Jump to content
Sign in to follow this  
kristina

Think I have a hidden virus

Recommended Posts

I play on a game site and when I get booted out of a room it takes me to a porn site or fake Microsoft site or time warner survey, I did a ESET scan and AdwCleaner scan AVG scan shows nothing. Malwarebytes showed something too. I can't find my ESET scan from the other day but it showed swdumon as well. Yesterday it was fine when I was on the game site but few minutes ago I was booted and it took me to another site. I think there maybe something deeper that's not being picked up.

 

Adwcleaner

# AdwCleaner v6.047 - Logfile created 09/06/2017 at 11:41:35
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-08.1 [server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Kristina - KRISTINA-HP
# Running from : C:\Users\Kristina\Downloads\AdwCleaner.exe
# Mode: Scan
***** [ Services ] *****
Service Found: swdumon
***** [ Folders ] *****
Folder Found: C:\Users\Kristina\AppData\Local\slimware utilities inc
Folder Found: C:\Users\Kristina\AppData\Local\SlimWare Utilities Inc
Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found: C:\Users\Public\Documents\Downloaded Installers
Folder Found: C:\Program Files (x86)\Coupons
Folder Found: C:\Program Files (x86)\Digital Coupon Printer
Folder Found: C:\Program Files (x86)\PrintMyCouponAnywhere
Folder Found: C:\Program Files (x86)\Yahoo!\yset
Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
***** [ Files ] *****
File Found: C:\Windows\SysNative\drivers\swdumon.sys
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
Task Found: 0615pizUpdateInfo
Task Found: AVG_SYS_TASK_0614a_RUN
Task Found: 0615pizUpdateInfo
***** [ Registry ] *****
Key Found: HKLM\SOFTWARE\Classes\yt.YTBMButton
Key Found: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton
Key Found: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found: HKU\.DEFAULT\Software\Auslogics
Key Found: HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\APN PIP
Key Found: HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\SlimWare Utilities Inc
Key Found: HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\Auslogics
Key Found: HKU\S-1-5-18\Software\Auslogics
Key Found: HKCU\Software\APN PIP
Key Found: HKCU\Software\SlimWare Utilities Inc
Key Found: HKCU\Software\Auslogics
Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found: [x64] HKCU\Software\APN PIP
Key Found: [x64] HKCU\Software\SlimWare Utilities Inc
Key Found: [x64] HKCU\Software\Auslogics
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [20770 Bytes] - [09/05/2016 01:19:58]
C:\AdwCleaner\AdwCleaner[R0].txt - [12767 Bytes] - [19/09/2014 05:14:40]
C:\AdwCleaner\AdwCleaner[R1].txt - [4934 Bytes] - [06/05/2016 01:39:36]
C:\AdwCleaner\AdwCleaner[s0].txt - [11424 Bytes] - [19/09/2014 05:17:54]
C:\AdwCleaner\AdwCleaner[s1].txt - [20848 Bytes] - [09/05/2016 01:17:17]
C:\AdwCleaner\AdwCleaner[s2].txt - [3714 Bytes] - [09/06/2017 11:41:35]
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [3787 Bytes] ##########

 

 

 

 

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/2/2017
Scan Time: 11:35 PM
Logfile: mal6317.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2017.06.02.08
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kristina
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433766
Time Elapsed: 42 min, 31 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.DriverUpdate, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SWDUMon, , [ff71f6445455db5b6c204ad72dd39a66],
PUP.Optional.UCBrowser, HKU\S-1-5-18\SOFTWARE\UCBrowser, , [264ac377b6f32f07594ebd2323de3cc4],
PUP.Optional.UCBrowser, HKU\S-1-5-21-1203233110-3124362348-787559586-1002\SOFTWARE\UCBrowserPID, , [1060f94105a41a1c9113f1efb948f709],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 145
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\Online_Downloader, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Bookmarks Backup, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\databases, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\data_reduction_proxy_leveldb, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\IndexedDB, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\JumpListIcons, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\JumpListIconsOld, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Local Extension Settings, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Local Storage, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Media Cache, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extension State, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki\1.1.5_0, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki\1.1.5_0\icons, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki\1.1.5_0\icons\weatherIcons, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki\1.1.5_0\offlinePhotos, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki\1.1.5_0\_locales, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki\1.1.5_0\_locales\en, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki\1.1.5_0\_metadata, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\data, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\data\css, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\data\images, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\data\js, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\data\js\libs, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\lib, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\lib\libs, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\ca, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\cs, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\da, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\de, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\en, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\en_GB, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\es, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\eu, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\fi, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\fr, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\hr, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\hu, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\it, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\ja, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\ko, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\nb, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\nl, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\pl, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\pt, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\ro, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\ru, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\sk, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\sl, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\sv, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\tr, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\uk, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\zh_CN, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_locales\zh_TW, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.5_0\_metadata, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0\css, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0\images, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0\js, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0\plugins, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0\_locales, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0\_locales\en, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0\_locales\es, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0\_locales\id, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0\_locales\pt, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0\_locales\ru, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.18_0\_locales\zh, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\assets, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\inject, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\js, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\lib, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\module, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\test, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\_locales, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\_locales\en, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\_locales\es, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\_locales\id, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\_locales\pt_BR, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\_locales\ru, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\_locales\ru_RU, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\_locales\zh_CN, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.7.1_0\_locales\zh_TW, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\bg, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\injection, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\lib, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\options, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\options\src, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\options\src\jasmine-core, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\pages, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\pages\i18n-video-toolbar, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\pages\i18n-video-toolbar\img, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\pages\i18n-video-toolbar\js, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\res, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\res\i18n-ebusiness-amazon, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\style, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\util, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\_locales, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\_locales\en, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\_locales\es, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\_locales\id, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\_locales\pt_BR, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\_locales\ru, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\_locales\ru_RU, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\_locales\zh_CN, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi\0.7.7_0\_locales\zh_TW, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\GPUCache, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data\Shockwave Flash, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\4HGGFQQA, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data\Shockwave Flash\WritableRoot, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\R3FDTYSF, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\R3FDTYSF\macromedia.com, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\R3FDTYSF\macromedia.com\support, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\R3FDTYSF\macromedia.com\support\flashplayer, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\R3FDTYSF\macromedia.com\support\flashplayer\sys, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Session Storage, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Doctor, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Doctor\1.0.2.14, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Doctor\1.0.2.14\locales, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Doctor\1.0.2.14\locales\en-US, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Doctor\1.0.2.14\locales\en-US\LC_MESSAGES, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Doctor\1.0.2.14\locales\zh-CN, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Doctor\1.0.2.14\locales\zh-CN\LC_MESSAGES, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\EVWhitelist, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\PepperFlash, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\ShaderCache, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\ShaderCache\GPUCache, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Thunder, , [a4cc4cee3970fc3a3136ebad45bcd42c],
Files: 843
PUP.Optional.DriverUpdate, C:\Windows\System32\drivers\SWDUMon.sys, , [ff71f6445455db5b6c204ad72dd39a66],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\Online_Downloader\installer_channel.md5, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Bloom, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\chrome_debug.log, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\First Run, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Local State, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Bloom Prefix Set, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Cookies.9, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Cookies.9-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Csd Whitelist, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Download, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Download Whitelist, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Extension Blacklist, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Inclusion Whitelist, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing IP Blacklist, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing UwS List, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing UwS List Prefix Set, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Download.29, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\History.29-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\URL Security.2-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Account Data, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Account Data-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Bookmarks, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cookies.9, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cookies.9-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Current Session, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Current Tabs, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Network Persistent State, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Omnibox, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Omnibox-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Origin Bound Certs, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Origin Bound Certs-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Visited Links, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Visualized Bookmarks BM V2.1, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Visualized Bookmarks BM V2.1-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Visualized Bookmarks V2.1, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Visualized Bookmarks V2.1-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Web Data.65, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Web Data.65-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Download.29-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extension Cookies.9, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Extension Cookies.9-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Favicons.8, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Favicons.8-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\History.29, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Preferences, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\QuotaManager.5, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\QuotaManager.5-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Retailer, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Secure Preferences, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Top Sites.3, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Top Sites.3-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\TransportSecurity, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\UC Login Data.17, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\UC Login Data.17-journal, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\URL Security.2, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Bookmarks Backup\Bookmarks_13132294778413498_24_7, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\data_0, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\data_1, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\data_2, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\data_3, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000001, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000002, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000003, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000004, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000005, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000006, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000007, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000008, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000009, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00000a, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00000b, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00000c, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00000d, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00000e, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00000f, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000011, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000012, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000013, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000014, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000015, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000016, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000017, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000018, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000019, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00001a, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00001b, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00001c, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00001e, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00001f, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000020, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000021, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000022, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000023, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000025, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000026, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000027, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000028, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000029, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00002a, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00002b, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00002c, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00002d, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00002e, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00002f, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000030, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000031, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000032, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000033, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000034, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000035, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000036, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000037, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000039, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00003a, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00003b, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00003c, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00003d, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00003e, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00003f, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000040, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000041, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000042, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000043, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000044, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000045, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000046, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000047, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000048, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000049, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00004a, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00004b, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00004d, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00004e, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00004f, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000050, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000051, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000052, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000053, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000054, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000055, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000056, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000057, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000058, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000059, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00005a, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00005b, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00005c, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00005d, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00005e, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00005f, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000061, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000062, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000063, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000064, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000065, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000066, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000067, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000068, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000069, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00006a, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00006b, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00006c, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00006d, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00006e, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00006f, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000070, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000071, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000072, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000073, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000010, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000024, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000038, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00004c, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000060, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000074, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_000088, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_00009c, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_0000b0, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\UCBrowser\User Data_i18n\Default\Cache\f_0000c4, , [a4cc4cee3970fc3a3136ebad45bcd42c],
PUP.Optional.UCBrowser, C:\Users\Kristina\AppData\Local\U

Share this post


Link to post
Share on other sites

I can see a lot of things coming out of chrome browser.

I think you need to save your Favourites and reset the browser.

 

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

U5NwUGc.pngBackup Chrome Bookmarks

 

Proceed with the reset once done.

U5NwUGc.pngChrome: Chrome - Reset browser settings

 

~~~~~~~~~~~~

 

xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
~~~~~~~~

 

When you have both of the txt ready to post, please go to this forum and create a new topic asking for help

https://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/

Share this post


Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01

Ran by Kristina (administrator) on KRISTINA-HP (15-06-2017 14:11:00)

Running from C:\Users\Kristina\Downloads

Loaded Profiles: Kristina (Available Profiles: Kristina & New User & newac)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal



==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Advanced Micro Devices, Inc.) C:\Windows\System32\atibtmon.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)

HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-31] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-05-23] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)

HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-17] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)

HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-14] (Easybits)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-31] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"

HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [Google Update] => C:\Users\Kristina\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)

ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-13] (EasyBits Software Corp.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2

Tcpip\..\Interfaces\{522C3B31-8EAC-461F-81DB-46CFDA8BA7EE}: [DhcpNameServer] 75.114.81.1 75.114.81.2


Internet Explorer:

==================

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-30] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-30] (Oracle Corporation)

DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://pcpitstop.com/betapit/PCPitStop.CAB

DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab


FireFox:

========

FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default [2017-06-14]

FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\uhoxnpbr.default -> Yahoo Web

FF Homepage: Mozilla\Firefox\Profiles\uhoxnpbr.default -> hxxps://www.yahoo.com/

FF Keyword.URL: Mozilla\Firefox\Profiles\uhoxnpbr.default ->

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_126.dll [2017-06-14] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_126.dll [2017-06-14] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-30] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-30] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-07-10] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-07-10] (RealTimes)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kristina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @talk.google.com/O1DPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kristina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-05] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kristina\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File]

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-09-18] (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)


Chrome:

=======

CHR DefaultProfile: Default

CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default

CHR DefaultSearchKeyword: Default -> Yahoo

CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10

CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default [2017-06-15]

CHR Extension: (Google Slides) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-25]

CHR Extension: (Google Docs) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25]

CHR Extension: (Google Drive) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (Google Search) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Google Sheets) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-25]

CHR Extension: (Google Docs Offline) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]

CHR Extension: (TLRemove) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2015-08-30]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]

CHR Extension: (Gmail) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR Extension: (Chrome Media Router) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-13]

CHR Extension: (Skype Calling) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-04-11]

CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-06-02] (SUPERAntiSpyware.com)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-02-28] (Advanced Micro Devices, Inc.) [File not signed]

R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-05-23] (AVG Technologies CZ, s.r.o.)

R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-05-23] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-05-31] (AVG Technologies CZ, s.r.o.)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)

S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()

R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-10] (RealNetworks, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-05-23] (AVG Technologies CZ, s.r.o.)

R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314128 2017-05-23] (AVG Technologies CZ, s.r.o.)

R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-05-23] (AVG Technologies CZ, s.r.o.)

R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-05-23] (AVG Technologies CZ, s.r.o.)

R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-05-23] (AVG Technologies CZ, s.r.o.)

S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-05-23] (AVG Technologies CZ, s.r.o.)

R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [129776 2017-05-23] (AVG Technologies CZ, s.r.o.)

R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102280 2017-05-23] (AVG Technologies CZ, s.r.o.)

R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-05-23] (AVG Technologies CZ, s.r.o.)

R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-05-23] (AVG Technologies CZ, s.r.o.)

R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [570320 2017-05-23] (AVG Technologies CZ, s.r.o.)

R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [160008 2017-05-23] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)

R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340824 2017-05-23] (AVG Technologies CZ, s.r.o.)

S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)

S3 iscFlash; C:\SWSetup\SP60593\iscflashx64.sys [50752 2011-05-19] (Insyde Software)

R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 clwvd; system32\DRIVERS\clwvd.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-06-15 14:11 - 2017-06-15 14:13 - 00022864 _____ C:\Users\Kristina\Downloads\FRST.txt

2017-06-15 14:10 - 2017-06-15 14:10 - 02438656 _____ (Farbar) C:\Users\Kristina\Downloads\FRST64.exe

2017-06-15 14:06 - 2017-06-15 14:06 - 00000564 _____ C:\Users\Kristina\Desktop\billylinks.txt

2017-06-15 14:04 - 2017-06-15 14:04 - 00503554 _____ C:\Users\Kristina\Documents\bookmarks_6_15_171.html

2017-06-15 14:01 - 2017-06-15 14:01 - 00503554 _____ C:\Users\Kristina\Desktop\bookmarks_6_15_17.html

2017-06-14 14:38 - 2017-06-14 15:08 - 00000000 ____D C:\Users\Kristina\Desktop\tattood men

2017-06-13 18:23 - 2017-05-03 11:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2017-06-13 18:23 - 2017-05-03 11:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2017-06-13 18:23 - 2017-05-03 09:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2017-06-13 18:23 - 2017-05-03 09:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2017-06-13 18:23 - 2017-05-03 09:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2017-06-13 18:23 - 2017-05-03 09:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2017-06-13 18:23 - 2017-05-03 09:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll

2017-06-13 18:23 - 2017-05-03 09:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2017-06-13 18:23 - 2017-05-03 09:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2017-06-13 18:23 - 2017-03-22 22:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2017-06-13 16:09 - 2017-06-13 16:09 - 02731935 _____ C:\Users\Kristina\Downloads\12985060_951758311609729_204814753_n.mp4

2017-06-13 16:09 - 2017-06-13 16:09 - 01710555 _____ C:\Users\Kristina\Downloads\13005456_1732589793651834_403466850_n.mp4

2017-06-13 16:08 - 2017-06-13 16:08 - 01598330 _____ C:\Users\Kristina\Downloads\13102960_1215230321844197_1296955621_n.mp4

2017-06-13 16:05 - 2017-06-13 16:05 - 01194252 _____ C:\Users\Kristina\Downloads\13468416_1101325776580108_1407683557_s.mp4

2017-06-13 16:04 - 2017-06-13 16:04 - 01311111 _____ C:\Users\Kristina\Downloads\13486927_113719545721803_1863103880_s.mp4

2017-06-13 16:03 - 2017-06-13 16:03 - 01188656 _____ C:\Users\Kristina\Downloads\13477612_999461530161617_1094744396_s.mp4

2017-06-13 16:01 - 2017-06-13 16:01 - 01169294 _____ C:\Users\Kristina\Downloads\13879488_275752592796277_465110306_s.mp4

2017-06-13 15:58 - 2017-06-13 15:58 - 01112452 _____ C:\Users\Kristina\Downloads\14206591_1779328835613816_383530724_s.mp4

2017-06-13 15:56 - 2017-06-13 15:56 - 01239034 _____ C:\Users\Kristina\Downloads\15007047_1060039554094919_7254940442939097088_n.mp4

2017-06-13 15:55 - 2017-06-13 15:55 - 00810246 _____ C:\Users\Kristina\Downloads\15230029_1625174184442890_1136069835348770816_n.mp4

2017-06-13 15:53 - 2017-06-13 15:53 - 01040072 _____ C:\Users\Kristina\Downloads\15673753_134927040329608_4097522873399246848_n.mp4

2017-06-13 15:25 - 2017-06-13 19:50 - 00000000 ____D C:\Users\Kristina\Desktop\oldsamsung

2017-06-13 15:23 - 2017-06-13 16:14 - 00000000 ____D C:\Users\Kristina\Desktop\snapchat

2017-06-13 13:33 - 2017-06-13 13:33 - 01555171 _____ C:\Users\Kristina\Downloads\15821240_366981117010703_4766192012292521984_n.mp4

2017-06-13 13:32 - 2017-06-13 13:32 - 04723724 _____ C:\Users\Kristina\Downloads\15819588_1745653389095251_6380434206111039488_n.mp4

2017-06-13 13:02 - 2017-06-13 13:02 - 00515337 _____ C:\Users\Kristina\Downloads\17816858_1230772993686866_1575949803005673472_n.mp4

2017-06-13 11:24 - 2017-06-13 11:24 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-06-13 06:25 - 2017-06-13 06:25 - 00001740 _____ C:\Users\Kristina\Desktop\esetsc613.txt

2017-06-13 01:07 - 2017-06-13 01:07 - 00004439 _____ C:\Users\Kristina\Desktop\AdwCleaner[C3].txt

2017-06-13 01:02 - 2017-06-13 01:02 - 00004347 _____ C:\Users\Kristina\Desktop\AdwCleaner[s3].txt

2017-06-13 00:56 - 2017-06-13 00:57 - 04110280 _____ C:\Users\Kristina\Downloads\AdwCleaner.exe

2017-06-13 00:23 - 2017-05-23 10:53 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe

2017-06-12 21:34 - 2017-06-12 21:34 - 00393258 _____ C:\Users\Kristina\Downloads\13998407_230282497368560_1174604822_n.mp4

2017-06-12 21:29 - 2017-06-14 11:56 - 00000000 ____D C:\Users\Kristina\Desktop\jose

2017-06-12 21:21 - 2017-06-12 21:21 - 00927996 _____ C:\Users\Kristina\Downloads\17158431_159418057908429_6583735971966091264_n.mp4

2017-06-12 01:14 - 2017-06-12 01:14 - 00083056 _____ C:\Users\Kristina\Desktop\bookmarksfirefox.html

2017-06-11 21:18 - 2017-06-11 21:18 - 03207656 _____ C:\Users\Kristina\Downloads\19181188_1929290823974368_1761036646918127616_n.mp4

2017-06-11 20:19 - 2017-06-11 20:19 - 02361811 _____ C:\Users\Kristina\Downloads\11817924_1027278123980300_1202056414_n.mp4

2017-06-11 19:44 - 2017-06-11 19:44 - 02133582 _____ C:\Users\Kristina\Downloads\12318702_190645067946239_1715474803_n.mp4

2017-06-11 19:42 - 2017-06-11 19:42 - 02840242 _____ C:\Users\Kristina\Downloads\12708487_792781237532497_495888125_n.mp4

2017-06-11 16:06 - 2017-06-11 16:06 - 02217093 _____ C:\Users\Kristina\Downloads\15827654_1818116791764110_3442264001088585728_n.mp4

2017-06-10 00:07 - 2017-06-10 00:07 - 00000721 _____ C:\Users\Kristina\Desktop\bluesc.txt

2017-06-03 15:18 - 2017-06-14 15:21 - 00000000 ____D C:\Users\Kristina\Desktop\today

2017-06-03 01:48 - 2017-06-15 00:16 - 00000000 ____D C:\Users\Kristina\Desktop\fixpic

2017-06-03 00:24 - 2017-06-03 00:24 - 00176733 _____ C:\Users\Kristina\Desktop\mal6317.txt

2017-06-02 18:56 - 2017-04-27 18:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll

2017-06-02 18:56 - 2017-04-17 11:37 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2017-06-02 18:56 - 2017-04-17 11:37 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2017-06-02 18:56 - 2017-04-17 11:37 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2017-06-02 18:56 - 2017-04-17 11:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2017-06-02 18:56 - 2017-04-17 11:23 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2017-06-02 18:56 - 2017-04-17 11:22 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2017-06-02 18:56 - 2017-04-17 11:21 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2017-06-02 18:56 - 2017-04-17 11:21 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2017-06-02 18:56 - 2017-04-17 11:21 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2017-06-02 18:56 - 2017-04-17 11:21 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2017-06-02 18:56 - 2017-04-17 11:21 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2017-06-02 18:56 - 2017-04-17 11:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2017-06-02 18:56 - 2017-04-17 11:01 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2017-06-02 18:56 - 2017-04-17 11:01 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2017-06-02 18:56 - 2017-04-17 11:01 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2017-06-02 18:56 - 2017-04-17 11:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2017-06-02 18:56 - 2017-04-12 09:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll

2017-06-01 22:46 - 2017-06-01 22:47 - 01338428 _____ C:\Users\Kristina\Downloads\18895279_1890400084567567_9042354373807570944_n.mp4

2017-05-30 01:51 - 2017-05-30 01:51 - 00000000 _____ C:\Windows\SysWOW64\sho5559.tmp

2017-05-30 01:12 - 2017-04-27 21:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2017-05-30 01:12 - 2017-04-27 21:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2017-05-30 01:12 - 2017-04-27 21:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2017-05-30 01:12 - 2017-04-27 21:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2017-05-30 01:12 - 2017-04-27 21:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2017-05-30 01:12 - 2017-04-27 21:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2017-05-30 01:12 - 2017-04-27 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2017-05-30 01:12 - 2017-04-27 21:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2017-05-30 01:12 - 2017-04-27 21:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2017-05-30 01:12 - 2017-04-27 21:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2017-05-30 01:12 - 2017-04-27 21:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2017-05-30 01:12 - 2017-04-27 21:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2017-05-30 01:12 - 2017-04-27 20:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2017-05-30 01:12 - 2017-04-27 20:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2017-05-30 01:12 - 2017-04-27 20:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2017-05-30 01:12 - 2017-04-27 20:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2017-05-30 01:12 - 2017-04-27 20:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2017-05-30 01:12 - 2017-04-27 20:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2017-05-30 01:12 - 2017-04-26 10:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2017-05-30 01:12 - 2017-04-19 20:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2017-05-30 01:12 - 2017-04-19 19:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2017-05-30 01:12 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2017-05-30 01:12 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2017-05-30 01:12 - 2017-04-16 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2017-05-30 01:12 - 2017-04-16 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2017-05-30 01:12 - 2017-04-16 04:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2017-05-30 01:12 - 2017-04-16 04:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2017-05-30 01:12 - 2017-04-16 04:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2017-05-30 01:12 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2017-05-30 01:12 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2017-05-30 01:12 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2017-05-30 01:12 - 2017-04-16 04:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2017-05-30 01:12 - 2017-04-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2017-05-30 01:12 - 2017-04-16 04:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2017-05-30 01:12 - 2017-04-16 04:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2017-05-30 01:12 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2017-05-30 01:12 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2017-05-30 01:12 - 2017-04-16 04:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2017-05-30 01:12 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2017-05-30 01:12 - 2017-04-16 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2017-05-30 01:12 - 2017-04-16 04:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2017-05-30 01:12 - 2017-04-16 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2017-05-30 01:12 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2017-05-30 01:12 - 2017-04-16 04:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2017-05-30 01:12 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2017-05-30 01:12 - 2017-04-16 04:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2017-05-30 01:12 - 2017-04-16 04:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2017-05-30 01:12 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2017-05-30 01:12 - 2017-04-16 04:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2017-05-30 01:12 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2017-05-30 01:12 - 2017-04-16 04:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2017-05-30 01:12 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2017-05-30 01:12 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2017-05-30 01:12 - 2017-04-16 03:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2017-05-30 01:12 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2017-05-30 01:12 - 2017-04-16 03:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2017-05-30 01:12 - 2017-04-16 03:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2017-05-30 01:12 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2017-05-30 01:12 - 2017-04-16 03:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2017-05-30 01:12 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2017-05-30 01:12 - 2017-04-16 03:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2017-05-30 01:12 - 2017-04-16 03:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2017-05-30 01:12 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2017-05-30 01:12 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2017-05-30 01:12 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2017-05-30 01:12 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2017-05-30 01:12 - 2017-04-16 03:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2017-05-30 01:12 - 2017-04-16 03:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2017-05-30 01:12 - 2017-04-16 03:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2017-05-30 01:12 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2017-05-30 01:12 - 2017-04-16 03:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2017-05-30 01:12 - 2017-04-16 03:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2017-05-30 01:12 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2017-05-30 01:12 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2017-05-30 01:12 - 2017-04-16 03:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2017-05-30 01:12 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2017-05-30 01:12 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2017-05-30 01:12 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2017-05-30 01:12 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2017-05-30 01:12 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2017-05-30 01:12 - 2017-04-16 03:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2017-05-30 01:12 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2017-05-30 01:12 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2017-05-30 01:12 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2017-05-30 01:12 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2017-05-30 01:12 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2017-05-30 01:12 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2017-05-30 01:12 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2017-05-30 01:12 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2017-05-30 01:12 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2017-05-30 01:12 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2017-05-30 01:12 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2017-05-30 01:12 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2017-05-30 01:12 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2017-05-30 01:12 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll

2017-05-30 01:12 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2017-05-30 01:12 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2017-05-30 01:12 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2017-05-30 01:12 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2017-05-30 01:12 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2017-05-30 01:12 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2017-05-30 01:12 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll

2017-05-30 01:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll

2017-05-30 01:12 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2017-05-30 01:12 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2017-05-30 01:11 - 2017-04-27 21:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2017-05-30 01:11 - 2017-04-27 21:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2017-05-30 01:11 - 2017-04-27 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2017-05-30 01:11 - 2017-04-27 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2017-05-30 01:11 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-c

Share this post


Link to post
Share on other sites
==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-06-15 14:11 - 2016-05-09 01:31 - 00000000 ____D C:\FRST

2017-06-15 13:56 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-06-15 13:56 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-06-15 13:29 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-06-15 02:59 - 2012-04-13 14:49 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job

2017-06-15 00:39 - 2016-09-20 23:38 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task

2017-06-14 22:51 - 2016-11-18 00:15 - 00000000 ____D C:\Users\Kristina\AppData\LocalLow\Mozilla

2017-06-14 12:25 - 2012-04-04 23:19 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2017-06-14 12:25 - 2012-04-04 23:19 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2017-06-14 12:25 - 2011-11-14 16:43 - 00000000 ____D C:\Windows\system32\Macromed

2017-06-14 12:25 - 2011-08-14 22:23 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-06-14 12:25 - 2011-04-13 19:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2017-06-14 11:52 - 2016-11-17 22:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2017-06-14 11:52 - 2012-04-25 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-06-14 01:23 - 2014-12-14 12:52 - 00000000 ____D C:\Windows\system32\appraiser

2017-06-13 18:07 - 2016-12-13 15:40 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForKristina.job

2017-06-13 15:04 - 2016-12-13 15:40 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKristina

2017-06-13 11:23 - 2012-12-06 18:14 - 00000000 ____D C:\Program Files (x86)\Google

2017-06-13 05:59 - 2012-04-13 14:49 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core.job

2017-06-13 01:03 - 2014-09-19 05:14 - 00000000 ____D C:\AdwCleaner

2017-06-13 01:02 - 2011-08-21 00:40 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2017-06-13 00:24 - 2017-04-08 14:57 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update

2017-06-13 00:24 - 2015-05-28 23:01 - 00000000 ____D C:\Users\newac

2017-06-13 00:24 - 2013-02-01 08:19 - 00000000 ____D C:\Users\New User

2017-06-13 00:17 - 2015-07-10 13:28 - 00000000 ____D C:\ProgramData\Real

2017-06-13 00:17 - 2011-08-14 21:06 - 00000000 ____D C:\Users\Kristina

2017-06-13 00:16 - 2015-07-10 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks

2017-06-13 00:15 - 2016-05-04 08:13 - 00000000 ____D C:\Users\newac\AppData\Roaming\AVG

2017-06-13 00:15 - 2015-07-10 13:32 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\RealNetworks

2017-06-13 00:15 - 2015-07-10 13:31 - 00000000 ____D C:\ProgramData\RealNetworks

2017-06-13 00:15 - 2015-07-10 13:31 - 00000000 ____D C:\ProgramData\Package Cache

2017-06-13 00:15 - 2015-03-19 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2017-06-13 00:15 - 2011-04-13 19:30 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard

2017-06-13 00:15 - 2011-04-13 19:20 - 00000000 ____D C:\ProgramData\RoxioNow

2017-06-13 00:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf

2017-06-13 00:14 - 2015-07-10 13:31 - 00000000 ____D C:\Program Files (x86)\RealNetworks

2017-06-13 00:14 - 2015-07-10 13:30 - 00000000 ____D C:\Program Files (x86)\Real

2017-06-13 00:14 - 2011-06-26 15:21 - 00000000 ____D C:\Program Files\IDT

2017-06-13 00:14 - 2011-04-13 19:28 - 00000000 ____D C:\Program Files (x86)\Java

2017-06-13 00:14 - 2011-04-13 19:26 - 00000000 ____D C:\Program Files (x86)\EasyBits For Kids

2017-06-13 00:14 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration

2017-06-13 00:12 - 2015-05-31 00:08 - 00000000 ____D C:\Users\newac\AppData\Roaming\Mozilla

2017-06-13 00:12 - 2015-05-28 23:01 - 00000000 ____D C:\Users\newac\AppData\Local\Google

2017-06-13 00:11 - 2015-07-10 13:30 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Real

2017-06-12 17:37 - 2015-07-20 15:43 - 00000000 ____D C:\Windows\Minidump

2017-06-12 01:01 - 2015-03-18 20:33 - 00000000 ____D C:\Users\Kristina\AppData\Local\Adobe

2017-06-09 04:08 - 2013-11-03 14:15 - 00000000 ____D C:\Users\New User\Desktop\LTKGPICS

2017-06-09 03:56 - 2011-08-26 12:14 - 00000000 ____D C:\Users\Kristina\AppData\Local\CrashDumps

2017-06-08 23:57 - 2016-12-26 17:34 - 00000000 ____D C:\Users\Kristina\AppData\Local\ESET

2017-06-08 23:45 - 2011-04-13 19:28 - 00000000 ____D C:\Program Files\Java

2017-06-05 15:45 - 2015-08-28 23:43 - 00000000 ____D C:\Users\Kristina\Desktop\SENT2BORNALREADY!

2017-06-04 11:01 - 2009-07-14 01:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI

2017-06-03 13:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2017-06-03 12:10 - 2016-11-01 20:10 - 00000000 ___HD C:\Users\Kristina\Desktop\.picasaoriginals

2017-06-03 02:35 - 2013-06-01 04:15 - 00000168 ____H C:\Users\Kristina\Downloads\.picasa.ini

2017-06-03 02:02 - 2016-11-06 19:01 - 00000000 ____D C:\Users\Kristina\Desktop\billy2metext

2017-06-03 00:06 - 2016-11-16 21:41 - 00000000 ____D C:\Users\Kristina\Desktop\picsofthedogsold

2017-06-02 23:35 - 2015-07-16 13:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2017-06-02 19:02 - 2011-09-13 21:43 - 00776078 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2017-06-02 18:33 - 2012-10-06 03:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2017-05-31 02:16 - 2017-03-15 17:43 - 00000000 ____D C:\Users\Kristina\Desktop\4cops31517

2017-05-30 17:10 - 2013-11-12 19:28 - 00000000 ____D C:\ProgramData\Oracle

2017-05-30 17:08 - 2015-03-19 21:57 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2017-05-30 02:01 - 2012-05-12 12:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2017-05-30 02:01 - 2012-05-12 12:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2017-05-30 02:01 - 2009-07-14 00:45 - 00289464 _____ C:\Windows\system32\FNTCACHE.DAT

2017-05-30 01:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2017-05-30 01:28 - 2012-05-12 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2017-05-30 01:26 - 2013-08-14 11:47 - 00000000 ____D C:\Windows\system32\MRT

2017-05-30 01:19 - 2011-08-17 16:32 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-05-30 00:27 - 2017-04-24 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2017-05-30 00:27 - 2015-11-23 09:51 - 00000899 _____ C:\Users\Public\Desktop\AVG.lnk

2017-05-23 10:53 - 2017-04-08 14:57 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys

2017-05-23 10:53 - 2017-04-08 14:57 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys

2017-05-23 10:53 - 2017-04-08 14:57 - 00160008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys

2017-05-23 10:53 - 2017-04-08 14:57 - 00159496 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.149555123396101

2017-05-23 10:53 - 2017-04-08 14:57 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys

2017-05-23 10:53 - 2017-04-08 14:57 - 00102280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys

2017-05-23 10:53 - 2017-04-08 14:57 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys

2017-05-23 10:53 - 2017-04-08 14:57 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys

2017-05-23 10:52 - 2017-04-08 14:57 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys

2017-05-23 10:52 - 2017-04-08 14:57 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys

2017-05-23 10:52 - 2017-04-08 14:57 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys

2017-05-23 10:52 - 2017-04-08 14:57 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys

2017-05-23 10:52 - 2017-04-08 14:57 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys

2017-05-23 10:52 - 2017-04-08 14:57 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys

2017-05-21 15:41 - 2017-02-28 01:31 - 00002434 _____ C:\Users\Kristina\Desktop\creditrpt1.txt

2017-05-17 19:38 - 2016-10-04 00:48 - 00000000 ____D C:\Users\Kristina\Desktop\pixnd4b

2017-05-17 11:22 - 2017-02-26 15:58 - 00000000 ____D C:\Users\Kristina\Desktop\4bh

2017-05-16 20:55 - 2017-02-11 18:11 - 00000000 ____D C:\Users\Kristina\Desktop\picxx

2017-05-16 19:24 - 2017-04-18 18:30 - 00000000 ____D C:\Users\Kristina\Desktop\P2334245


==================== Files in the root of some directories =======


2013-05-27 00:01 - 2014-06-24 23:46 - 0003733 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml

2015-04-27 00:34 - 2015-04-27 00:34 - 0893239 _____ () C:\Users\Kristina\AppData\Local\a.zip

2015-04-27 00:34 - 2015-04-27 00:34 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Kristina\AppData\Local\BcsKtYcHW.dll

2012-07-13 11:07 - 2012-07-16 00:09 - 0000581 _____ () C:\Users\Kristina\AppData\Local\cookies.ini

2016-06-05 23:39 - 2016-06-05 23:39 - 0003584 _____ () C:\Users\Kristina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-10-21 18:52 - 2015-10-22 23:59 - 0158969 _____ () C:\Users\Kristina\AppData\Local\ZedgeLog.txt

2016-02-07 11:46 - 2016-02-07 11:46 - 0000057 _____ () C:\ProgramData\Ament.ini


Some files in TEMP:

====================

2017-05-08 10:43 - 2017-04-20 09:17 - 0050720 _____ (HP Inc.) C:\Users\Kristina\AppData\Local\Temp\ACLMInstaller.exe

2017-05-30 17:07 - 2017-05-30 17:07 - 0739904 _____ (Oracle Corporation) C:\Users\Kristina\AppData\Local\Temp\jre-8u131-windows-au.exe


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-06-12 19:42


==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01

Ran by Kristina (15-06-2017 14:14:10)

Running from C:\Users\Kristina\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2011-08-15 01:06:18)

Boot Mode: Normal

==========================================================



==================== Accounts: =============================


Administrator (S-1-5-21-1203233110-3124362348-787559586-500 - Administrator - Disabled)

Guest (S-1-5-21-1203233110-3124362348-787559586-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1203233110-3124362348-787559586-1003 - Limited - Enabled)

Kristina (S-1-5-21-1203233110-3124362348-787559586-1002 - Administrator - Enabled) => C:\Users\Kristina

New User (S-1-5-21-1203233110-3124362348-787559586-1005 - Administrator - Enabled) => C:\Users\New User

newac (S-1-5-21-1203233110-3124362348-787559586-1006 - Limited - Enabled) => C:\Users\newac


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)

Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.126 - Adobe Systems Incorporated)

Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}) (Version: 3.0.812.0 - ATI Technologies, Inc.)

AVG (Version: 1.191.1 - AVG Technologies) Hidden

AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

ccc-core-static (x32 Version: 2011.0228.1151.21177 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.2.1) (Version: 5.0.2.1 - Coupons.com Incorporated)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Elevated Installer (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden

Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden

FMW 1 (Version: 1.203.1 - AVG Technologies) Hidden

Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.86 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)

Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden

HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)

HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)

HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)

HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)

HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)

HP On Screen Display (HKLM-x32\...\{B97A2DD1-46E5-41BB-95D9-3B971B66A498}) (Version: 1.1.1 - Hewlett-Packard Company)

HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)

HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)

HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.6.14.19 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden

iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)

iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)

Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden

Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)

P@H-Protocol (HKLM-x32\...\{4CFAC858-CB6F-4F5B-9BD9-4DAE8747F0E3}) (Version: 3.0.8.11 - Valassis)

P@H-Protocol (HKLM-x32\...\{A2CB3AFC-E449-408A-BF4F-FE64EB1899D8}) (Version: 3.0.8.7 - Valassis)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax)

QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)

Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)

RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden

RealDownloader (x32 Version: 18.1.4.144 - RealNetworks) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)

RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.1 - RealNetworks)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)

Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1008 - SUPERAntiSpyware.com)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)

Unity Web Player (HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

Video Downloader (x32 Version: 1.2.0 - RealNetworks) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden

Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Share this post


Link to post
Share on other sites
==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {038A9CE6-6748-426E-B73A-0B165E62ACA7} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15] (Oracle Corporation)

Task: {0C76A7FA-F5AC-47C4-A23B-FCE1059CF98B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-04-22] (Apple Inc.)

Task: {11330A39-8236-49BF-B247-F62219BCF153} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {120EB91F-2D67-418A-B661-7169B82A08E6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-06-17] (RealNetworks, Inc.)

Task: {12AF6DA6-1F82-4DE6-858A-3ABAC82FBE3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {1D13ED79-793A-4C2C-9D05-C0DA4ADDD1E4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1203233110-3124362348-787559586-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-06-17] (RealNetworks, Inc.)

Task: {229E29A9-7082-495C-852C-C2679BB90E0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {23363B2B-73A4-4A6B-BF56-1DC93E8B58BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {24CB810E-BD72-4854-9181-60254DA38C9A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)

Task: {2D159972-CD98-4258-9484-F94B78598A6B} - System32\Tasks\{48C00D52-EB8C-4560-9A73-D58F4B5370FF} => pcalua.exe -a C:\Users\Kristina\Downloads\bw11.08.13.exe -d C:\Users\Kristina\Downloads

Task: {3CDD512E-3FF0-4C10-B80A-5C6B5F7BA079} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-14] (Adobe Systems Incorporated)

Task: {3F18608F-B93E-4619-A19D-4CBCBCC4B547} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)

Task: {4B4D3367-34BE-469F-B8CD-5BF906E62E02} - System32\Tasks\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 <==== ATTENTION

Task: {4C0DE6CC-A65F-4B53-94F0-22AEE6C51202} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)

Task: {4FEE7B33-EC4C-44A3-A8C8-803EF353C003} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe

Task: {5D5B3A12-CB35-49F6-A4A6-11B7D11199E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {6829D26F-870F-4A93-9D02-E0AD893930AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {686CFA1F-3D1E-4746-A068-EA3A49AFEC25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe

Task: {6BF12DE6-70E4-49C0-A047-F6C350CC3D02} - System32\Tasks\{C398C920-9036-43C9-9C16-6632CA93D9B6} => pcalua.exe -a "C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TKS3IZ3\jre-6u29-windows-i586-iftw.exe" -d C:\Users\Kristina\Desktop

Task: {6E24257F-6D2B-43F8-82BB-35CC50076740} - System32\Tasks\HPCeeScheduleForKristina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)

Task: {71226F51-638A-4249-8E44-F828443D8EF1} - System32\Tasks\{EB1E2209-03AA-4611-A735-2E5D7CAA1E36} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 <==== ATTENTION

Task: {7404B7F8-66C3-4759-965C-02A54AAE6AA1} - System32\Tasks\{413E9514-DD67-4D90-90EF-176243B59408} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 <==== ATTENTION

Task: {7BB8EF6C-74B4-4847-8F2A-E2EE9E452F2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {7BB946BC-8CC9-4F61-B143-9DD4E927B7B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN56H1F6F9 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)

Task: {828EE263-0E81-4F8F-98AA-6D3750DB1454} - System32\Tasks\{933370C5-841D-4A70-A83D-495A880E9757} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 <==== ATTENTION

Task: {902453A2-83DA-460B-A3E3-E361D7FBC8BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)

Task: {95B206C5-5A1A-4F4A-B7A2-6CEBFD459908} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)

Task: {9B6667F7-7E0A-408A-92C6-B85434644231} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)

Task: {A4FEC03C-A928-4801-9F15-25462C678F9B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()

Task: {AC0A6B46-A7B5-4472-B342-AFDE4CC33DFE} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-05-23] (AVG Technologies CZ, s.r.o.)

Task: {B04889A1-6886-45BD-B56B-13F2F2839326} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)

Task: {B1099916-A131-4541-A5E5-5F19E75AB450} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-03] (Adobe Systems Incorporated)

Task: {C19B80BB-DB0F-4432-BD38-B2E3FC3AA604} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()

Task: {C1FEFCC3-9E84-40AF-9B34-DDCEC9C7A3F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)

Task: {CBCC6FC8-0A20-46E2-AF10-16FED26E4678} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-06-17] (RealNetworks, Inc.)

Task: {CCC78539-2998-4181-95FA-96B659297235} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe

Task: {CCCC3B1E-62AF-45AD-A02B-866BB05B66E8} - System32\Tasks\{760A731F-D146-483E-9066-46B1389C5AB0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 <==== ATTENTION

Task: {D82EBDEA-9EEC-4580-BE70-3ECE195DC441} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {DB1018A8-03FF-44EF-B84B-9E80CD68054D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1203233110-3124362348-787559586-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)

Task: {DCCD0B86-4A22-471D-B494-1D7636ADC3D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)

Task: {DDA9E029-779A-4A06-9136-48FAF04742C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)

Task: {E2CBF24A-B62C-4AAB-9599-858B21C0AA62} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)

Task: {E413A1CE-1D25-43F8-AA79-FA2F1AE20EFF} - System32\Tasks\{A8BDAE69-37E5-4188-82C1-CE5B154D86EE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 <==== ATTENTION

Task: {E6202F66-EEE3-42C6-8705-AB290D6A4BEC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: {E703CA6C-F0A0-4435-8E55-9EDD61EE6A1F} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-07-05] ()

Task: {EB1025C2-CE29-45A6-B506-5D1626A521A2} - System32\Tasks\{AF6C0069-DC37-41CC-84EF-5C44BEC96586} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 <==== ATTENTION

Task: {EC496DCF-E73C-44AB-B1C3-C3AE250D55EC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

Task: {EE584F9A-0E7B-48B2-BAA1-248316B8F67D} - System32\Tasks\{3068062A-F6DE-47BC-BDCE-CE942BD70C1F} => pcalua.exe -a "C:\Users\Kristina\Downloads\Boggly10 (1).exe" -d C:\Users\Kristina\Downloads

Task: {F1DA42B5-E7E0-40F5-8FEB-81AAFD36CEFC} - System32\Tasks\{DC735D85-101C-4D11-9734-4CE9A7706063} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 <==== ATTENTION

Task: {FD18089A-E518-42F6-B348-EAD4B0254CBE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core.job => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForKristina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe


==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)



==================== Loaded Modules (Whitelisted) ==============


2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-06-17 03:25 - 2015-06-17 03:25 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

2011-02-28 15:01 - 2011-02-28 15:01 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll

2011-02-28 15:01 - 2011-02-28 15:01 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2017-05-23 10:52 - 2017-05-23 10:52 - 00163152 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll

2017-05-23 10:52 - 2017-05-23 10:52 - 00827088 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll

2017-05-23 10:52 - 2017-05-23 10:52 - 00276904 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll

2011-04-08 10:57 - 2011-04-08 10:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll

2017-06-13 11:24 - 2017-06-03 04:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\libglesv2.dll

2017-06-13 11:24 - 2017-06-03 04:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\libegl.dll

2017-05-23 10:52 - 2017-05-23 10:52 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll

2017-05-23 10:52 - 2017-05-23 10:52 - 00178120 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll

2017-05-23 10:52 - 2017-05-23 10:52 - 00224352 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll

2017-06-14 15:58 - 2017-06-14 15:58 - 05678080 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17061402\algo.dll

2017-05-23 10:52 - 2017-05-23 10:52 - 00685784 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll

2017-05-23 10:52 - 2017-05-23 10:52 - 00231760 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll

2017-06-15 13:31 - 2017-06-15 13:31 - 05678080 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17061500\algo.dll

2017-02-14 09:42 - 2017-02-14 09:42 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll

2017-03-28 15:32 - 2017-03-28 15:32 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll

2015-06-17 03:24 - 2015-06-17 03:24 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll

2015-06-17 03:24 - 2015-06-17 03:24 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll

2015-06-17 03:24 - 2015-06-17 03:24 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll

2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

2016-11-28 22:33 - 2016-11-28 22:32 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

2017-05-23 10:52 - 2017-05-23 10:52 - 00999024 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll

2017-05-23 10:52 - 2017-05-23 10:52 - 67717632 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll

2011-04-08 10:57 - 2011-04-08 10:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

Share this post


Link to post
Share on other sites

I still can't post the rest of the log, I was on that site and used chrome first got booted so I decided to use firefox got booted and sent to a site that said my microsoft was compromised. I don't know if it's my computer or the website others get cripes errors someone don't get booted at all. Also sometimes firefox wants me to download something I never do believe it has something to do with java but my java updates itself.

Share this post


Link to post
Share on other sites

we'll work on all you have mentioned.

 

where you see it stop, you mark the log, then make another reply starting where it left off.

 

 

there are gremlins among us.

Edited by Juliet

Share this post


Link to post
Share on other sites

No idea why you can't post the rest of the logs.

Save the logs and when this happens reboot.

 

~~~

 

Let's try to continue.

 

Running from C:\Users\Kristina\Downloads

It's best we move Farbar's to desktop.

 

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT

Go to an open spot on your desktop, right click and select PASTE

You should now have Farbar Recovery Scan Tool on your desktop.

 

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Or use this method Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.

Type Notepad and and click the OK key.

 

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

15wKX7o.jpg

start

CreateRestorePoint:

CloseProcesses:

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kristina\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File]

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-09-18] (Catalina Marketing Corporation)

S3 clwvd; system32\DRIVERS\clwvd.sys [X]

2017-05-08 10:43 - 2017-04-20 09:17 - 0050720 _____ (HP Inc.) C:\Users\Kristina\AppData\Local\Temp\ACLMInstaller.exe

2017-05-30 17:07 - 2017-05-30 17:07 - 0739904 _____ (Oracle Corporation) C:\Users\Kristina\AppData\Local\Temp\jre-8u131-windows-au.exe

CustomCLSID: HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File

Task: {4B4D3367-34BE-469F-B8CD-5BF906E62E02} - System32\Tasks\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe

=> C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe

CMD: ipconfig /flushdns

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Edited by Juliet
typos

Share this post


Link to post
Share on other sites

OK

forum board messed me up to.

 

delete the version of AdwCleaner you have on your computer.

I want you to download an updated version.

 

h3qKPnn.pngMalwarebytes AdwCleaner

  • Please download Malwarebytes AdwCleaner and save the file to your Desktop
  • Right-click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click A49sxPr.pngScan.
  • Upon completion, click 6cyn5v5.pngLogfile. A log (AdwCleaner[s0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
  • Click MqHawIb.pngClean.
  • Follow the prompts and allow your computer to reboot.
  • After the reboot, a log (AdwCleaner[C0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File, folder and registry backups are made for items removed using this programme. Should a legitimate file, folder or registry item be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[s0].txt.

Share this post


Link to post
Share on other sites

Zemana AntiMalware Free

 

download it from here:

 

 

Double-click on the file named Zemana.AntiMalware.Portable to perform a system scan with Zemana AntiMalware Free.

 

 

You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click Yes to allow Zemana AntiMalware to run.

 

When Zemana AntiMalware starts, click on the Scan button to perform a system scan.

without changing any options, press Scan

 

 

When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the Next button.

 

Zemana AntiMalware will now start to remove all the malicious programs from your computer.

 

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

  • open Zemana AntiMalware again and locate the latest report
  • please paste the contents into your reply
  • When the process is complete, you can close Zemana AntiMalware

     

when you can, post these 3 logs when your finished.

Share this post


Link to post
Share on other sites
# AdwCleaner v6.047 - Logfile created 16/06/2017 at 16:21:36

# Updated on 19/05/2017 by Malwarebytes

# Database : 2017-06-16.2 [server]

# Operating System : Windows 7 Home Premium Service Pack 1 (X64)

# Username : Kristina - KRISTINA-HP

# Running from : C:\Users\Kristina\Desktop\AdwCleaner.exe

# Mode: Clean





***** [ Services ] *****




***** [ Folders ] *****




***** [ Files ] *****




***** [ DLL ] *****




***** [ WMI ] *****




***** [ Shortcuts ] *****




***** [ Scheduled Tasks ] *****




***** [ Registry ] *****




***** [ Web browsers ] *****


[-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: aol.com

[-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: ask.com



*************************


:: "Tracing" keys deleted

:: Winsock settings cleared


*************************


C:\AdwCleaner\AdwCleaner[C1].txt - [20770 Bytes] - [09/05/2016 01:19:58]

C:\AdwCleaner\AdwCleaner[C2].txt - [4150 Bytes] - [09/06/2017 11:45:54]

C:\AdwCleaner\AdwCleaner[C3].txt - [4439 Bytes] - [13/06/2017 01:03:08]

C:\AdwCleaner\AdwCleaner[C4].txt - [1224 Bytes] - [16/06/2017 16:21:36]

C:\AdwCleaner\AdwCleaner[R0].txt - [12767 Bytes] - [19/09/2014 05:14:40]

C:\AdwCleaner\AdwCleaner[R1].txt - [4934 Bytes] - [06/05/2016 01:39:36]

C:\AdwCleaner\AdwCleaner[s0].txt - [11424 Bytes] - [19/09/2014 05:17:54]

C:\AdwCleaner\AdwCleaner[s1].txt - [20848 Bytes] - [09/05/2016 01:17:17]

C:\AdwCleaner\AdwCleaner[s2].txt - [3882 Bytes] - [09/06/2017 11:41:35]

C:\AdwCleaner\AdwCleaner[s3].txt - [4347 Bytes] - [13/06/2017 01:01:41]

C:\AdwCleaner\AdwCleaner[s4].txt - [2218 Bytes] - [16/06/2017 15:49:23]


########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1811 Bytes] ##########

Share this post


Link to post
Share on other sites
Zemana AntiMalware 2.74.2.4 (Installed)


-------------------------------------------------------

Scan Result : Completed

Scan Date : 2017/6/16

Operating System : Windows 7 64-bit

Processor : 2X AMD Phenom II P650 Dual-Core Processor

BIOS Mode : Legacy

CUID : 12E6866742A6497A2FE847

Scan Type : System Scan

Duration : 32m 18s

Scanned Objects : 126755

Detected Objects : 9

Excluded Objects : 0

Read Level : SCSI

Auto Upload : Enabled

Detect All Extensions : Disabled

Scan Documents : Disabled

Domain Info : WORKGROUP,0,2


Detected Objects

-------------------------------------------------------


TLRemove

Status : Scanned

Object : %localappdata%\google\chrome\user data\default\extensions\hneieddeibpcngeljjkdpcajfcgelalk

MD5 : -

Publisher : -

Size : -

Version : -

Detection : PUA.ChromeExt!Gr

Cleaning Action : Repair

Related Objects :

Browser Extension - TLRemove


Trojan:Win32/Poweliks

Status : Scanned

Object : %systemroot%\system32\tasks\{413e9514-dd67-4d90-90ef-176243b59408}|c:\program files (x86)\internet explorer\iexplore.exe

MD5 : -

Publisher : -

Size : -

Version : -

Detection : Fileless Malware

Cleaning Action : Delete

Related Objects :

Scheduled Task - C:\Windows\System32\Tasks\{413E9514-DD67-4D90-90EF-176243B59408}


Trojan:Win32/Poweliks

Status : Scanned

Object : %systemroot%\system32\tasks\{760a731f-d146-483e-9066-46b1389c5ab0}|c:\program files (x86)\internet explorer\iexplore.exe

MD5 : -

Publisher : -

Size : -

Version : -

Detection : Fileless Malware

Cleaning Action : Delete

Related Objects :

Scheduled Task - C:\Windows\System32\Tasks\{760A731F-D146-483E-9066-46B1389C5AB0}


Trojan:Win32/Poweliks

Status : Scanned

Object : %systemroot%\system32\tasks\{933370c5-841d-4a70-a83d-495a880e9757}|c:\program files (x86)\internet explorer\iexplore.exe

MD5 : -

Publisher : -

Size : -

Version : -

Detection : Fileless Malware

Cleaning Action : Delete

Related Objects :

Scheduled Task - C:\Windows\System32\Tasks\{933370C5-841D-4A70-A83D-495A880E9757}


Trojan:Win32/Poweliks

Status : Scanned

Object : %systemroot%\system32\tasks\{a8bdae69-37e5-4188-82c1-ce5b154d86ee}|c:\program files (x86)\internet explorer\iexplore.exe

MD5 : -

Publisher : -

Size : -

Version : -

Detection : Fileless Malware

Cleaning Action : Delete

Related Objects :

Scheduled Task - C:\Windows\System32\Tasks\{A8BDAE69-37E5-4188-82C1-CE5B154D86EE}


Trojan:Win32/Poweliks

Status : Scanned

Object : %systemroot%\system32\tasks\{af6c0069-dc37-41cc-84ef-5c44bec96586}|c:\program files (x86)\internet explorer\iexplore.exe

MD5 : -

Publisher : -

Size : -

Version : -

Detection : Fileless Malware

Cleaning Action : Delete

Related Objects :

Scheduled Task - C:\Windows\System32\Tasks\{AF6C0069-DC37-41CC-84EF-5C44BEC96586}


Trojan:Win32/Poweliks

Status : Scanned

Object : %systemroot%\system32\tasks\{dbe7d854-96c9-4f7f-a9b4-21cd998c1c79}|c:\program files (x86)\internet explorer\iexplore.exe

MD5 : -

Publisher : -

Size : -

Version : -

Detection : Fileless Malware

Cleaning Action : Delete

Related Objects :

Scheduled Task - C:\Windows\System32\Tasks\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79}


Trojan:Win32/Poweliks

Status : Scanned

Object : %systemroot%\system32\tasks\{dc735d85-101c-4d11-9734-4ce9a7706063}|c:\program files (x86)\internet explorer\iexplore.exe

MD5 : -

Publisher : -

Size : -

Version : -

Detection : Fileless Malware

Cleaning Action : Delete

Related Objects :

Scheduled Task - C:\Windows\System32\Tasks\{DC735D85-101C-4D11-9734-4CE9A7706063}


Trojan:Win32/Poweliks

Status : Scanned

Object : %systemroot%\system32\tasks\{eb1e2209-03aa-4611-a735-2e5d7caa1e36}|c:\program files (x86)\internet explorer\iexplore.exe

MD5 : -

Publisher : -

Size : -

Version : -

Detection : Fileless Malware

Cleaning Action : Delete

Related Objects :

Scheduled Task - C:\Windows\System32\Tasks\{EB1E2209-03AA-4611-A735-2E5D7CAA1E36}



Cleaning Result

-------------------------------------------------------

Cleaned : 9

Reported as safe : 0

Failed : 0

Share this post


Link to post
Share on other sites

I need to see the log from post #10

 

Tell me how the computer is now.

Edited by Juliet

Share this post


Link to post
Share on other sites

No idea, when I try to post the results to post #10 it's not letting it through. I went to the site I play on last night and it lets me play for a few minutes then it changes my page to saying I have a virus I don't know how to post a picture to show you it. When I edit this post to try and add it on here it won't let it go through either. I tried chrome, firefox going to try IE now. IE won't let me post it either.

Edited by kristina

Share this post


Link to post
Share on other sites

Are you using a script blocker like NoScript?

 

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

~~~~~~~~~~~~~`

Run the below scan and see if you can post the log by sending me a Private Message, just an experiment to see if it will work.

 

a6csRll.pngMalwarebytes Anti-Rootkit Beta

  • Download Malwarebytes Anti-Rootkit Beta and extract it to your desktop (MBAR will be launched shortly after the extraction);

    HTCF1SV.png

  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;

    UJCQPAS.png

  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);

    v4lJKL5.png

  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Copy/paste the content of that log in your next reply;

Share this post


Link to post
Share on other sites
Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org


Database version:

main: v2017.06.18.01

rootkit: v2017.05.27.01


Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.18697

Kristina :: KRISTINA-HP [administrator]


6/18/2017 1:00:58 AM

mbar-log-2017-06-18 (01-00-58).txt


Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 482444

Time elapsed: 2 hour(s), 6 minute(s), 55 second(s)


Memory Processes Detected: 0

(No malicious items detected)


Memory Modules Detected: 0

(No malicious items detected)


Registry Keys Detected: 0

(No malicious items detected)


Registry Values Detected: 0

(No malicious items detected)


Registry Data Items Detected: 0

(No malicious items detected)


Folders Detected: 0

(No malicious items detected)


Files Detected: 0

(No malicious items detected)


Physical Sectors Detected: 0

(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

I reset all of them google doesn't seem to delete anything all my bookmarks are still there on firefox it deleted all my bookmarks I don't know what's up with chrome. It won't let me even send you the FRST log through PM. For some reason chrome, firefox and IE won't let me check with the link you gave me. Java won't even open for me in control panel going to restart and see if that makes it work.

Share this post


Link to post
Share on other sites

Don't worry about java at the moment. I can see the version you have and it appears to be the most current.

 

We were not deleting bookmarks we were saving them

 

The FRST fix log it wont let you post, if you ran it as instructed then it should had created a log on the Desktop (Fixlog.txt).

 

I want you to try and attach it to your next post.

 

Use the button to the right "More Reply Options"

 

Then to the left click on "Browse", this will open a window, make sure it says desktop

then locate Fixlog.txt, then click on attach.

 

~~~~~~~~~~~~~~~~

Since we saved bookmarks for Google Chrome, we're going to have to delete it, download a fresh version and install.

Try the standard uninstall/remove in the control panel.

Then, download from, https://www.google.com/chrome/index.html

Share this post


Link to post
Share on other sites

If Google Chrome will not uninstall

  • Please download and install Revo Uninstaller.
  • Double-click Revo Uninstaller to run the programme.
  • When prompted if you want to uninstall Google Chrome click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: If you are offered the choice to install additional software, ensure you decline.
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Upon completion, click Finish.
  • In your next reply, confirm you were successful in uninstalling all programmes listed above.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×