1) Done.
2)
https://www.virustotal.com/en/file/4d7a ... 435199108/https://www.virustotal.com/en/file/4d7a ... 435199108/3) ComboFix 15-06-18.01 - user 22/06/2015 16:33:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8135.5386 [GMT 8:00]
Running from: c:\users\user\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\11599354983174315465
c:\programdata\11599354983174315465\1547aa30421efb5bd7509dc7dcf7c56d.ini
c:\programdata\11599354983174315465\8eb0729fbf1cb052d7509dc7dcf7c56d.ini
c:\programdata\11599354983174315465\b1b04b8135a80c97d7509dc7dcf7c56d.ini
c:\programdata\11599354983174315465\cd5b15e575e1c3d0d7509dc7dcf7c56d.ini
c:\programdata\11599354983174315465\e1a11ca282117dcdd7509dc7dcf7c56d.ini
c:\users\user\AppData\Roaming\Local
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\af_ZA\af_ZA.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\af_ZA\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ar_EG\ar_EG.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ar_EG\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ar_SA\ar_SA.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ar_SA\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\az_AZ\az_AZ.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\az_AZ\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\be_BY\be_BY.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\be_BY\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\bg_BG\bg_BG.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\bg_BG\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\bn_BD\bn_BD.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\bn_BD\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\bs_BA\bs_BA.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\bs_BA\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ca_ES\ca_ES.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ca_ES\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\cs_CZ\cs_CZ.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\cs_CZ\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\da_DK\da_DK.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\da_DK\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\de_DE\de_DE.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\de_DE\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\de_DE\messages.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\de_DE\wxstd.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\el_GR\el_GR.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\el_GR\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\en_AU\en_AU.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\en_AU\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\en_GB\en_GB.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\en_GB\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\en_US\en_US.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\en_US\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\eo_US\eo_US.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\eo_US\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\es_ES\es_ES.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\es_ES\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\es_MX\es_MX.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\es_MX\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\et_EE\et_EE.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\et_EE\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fa_IR\fa_IR.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fa_IR\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fa_IR\messages.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fi_FI\fi_FI.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fi_FI\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fo_FO\fo_FO.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fo_FO\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fr_CA\fr_CA.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fr_CA\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fr_FR\fr_FR.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fr_FR\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\fr_FR\messages.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ga_IE\ga_IE.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ga_IE\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\gl_ES\gl_ES.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\gl_ES\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\gu_IN\gu_IN.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\gu_IN\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\he_IL\he_IL.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\he_IL\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\he_IL\messages.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\hi_IN\hi_IN.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\hi_IN\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\hr_HR\hr_HR.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\hr_HR\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\hu_HU\hu_HU.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\hu_HU\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\id_ID\id_ID.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\id_ID\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\is_IS\is_IS.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\is_IS\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\it_IT\it_IT.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\it_IT\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ja_JP\ja_JP.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ja_JP\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ka_GE\ka_GE.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ka_GE\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\kn_IN\kn_IN.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\kn_IN\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ko_KR\ko_KR.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ko_KR\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\lt_LT\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\lt_LT\lt_LT.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\lv_LV\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\lv_LV\lv_LV.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\mg_MG\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\mg_MG\mg_MG.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\mk_MK\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\mk_MK\mk_MK.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ml_IN\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ml_IN\ml_IN.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\mr_IN\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\mr_IN\mr_IN.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ms_MY\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ms_MY\ms_MY.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\nb_NO\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\nb_NO\nb_NO.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ne_NP\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ne_NP\ne_NP.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\nl_NL\junk.html
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\nl_NL\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\nl_NL\messages.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\nl_NL\nl_NL.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\nn_NO\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\nn_NO\nn_NO.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\pa_IN\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\pa_IN\pa_IN.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\pl_PL\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\pl_PL\pl_PL.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\pt_BR\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\pt_BR\pt_BR.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\pt_PT\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\pt_PT\pt_PT.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ro_RO\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ro_RO\ro_RO.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ru_RU\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ru_RU\ru_RU.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\si_LK\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\si_LK\si_LK.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\sk_SK\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\sk_SK\sk_SK.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\sl_SI\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\sl_SI\sl_SI.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\sq_AL\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\sq_AL\sq_AL.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\sr_RS\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\sr_RS\sr_RS.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\sv_SE\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\sv_SE\messages.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\sv_SE\sv_SE.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ta_IN\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ta_IN\ta_IN.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\th_TH\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\th_TH\th_TH.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\tl_PH\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\tl_PH\tl_PH.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\tr_TR\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\tr_TR\tr_TR.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\uk_UA\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\uk_UA\uk_UA.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ur_PK\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\ur_PK\ur_PK.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\vi_VN\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\vi_VN\vi_VN.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\zh_CN\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\zh_CN\zh_CN.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\zh_TW\lastpass.mo
c:\users\user\AppData\Roaming\Local\Temp\lptmp\languages\zh_TW\zh_TW.xpm
c:\users\user\AppData\Roaming\Local\Temp\lptmp\lp_languages.zip
c:\users\user\AppData\Roaming\Local\Temp\lptmp\nplastpass.dll
c:\users\user\AppData\Roaming\Local\Temp\lptmp\nplastpass64.dll
c:\windows\wininit.ini
D:\Autorun.inf
D:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-05-22 to 2015-06-22 )))))))))))))))))))))))))))))))
.
.
2015-06-22 08:36 . 2015-06-22 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-21 05:27 . 2015-06-21 05:27 -------- d-----w- c:\users\user\AppData\Local\Dropbox
2015-06-21 05:27 . 2015-06-21 05:27 -------- d-----w- c:\programdata\Dropbox
2015-06-21 04:59 . 2015-06-21 04:59 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-21 04:59 . 2015-06-21 05:01 -------- d-----w- c:\programdata\RogueKiller
2015-06-20 17:59 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83405BB7-2371-4551-811E-2A275DAC1C37}\mpengine.dll
2015-06-17 20:05 . 2015-06-17 20:05 -------- d-----w- C:\SUPERDelete
2015-06-17 20:05 . 2015-06-17 20:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-06-17 19:34 . 2015-06-17 19:34 -------- d-----w- c:\users\user\AppData\Roaming\Safer Networking
2015-06-17 19:33 . 2015-06-17 19:33 -------- d-----w- c:\program files (x86)\Safer Networking
2015-06-17 18:10 . 2015-06-17 18:10 -------- d-----w- c:\users\user\AppData\Roaming\LavasoftStatistics
2015-06-14 15:04 . 2013-09-20 02:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-06-14 15:04 . 2015-06-14 15:11 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-06-11 06:54 . 2015-06-20 13:17 -------- d-----w- c:\program files (x86)\Heroes of the Storm
2015-06-11 06:53 . 2015-06-11 06:53 -------- d-----w- c:\users\user\AppData\Local\Blizzard Entertainment
2015-06-11 06:53 . 2015-06-21 02:52 -------- d-----w- c:\users\user\AppData\Local\Battle.net
2015-06-11 06:53 . 2015-06-11 06:54 -------- d-----w- c:\users\user\AppData\Roaming\Battle.net
2015-06-11 06:53 . 2015-06-20 19:52 -------- d-----w- c:\program files (x86)\Battle.net
2015-06-11 06:53 . 2015-06-11 08:50 -------- d-----w- c:\programdata\Blizzard Entertainment
2015-06-11 06:52 . 2015-06-11 06:52 -------- d-----w- c:\programdata\Battle.net
2015-06-09 23:56 . 2015-05-22 18:18 700416 ----a-w- c:\windows\system32\generaltel.dll
2015-06-02 16:38 . 2015-06-02 16:38 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-02 10:28 . 2015-06-02 10:28 -------- d-----w- c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-06-01 17:09 . 2015-06-01 17:09 -------- d-----w- c:\users\user\AppData\Local\GWX
2015-05-25 17:07 . 2015-05-25 17:07 -------- d-----w- c:\windows\Migration
2015-05-25 17:02 . 2015-05-25 17:02 -------- d-----w- c:\users\user\AppData\Roaming\AVG
2015-05-25 17:00 . 2015-05-25 17:00 -------- d-----w- c:\users\user\AppData\Local\Avg
2015-05-25 16:59 . 2015-05-25 17:04 -------- d-----w- c:\programdata\AVG
2015-05-25 16:53 . 2015-05-25 16:53 -------- d-----w- c:\programdata\Avg_Update_0215pi
2015-05-25 16:49 . 2015-05-26 08:06 -------- d-----w- c:\program files (x86)\AVG
2015-05-23 11:08 . 2015-06-21 18:22 -------- d-----w- c:\programdata\PMS
2015-05-23 11:08 . 2015-05-23 11:08 -------- d-----w- c:\program files (x86)\PS3 Media Server
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-21 05:10 . 2015-04-09 16:14 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-21 04:51 . 2015-05-17 07:30 24 ----a-w- c:\users\user\AppData\Roaming\appdataFr25.bin
2015-06-10 19:01 . 2015-01-15 05:11 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-09 23:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-15 11:30 . 2015-04-24 13:56 20 ----a-w- c:\users\user\AppData\Roaming\appdataFr3.bin
2015-05-05 16:56 . 2015-05-05 16:56 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-05-05 16:56 . 2015-05-05 16:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-05-05 16:55 . 2015-05-05 16:55 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-05 16:55 . 2015-05-05 16:55 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-05 16:55 . 2015-05-05 16:55 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-05 16:55 . 2015-05-05 16:55 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-05-05 16:55 . 2015-05-05 16:55 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-05 16:55 . 2015-05-05 16:55 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-05-05 16:55 . 2015-05-05 16:55 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-05 16:55 . 2015-05-05 16:55 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-05-05 16:55 . 2015-05-05 16:55 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-05 16:55 . 2015-05-05 16:55 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-05-05 16:55 . 2015-05-05 16:55 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-05 16:55 . 2015-05-05 16:55 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-05-05 16:55 . 2015-05-05 16:55 82944 ----a-w- c:\windows\system32\dwmapi.dll
2015-05-05 16:55 . 2015-05-05 16:55 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2015-05-05 16:55 . 2015-05-05 16:55 1632768 ----a-w- c:\windows\system32\dwmcore.dll
2015-05-05 16:55 . 2015-05-05 16:55 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2015-05-05 16:55 . 2015-05-05 16:55 2543104 ----a-w- c:\windows\system32\wpdshext.dll
2015-05-05 16:55 . 2015-05-05 16:55 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll
2015-05-05 16:55 . 2015-05-05 16:55 1195008 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-05-01 13:17 . 2015-05-13 19:00 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 19:00 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 10:48 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 10:48 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 10:48 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 10:48 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 10:48 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 01:37 . 2015-04-09 16:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 01:37 . 2015-04-09 16:14 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 01:37 . 2015-04-09 16:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 10:48 328704 ----a-w- c:\windows\system32\services.exe
2015-04-08 09:57 . 2015-04-08 09:57 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-04-08 03:29 . 2015-05-13 10:48 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 10:48 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 10:48 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-03-25 03:24 . 2015-04-15 07:12 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 07:12 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 07:12 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 07:12 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 07:12 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 07:12 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 07:12 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 07:12 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 07:12 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 07:12 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 07:12 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 07:12 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 07:12 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 07:12 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 07:12 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 07:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-01-13 13:08 . 2015-01-13 13:08 14147584 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-02 28787840]
"Dropbox Update"="c:\users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-21 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-03-06 292848]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2015-02-28 366904]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43871584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GamingApp_Service;GamingApp_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-09 23:59 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-22 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-663176433-2195335035-61168121-1000Core.job
- c:\users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21 05:27]
.
2015-06-22 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-663176433-2195335035-61168121-1000UA.job
- c:\users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21 05:27]
.
2015-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29 14:48]
.
2015-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29 14:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-06-02 10:30 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-05-12 7575256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mDefault_Search_URL =
www.google.commDefault_Page_URL =
www.google.commStart Page =
www.google.commLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page =
www.google.comIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass -
file://c:\users\user\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms -
file://c:\users\user\AppData\LocalLow\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-06-22 16:41:05 - machine was rebooted
ComboFix-quarantined-files.txt 2015-06-22 08:41
.
Pre-Run: 801,629,310,976 bytes free
Post-Run: 801,266,937,856 bytes free
.
- - End Of File - - 6BE1363FB6505F29525A21601F4DAE32
A36C5E4F47E84449FF07ED3517B43A31
4) # AdwCleaner v4.207 - Logfile created 25/06/2015 at 10:22:02
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner_4.207.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Google Chrome v43.0.2357.130
*************************
AdwCleaner[R0].txt - [20428 bytes] - [21/05/2015 13:59:24]
AdwCleaner[R1].txt - [1459 bytes] - [21/06/2015 13:06:25]
AdwCleaner[R2].txt - [1518 bytes] - [21/06/2015 13:14:58]
AdwCleaner[R3].txt - [1045 bytes] - [25/06/2015 10:19:49]
AdwCleaner[R4].txt - [850 bytes] - [25/06/2015 10:22:02]
AdwCleaner[S0].txt - [6084 bytes] - [21/05/2015 14:01:06]
AdwCleaner[S1].txt - [1596 bytes] - [21/06/2015 13:24:54]
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1026 bytes] ##########
5) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by user (administrator) on USER-PC on 25-06-2015 10:29:30
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\user\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575256 2014-05-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-06] (Intel Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2015-02-28] (Power Software Ltd)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-663176433-2195335035-61168121-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-663176433-2195335035-61168121-1000\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-663176433-2195335035-61168121-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
www.google.comHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dl ... r=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dl ... ar=msnhomeHKU\S-1-5-21-663176433-2195335035-61168121-1000\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dl ... r=iesearchHKU\S-1-5-21-663176433-2195335035-61168121-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-01-13] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-01-13] (LastPass)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-01-13] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-01-13] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-663176433-2195335035-61168121-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-01-15] ()
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-05-21]
CHR Extension: (Auto HD For YouTube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-05-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-22]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-21]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-12-24] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-21] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-12-11] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [297984 2013-12-11] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-25 10:29 - 2015-06-25 10:29 - 02112512 _____ (Farbar) C:\Users\user\Downloads\FRST64 (1).exe
2015-06-25 10:17 - 2015-06-25 10:17 - 02244096 _____ C:\Users\user\Desktop\adwcleaner_4.207.exe
2015-06-25 10:09 - 2015-06-25 10:09 - 00000000 ____D C:\Users\user\AppData\Roaming\ProductData
2015-06-25 10:00 - 2015-06-25 10:00 - 00000000 ____D C:\ProgramData\ProductData
2015-06-24 15:07 - 2015-06-24 15:07 - 04720448 _____ C:\Users\user\Desktop\tweaking.com_registry_backup_setup.exe
2015-06-24 15:07 - 2015-06-24 15:07 - 00002231 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-06-24 15:06 - 2015-06-24 15:06 - 00002155 _____ C:\Users\user\Desktop\Tweaking.com - Windows Repair.lnk
2015-06-24 15:05 - 2015-06-24 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-24 15:05 - 2015-06-24 15:07 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-06-24 15:05 - 2015-06-24 15:05 - 00003650 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-06-24 15:04 - 2015-06-24 15:05 - 12907304 _____ C:\Users\user\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-06-23 02:31 - 2015-06-23 02:31 - 00019423 _____ C:\Users\user\Desktop\dds.txt
2015-06-23 02:31 - 2015-06-23 02:31 - 00013678 _____ C:\Users\user\Desktop\attach.txt
2015-06-23 02:30 - 2015-06-23 02:30 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds.scr
2015-06-22 16:47 - 2015-06-22 16:47 - 00002263 _____ C:\Users\user\Desktop\JRT.txt
2015-06-22 16:47 - 2015-06-22 16:47 - 00000024 _____ C:\Users\user\AppData\Roaming\appdataFr25.bin
2015-06-22 16:45 - 2015-06-22 16:45 - 02950454 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2015-06-22 16:45 - 2015-06-22 16:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-22 16:45 - 2015-06-22 16:45 - 00000000 ____D C:\RegBackup
2015-06-22 16:41 - 2015-06-22 16:41 - 00033300 _____ C:\ComboFix.txt
2015-06-22 16:37 - 2015-06-25 10:08 - 00002080 _____ C:\Windows\PFRO.log
2015-06-22 16:32 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-22 16:32 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-22 16:32 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-22 16:32 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-22 16:32 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-22 16:32 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-22 16:32 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-22 16:32 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-22 16:31 - 2015-06-22 16:41 - 00000000 ____D C:\Qoobox
2015-06-22 16:31 - 2015-06-22 16:40 - 00000000 ____D C:\Windows\erdnt
2015-06-22 16:31 - 2015-06-22 16:31 - 05628633 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2015-06-22 15:07 - 2015-06-22 15:07 - 00052966 _____ C:\Users\user\Desktop\FRST.txt
2015-06-22 15:05 - 2015-06-22 15:05 - 00000000 ____D C:\Users\user\Downloads\FRST-OlderVersion
2015-06-21 14:24 - 2015-06-25 10:08 - 00000224 _____ C:\Windows\setupact.log
2015-06-21 14:24 - 2015-06-21 14:24 - 00000000 _____ C:\Windows\setuperr.log
2015-06-21 13:29 - 2015-06-21 13:29 - 00002500 _____ C:\Users\user\Documents\cc_20150621_132911.reg
2015-06-21 13:28 - 2015-06-21 13:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-21 13:27 - 2015-06-25 09:32 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-663176433-2195335035-61168121-1000UA.job
2015-06-21 13:27 - 2015-06-24 13:37 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-663176433-2195335035-61168121-1000Core.job
2015-06-21 13:27 - 2015-06-21 13:27 - 00003882 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-663176433-2195335035-61168121-1000UA
2015-06-21 13:27 - 2015-06-21 13:27 - 00003486 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-663176433-2195335035-61168121-1000Core
2015-06-21 13:27 - 2015-06-21 13:27 - 00000000 ____D C:\Users\user\AppData\Local\Dropbox
2015-06-21 13:27 - 2015-06-21 13:27 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-21 12:59 - 2015-06-21 13:01 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-21 12:59 - 2015-06-21 12:59 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-21 12:58 - 2015-06-21 12:58 - 17659640 _____ C:\Users\user\Downloads\RogueKiller.exe
2015-06-18 04:05 - 2015-06-18 04:05 - 00000000 ____D C:\SUPERDelete
2015-06-18 04:05 - 2015-06-18 04:05 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-06-18 04:04 - 2015-06-18 04:05 - 22211080 _____ (SUPERAntiSpyware) C:\Users\user\Downloads\SUPERAntiSpyware.exe
2015-06-18 03:36 - 2015-06-18 03:36 - 00000000 ____H C:\asc_rdflag
2015-06-18 03:34 - 2015-06-18 03:34 - 00000000 ____D C:\Users\user\AppData\Roaming\Safer Networking
2015-06-18 03:33 - 2015-06-18 03:33 - 01752632 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\regalyz-1.6.2.16.exe
2015-06-18 02:10 - 2015-06-18 02:10 - 00000000 ____D C:\Users\user\AppData\Roaming\LavasoftStatistics
2015-06-18 02:04 - 2015-06-18 02:04 - 02057008 _____ C:\Users\user\Downloads\Adaware_Installer.exe
2015-06-18 01:57 - 2015-06-18 01:57 - 00008178 _____ C:\Users\user\Documents\cc_20150618_015721.reg
2015-06-14 23:04 - 2015-06-14 23:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-14 23:04 - 2015-06-14 23:04 - 00001387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-14 23:04 - 2015-06-14 23:04 - 00001375 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-06-14 23:04 - 2015-06-14 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-14 23:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-06-14 23:03 - 2015-06-14 23:04 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
2015-06-12 17:09 - 2015-06-13 14:47 - 00000000 ____D C:\Users\user\Desktop\Whatsapp
2015-06-11 16:50 - 2015-06-14 23:09 - 00000000 ____D C:\Users\user\Documents\Heroes of the Storm
2015-06-11 14:59 - 2015-06-11 14:59 - 00001185 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-06-11 14:59 - 2015-06-11 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-06-11 14:54 - 2015-06-25 04:02 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-06-11 14:53 - 2015-06-25 09:52 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2015-06-11 14:53 - 2015-06-21 03:52 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-11 14:53 - 2015-06-11 16:50 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-06-11 14:53 - 2015-06-11 14:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Battle.net
2015-06-11 14:53 - 2015-06-11 14:53 - 00001140 _____ C:\Users\Public\Desktop\Battle.net.lnk
2015-06-11 14:53 - 2015-06-11 14:53 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard Entertainment
2015-06-11 14:53 - 2015-06-11 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-06-11 14:52 - 2015-06-11 14:52 - 00000000 ____D C:\ProgramData\Battle.net
2015-06-11 14:51 - 2015-06-11 14:52 - 03080760 _____ (Blizzard Entertainment) C:\Users\user\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
2015-06-10 07:57 - 2015-04-30 02:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 07:57 - 2015-04-30 02:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 07:57 - 2015-04-30 02:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 07:57 - 2015-04-30 02:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 07:57 - 2015-04-30 02:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 07:57 - 2015-04-30 02:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 07:57 - 2015-04-30 02:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 07:57 - 2015-04-30 02:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 07:57 - 2015-04-30 02:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 07:57 - 2015-04-30 02:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 07:56 - 2015-06-02 03:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 07:56 - 2015-06-02 02:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 07:56 - 2015-05-27 22:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 07:56 - 2015-05-27 22:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 07:56 - 2015-05-26 02:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 07:56 - 2015-05-26 02:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 07:56 - 2015-05-26 02:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 07:56 - 2015-05-26 02:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 07:56 - 2015-05-26 02:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 07:56 - 2015-05-26 02:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 07:56 - 2015-05-26 02:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 07:56 - 2015-05-26 02:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 07:56 - 2015-05-26 02:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 07:56 - 2015-05-26 02:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 07:56 - 2015-05-26 02:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 07:56 - 2015-05-26 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 07:56 - 2015-05-26 02:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 07:56 - 2015-05-26 02:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 07:56 - 2015-05-26 02:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 07:56 - 2015-05-26 02:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 07:56 - 2015-05-26 02:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 07:56 - 2015-05-26 02:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 07:56 - 2015-05-26 02:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 07:56 - 2015-05-26 02:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 02:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 07:56 - 2015-05-26 02:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 07:56 - 2015-05-26 02:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 07:56 - 2015-05-26 02:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 07:56 - 2015-05-26 02:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 07:56 - 2015-05-26 02:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 07:56 - 2015-05-26 02:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 07:56 - 2015-05-26 02:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 07:56 - 2015-05-26 02:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 07:56 - 2015-05-26 02:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 07:56 - 2015-05-26 02:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 07:56 - 2015-05-26 01:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 07:56 - 2015-05-26 01:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 07:56 - 2015-05-26 01:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 07:56 - 2015-05-26 01:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 07:56 - 2015-05-26 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 07:56 - 2015-05-26 01:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 01:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 07:56 - 2015-05-26 01:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 07:56 - 2015-05-26 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 07:56 - 2015-05-26 00:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 07:56 - 2015-05-26 00:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 00:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 00:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 07:56 - 2015-05-26 00:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 07:56 - 2015-05-23 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 07:56 - 2015-05-23 11:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 07:56 - 2015-05-23 11:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 07:56 - 2015-05-23 11:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 07:56 - 2015-05-23 11:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 07:56 - 2015-05-23 11:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 07:56 - 2015-05-23 11:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 07:56 - 2015-05-23 11:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 07:56 - 2015-05-23 11:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 07:56 - 2015-05-23 11:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 07:56 - 2015-05-23 11:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 07:56 - 2015-05-23 11:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 07:56 - 2015-05-23 11:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 07:56 - 2015-05-23 10:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 07:56 - 2015-05-23 10:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 07:56 - 2015-05-23 10:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 07:56 - 2015-05-23 10:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 07:56 - 2015-05-23 10:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 07:56 - 2015-05-23 10:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 07:56 - 2015-05-23 10:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 07:56 - 2015-05-23 10:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 07:56 - 2015-05-23 10:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 07:56 - 2015-05-23 10:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 07:56 - 2015-05-23 10:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 07:56 - 2015-05-23 10:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 07:56 - 2015-05-23 10:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 07:56 - 2015-05-23 03:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 07:56 - 2015-05-23 03:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 07:56 - 2015-05-23 03:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 07:56 - 2015-05-23 03:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 07:56 - 2015-05-23 03:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 07:56 - 2015-05-23 03:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 07:56 - 2015-05-23 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 07:56 - 2015-05-23 02:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 07:56 - 2015-05-23 02:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 07:56 - 2015-05-23 02:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 07:56 - 2015-05-23 02:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 07:56 - 2015-05-23 02:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 07:56 - 2015-05-23 02:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 07:56 - 2015-05-23 02:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 07:56 - 2015-05-23 02:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 07:56 - 2015-05-23 02:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 07:56 - 2015-05-23 02:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 07:56 - 2015-05-23 02:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 07:56 - 2015-05-23 02:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 07:56 - 2015-05-23 02:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 07:56 - 2015-05-23 02:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 07:56 - 2015-05-23 02:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 07:56 - 2015-05-23 02:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 07:56 - 2015-05-23 02:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 07:56 - 2015-05-23 02:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 07:56 - 2015-05-23 02:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 07:56 - 2015-05-23 02:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 07:56 - 2015-05-23 02:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 07:56 - 2015-05-23 02:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 07:56 - 2015-05-23 02:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 07:56 - 2015-05-23 02:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 07:56 - 2015-05-23 02:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 07:56 - 2015-05-23 02:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 07:56 - 2015-05-23 01:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 07:56 - 2015-05-23 01:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 07:56 - 2015-05-23 01:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 07:56 - 2015-05-23 01:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 07:56 - 2015-05-21 21:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 07:56 - 2015-04-25 02:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 07:56 - 2015-04-25 01:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-03 00:38 - 2015-06-03 00:38 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-02 18:28 - 2015-06-02 18:28 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-06-02 01:09 - 2015-06-02 01:09 - 00000000 ____D C:\Users\user\AppData\Local\GWX
2015-05-26 01:10 - 2015-05-26 01:10 - 00003694 _____ C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2015-05-26 01:03 - 2015-06-25 10:07 - 01238971 _____ C:\Windows\WindowsUpdate.log
2015-05-26 01:02 - 2015-05-26 01:02 - 00000000 ____D C:\Users\user\AppData\Roaming\AVG
2015-05-26 01:00 - 2015-05-26 01:00 - 00000000 ____D C:\Users\user\AppData\Local\Avg
2015-05-26 00:59 - 2015-05-26 01:04 - 00000000 ____D C:\ProgramData\AVG
2015-05-26 00:53 - 2015-05-26 00:53 - 00000000 ____D C:\ProgramData\Avg_Update_0215pi
2015-05-26 00:49 - 2015-05-26 16:06 - 00000000 ____D C:\Program Files (x86)\AVG
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-25 10:29 - 2015-05-17 16:21 - 00012720 _____ C:\Users\user\Downloads\FRST.txt
2015-06-25 10:29 - 2015-05-17 16:21 - 00000000 ____D C:\FRST
2015-06-25 10:23 - 2009-07-14 12:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-25 10:23 - 2009-07-14 12:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-25 10:22 - 2015-05-21 13:59 - 00000000 ____D C:\AdwCleaner
2015-06-25 10:21 - 2015-01-22 15:34 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-25 10:19 - 2015-01-13 21:11 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2015-06-25 10:19 - 2015-01-13 21:05 - 00000000 ___RD C:\Users\user\Dropbox
2015-06-25 10:11 - 2015-01-13 17:08 - 00006394 _____ C:\Windows\SysWOW64\Gms.log
2015-06-25 10:09 - 2015-01-13 21:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2015-06-25 10:08 - 2015-04-29 22:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-25 10:08 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-25 10:08 - 2009-07-14 12:45 - 00409216 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-25 10:07 - 2015-01-15 12:53 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-25 10:06 - 2015-01-13 22:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-25 10:05 - 2009-07-14 15:45 - 00000000 ____D C:\Windows\ShellNew
2015-06-25 10:05 - 2009-07-14 13:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-25 10:05 - 2009-07-14 10:34 - 00000387 _____ C:\Windows\win.ini
2015-06-25 10:04 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-25 10:00 - 2015-01-15 05:04 - 00000000 ____D C:\Program Files (x86)\IObit
2015-06-25 09:59 - 2015-04-29 22:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-25 01:31 - 2015-01-13 18:22 - 00109688 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-23 15:10 - 2015-01-30 02:50 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-06-23 03:01 - 2015-04-29 22:48 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 16:41 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Default
2015-06-22 16:38 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
2015-06-22 15:05 - 2015-05-17 16:21 - 02109952 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-06-22 02:22 - 2015-05-23 19:08 - 00000000 ____D C:\ProgramData\PMS
2015-06-21 14:20 - 2015-01-13 23:30 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2015-06-21 13:10 - 2015-04-10 00:14 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 04:29 - 2015-04-29 22:47 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList
2015-06-18 04:29 - 2015-04-29 22:47 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList
2015-06-18 04:29 - 2015-04-29 22:47 - 00000000 __SHD C:\Users\user\AppData\Local\EmieBrowserModeList
2015-06-18 03:36 - 2015-02-18 15:39 - 51376128 _____ C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2015-06-18 03:36 - 2015-01-27 07:16 - 78327808 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-06-18 03:36 - 2015-01-27 07:16 - 00241664 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-06-18 03:36 - 2015-01-27 07:16 - 00024576 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-06-18 03:36 - 2015-01-27 07:16 - 00020480 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2015-06-18 01:56 - 2015-02-05 05:04 - 00000000 ____D C:\Windows\Minidump
2015-06-16 00:17 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-15 00:54 - 2015-01-15 04:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-11 04:40 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 03:23 - 2009-07-14 13:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 03:20 - 2015-01-13 21:10 - 00000000 ____D C:\ProgramData\Skype
2015-06-11 03:17 - 2015-04-08 18:05 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 03:17 - 2015-04-08 18:05 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 03:17 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 03:04 - 2015-01-15 13:11 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 03:01 - 2015-01-15 13:11 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-04 03:43 - 2015-01-13 21:12 - 00000000 ____D C:\ProgramData\Origin
2015-06-02 18:15 - 2015-01-13 21:13 - 00000000 ____D C:\Users\user\Desktop\My pictures from phone
2015-06-02 17:49 - 2015-01-13 21:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Origin
2015-06-02 17:48 - 2015-01-13 21:12 - 00000000 ____D C:\Program Files (x86)\Origin
2015-05-26 16:06 - 2015-01-15 05:07 - 00000000 ____D C:\ProgramData\MFAData
2015-05-26 01:10 - 2015-01-13 22:36 - 00000000 ____D C:\Users\user\AppData\Local\Microsoft Help
2015-05-26 01:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-05-26 01:07 - 2015-03-31 19:13 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-26 01:07 - 2015-03-31 19:13 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-26 00:42 - 2015-01-13 21:05 - 00000000 ____D C:\Users\user\Desktop\Alden-Tan.com
==================== Files in the root of some directories =======
2015-01-13 21:08 - 2015-01-13 21:08 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-06-22 16:47 - 2015-06-22 16:47 - 0000024 _____ () C:\Users\user\AppData\Roaming\appdataFr25.bin
2015-04-08 17:52 - 2015-04-08 17:52 - 0011696 _____ () C:\Users\user\AppData\Local\Temp-log.txt
2015-04-08 17:52 - 2015-04-08 17:52 - 0000000 _____ () C:\Users\user\AppData\Local\Temp.dat
2015-01-13 16:52 - 2015-01-13 16:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpujh_xe.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-23 04:49
==================== End of log ============================
5. This wasn't the first time I ran FRST Scan, so Addition.txt log wasn't produced this time. I think there's an older version of it, do you want it?
Yes, I uninstalled AVG long ago. It should be leftover folders.
Ok. Just used IE and nope, no popups.