 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 09:01 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 09:01 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 09:01 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 09:01 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 09:01 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 09:01 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 09:01 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 09:01 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 09:01 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 09:01 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 09:01 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 09:01 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 09:01 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 09:01 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 09:01 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 09:01 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 09:01 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 09:01 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 09:01 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 09:01 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 09:01 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 09:01 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 09:01 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 09:01 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 09:01 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 09:01 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 09:01 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 09:01 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 09:01 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 09:01 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 09:01 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 09:01 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 09:01 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 09:01 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 09:01 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 09:01 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 09:01 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 09:01 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 09:01 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 09:01 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 09:01 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 09:01 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 09:01 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 09:01 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 09:01 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 09:01 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 09:01 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 09:01 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 09:01 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 09:01 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 09:01 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 09:01 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 09:01 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-11 08:52 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 08:52 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-11 07:55 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-11 07:55 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-11 07:55 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-11 07:55 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-11 07:55 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-11 07:55 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-11 07:55 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-11 07:55 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-11 07:55 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-11 07:55 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-11 07:55 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 15:26 - 2014-09-16 16:34 - 00499424 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION.dwg 2014-09-09 15:26 - 2014-09-16 16:25 - 00501216 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION.bak 2014-09-09 15:26 - 2014-09-09 15:26 - 00022321 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION.pcp 2014-09-02 11:31 - 2014-09-02 11:31 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Skype ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 09:54 - 2013-11-16 01:14 - 01707681 _____ () C:\Windows\WindowsUpdate.log 2014-10-01 09:52 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-01 09:52 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-01 09:46 - 2014-06-17 09:05 - 00000000 ___RD () C:\Users\MARIO\Dropbox 2014-10-01 09:46 - 2014-06-17 08:49 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\Dropbox 2014-10-01 09:46 - 2013-11-15 23:49 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-10-01 09:45 - 2014-03-20 16:58 - 00162776 _____ () C:\Users\MARIO\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-01 09:45 - 2013-11-16 00:08 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-10-01 09:45 - 2013-11-16 00:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-10-01 09:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-01 09:44 - 2009-07-14 00:51 - 00055050 _____ () C:\Windows\setupact.log 2014-10-01 09:44 - 2009-07-14 00:45 - 00559280 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-30 16:26 - 2014-03-25 18:01 - 00000000 ____D () C:\Program Files (x86)\HP 2014-09-30 13:00 - 2010-11-20 23:47 - 00183604 _____ () C:\Windows\PFRO.log 2014-09-30 12:57 - 2014-03-23 21:29 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\Skype 2014-09-30 12:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep 2014-09-29 15:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-09-29 13:12 - 2014-03-24 08:07 - 00000000 ____D () C:\Users\MARIO\Documents\Estimates 2014-09-29 10:39 - 2014-05-08 12:26 - 00000000 ____D () C:\ProgramData\TEMP 2014-09-29 10:15 - 2014-07-18 08:40 - 00209299 _____ () C:\ProgramData\LMabscan.log 2014-09-29 10:14 - 2014-03-20 17:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-09-25 16:21 - 2014-04-11 10:00 - 00161648 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-23 08:26 - 2014-03-20 17:46 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-23 08:21 - 2014-04-11 10:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-09-23 08:21 - 2014-03-20 17:46 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Google 2014-09-23 08:21 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-09-23 08:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-09-22 08:53 - 2014-03-20 22:28 - 00000000 ____D () C:\Users\MARIO\AppData\Local\cache 2014-09-18 16:18 - 2014-03-26 12:25 - 00009304 _____ () C:\Users\MARIO\Documents\plot.log 2014-09-18 07:31 - 2014-06-17 08:57 - 00001021 _____ () C:\Users\MARIO\Desktop\Dropbox.lnk 2014-09-18 07:31 - 2014-06-17 08:52 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-15 14:58 - 2014-06-17 12:34 - 07127040 _____ () C:\Users\MARIO\Documents\HOME.rvt 2014-09-15 14:33 - 2014-06-17 12:34 - 07127040 _____ () C:\Users\MARIO\Documents\HOME.0022.rvt 2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-11 09:01 - 2014-07-15 11:31 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-11 09:00 - 2011-02-10 10:33 - 00776444 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-11 08:59 - 2014-03-20 17:32 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-11 08:59 - 2009-07-14 01:13 - 00776444 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-11 08:53 - 2014-03-20 17:32 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-11 08:52 - 2014-05-06 08:34 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 12:37 - 2014-06-17 12:34 - 07155712 _____ () C:\Users\MARIO\Documents\HOME.0021.rvt 2014-09-10 12:30 - 2014-06-17 12:34 - 06819840 _____ () C:\Users\MARIO\Documents\HOME.0020.rvt 2014-09-09 16:34 - 2014-06-17 12:34 - 06373376 _____ () C:\Users\MARIO\Documents\HOME.0019.rvt 2014-09-09 15:25 - 2014-06-17 12:34 - 06373376 _____ () C:\Users\MARIO\Documents\HOME.0018.rvt 2014-09-09 15:25 - 2014-06-17 12:34 - 06373376 _____ () C:\Users\MARIO\Documents\HOME.0017.rvt 2014-09-09 13:03 - 2014-06-17 12:34 - 05939200 _____ () C:\Users\MARIO\Documents\HOME.0016.rvt 2014-09-09 13:01 - 2014-06-17 12:34 - 05808128 _____ () C:\Users\MARIO\Documents\HOME.0015.rvt 2014-09-09 12:29 - 2014-06-17 12:34 - 05492736 _____ () C:\Users\MARIO\Documents\HOME.0014.rvt 2014-09-09 11:53 - 2014-06-17 12:34 - 05406720 _____ () C:\Users\MARIO\Documents\HOME.0013.rvt 2014-09-09 11:52 - 2014-08-28 14:55 - 00228096 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-Level1.dwg 2014-09-05 15:24 - 2014-08-28 14:55 - 00219360 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-Level1.bak 2014-09-02 11:37 - 2013-11-15 23:52 - 00000000 ____D () C:\ProgramData\Skype Some content of TEMP: ==================== C:\Users\MARIO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplscfhq.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-29 15:13 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top