Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/trojan/malware - http://hi.ru/?44


  • This topic is locked This topic is locked
35 replies to this topic

#1 shaanou

shaanou

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 18 August 2015 - 11:25 PM

Hello everyone, I managed to get the above on Sunday the 16th of August Hereunder, you will find the first log file of DDS which I ran. Could you please help in letting me know of what ought to be deleted (and how it should be)? The .txt file is the second log file of DDS results. I look forward to your help as I am stuck for the time being. With all my thanks Shaanou ....................... DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.17457 BrowserJavaVersion: 10.67.2 Run by User at 21:48:39 on 2015-08-18 . ============== Running Processes ================ . C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\Glary Utilities 5\Integrator.exe C:\Windows\vVX1000.exe C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\TechSmith\SnagIt 9\TSCHelp.exe C:\Program Files (x86)\TechSmith\SnagIt 9\SnagPriv.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\TechSmith\SnagIt 9\snagiteditor.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ilm.ee/tallinn uSearch Bar = Preserve dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - mWinlogon: Userinit = userinit.exe, BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: RefresherBand Class: {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files (x86)\YRefresher\YRefresher.dll TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll uRun: [OV2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" uRun: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_S6083.tmp" /EF "HKCU" uRun: [EPSON Stylus DX4400 Series (Copy 1)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_S2BE0.tmp" /EF "HKCU" uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun uRun: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window uRun: [OneDrive] "C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001065-0002-0065-ABCDEFFEDCBC} - IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{9700D2D2-4B1E-4498-8697-274193B40778} : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll SSODL: WebCheck - mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll x64-BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [VX1000] C:\Windows\vVX1000.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-SSODL: WebCheck - x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.6\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\ FF - prefs.js: browser.startup.homepage - about:home FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npoctoshape.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll . ============= SERVICES / DRIVERS =============== . R? andnetadb;ADB Interface DriverNet R? AndNetDiag;LGE AndroidNet USB Serial Port R? AndNetDiag2;LGE AndroidNet For Diagnostics Port R? ANDNetModem;LGE AndroidNet USB Modem R? atrfiltr;atrfiltr R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? cxbu0x64;OMNIKEY 1021 R? IAStorDataMgrSvc;Intel® Rapid Storage Technology R? LiveUpdateSvc;LiveUpdate R? RdpVideoMiniport;Remote Desktop Video Miniport Driver R? SkypeUpdate;Skype Updater R? SmartCardRemoval;Smart Card Removal R? TsUsbFlt;TsUsbFlt R? TsUsbGD;Remote Desktop Generic USB Device R? WatAdminSvc;Windows Activation Technologies Service S? AMD External Events Utility;AMD External Events Utility S? AsrAppCharger;AsrAppCharger S? AtiHDAudioService;ATI Function Driver for HD Audio Service S? Avgdiska;AVG Disk Driver S? AVGIDSAgent;AVGIDSAgent S? AVGIDSDriver;AVGIDSDriver S? AVGIDSHA;AVGIDSHA S? Avgldx64;AVG AVI Loader Driver S? Avgloga;AVG Logging Driver S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx64;AVG Anti-Rootkit Driver S? Avgtdia;AVG TDI Driver S? avgtp;avgtp S? avgwd;AVG WatchDog S? BootDefragDriver;BootDefragDriver S? c2cautoupdatesvc;Skype Click to Call Updater S? c2cpnrsvc;Skype Click to Call PNR Service S? DiagTrack;Diagnostics Tracking Service S? GUBootStartup;GUBootStartup S? ikbevent;Intel Upper keyboard Class Filter Driver S? imsevent;Intel Upper Mouse Class Filter Driver S? Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface S? Intel® ME Service;Intel® ME Service S? ISCT;Intel® Smart Connect Technology Device Driver S? ISCTAgent;ISCT Always Updated Agent S? iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver S? iusb3hub;Intel® USB 3.0 Hub Driver S? iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver S? jhi_service;Intel® Dynamic Application Loader Host Interface Service S? MBAMProtector;MBAMProtector S? MBAMScheduler;MBAMScheduler S? MBAMService;MBAMService S? MBAMSwissArmy;MBAMSwissArmy S? MBAMWebAccessControl;MBAMWebAccessControl S? MBfilt;MBfilt S? RTL8167;Realtek 8167 NT Driver S? UNS;Intel® Management and Security Application User Notification Service S? WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001) . =============== Created Last 30 ================ . 2015-08-18 16:39:54 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp 2015-08-16 15:36:18 -------- d-----w- C:\Users\User\AppData\Local\gtk-2.0 2015-08-16 15:36:00 -------- d-----w- C:\Users\User\.thumbnails 2015-08-16 15:29:39 -------- d-----w- C:\ProgramData\Package Cache 2015-08-15 03:46:26 12222168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{870EE1DE-B9BF-4477-803B-462C829A89B2}\mpengine.dll 2015-08-13 03:53:10 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2015-08-13 03:53:10 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-08-09 05:39:12 -------- d-----w- C:\Program Files (x86)\TumblRipper 2015-08-09 05:14:57 -------- d-----w- C:\Program Files (x86)\DownloadAir 2015-08-09 05:01:19 -------- d-----w- C:\ProgramData\Freelang 2015-08-02 14:52:25 -------- d-----w- C:\Program Files (x86)\CuaTThieePrIce 2015-08-02 14:51:46 -------- d-----w- C:\ProgramData\iofhifnmmpebckclbhdlgchkpecllglc 2015-08-02 14:50:17 -------- d-----w- C:\ProgramData\{6ee8e39b-3277-c4d5-6ee8-8e39b3278e6c} 2015-08-02 14:18:33 544768 ----a-w- C:\Windows\SysWow64\msvcr71d.dll 2015-08-02 14:15:55 -------- d-----w- C:\ProgramData\Logs 2015-07-30 14:54:05 -------- d-----w- C:\Users\User\AppData\Roaming\ProductData 2015-07-22 10:04:34 17318592 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL 2015-07-21 17:57:48 1375896 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll 2015-07-20 18:46:46 -------- d-----w- C:\Program Files\Microsoft Games . ==================== Find3M ==================== . 2015-08-18 16:55:27 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-08-18 16:39:54 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys 2015-08-12 07:36:08 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2015-08-12 07:36:08 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll 2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll 2015-07-30 18:06:42 41984 ----a-w- C:\Windows\System32\lpk.dll 2015-07-30 18:06:39 100864 ----a-w- C:\Windows\System32\fontsub.dll 2015-07-30 18:06:35 14336 ----a-w- C:\Windows\System32\dciman32.dll 2015-07-30 18:06:34 46080 ----a-w- C:\Windows\System32\atmlib.dll 2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll 2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll 2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll 2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys 2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll 2015-07-30 16:49:55 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll 2015-07-25 23:18:43 2239488 ----a-w- C:\Windows\System32\wininet.dll 2015-07-25 23:18:38 601600 ----a-w- C:\Windows\System32\vbscript.dll 2015-07-25 23:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll 2015-07-25 23:17:54 67072 ----a-w- C:\Windows\System32\iesetup.dll 2015-07-25 23:17:54 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2015-07-25 23:17:26 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl 2015-07-25 20:24:59 1763328 ----a-w- C:\Windows\SysWow64\wininet.dll 2015-07-25 20:24:51 524288 ----a-w- C:\Windows\SysWow64\vbscript.dll 2015-07-25 20:23:46 2865664 ----a-w- C:\Windows\SysWow64\jscript9.dll 2015-07-25 20:23:42 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2015-07-25 20:23:42 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2015-07-25 20:23:11 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2015-07-25 18:49:02 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2015-07-25 18:35:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2015-07-25 18:17:57 361984 ----a-w- C:\Windows\SysWow64\html.iec 2015-07-25 18:09:39 441856 ----a-w- C:\Windows\System32\html.iec 2015-07-25 17:52:59 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2015-07-25 17:44:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2015-07-16 19:12:22 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll 2015-07-16 19:12:21 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll 2015-07-16 19:12:17 269824 ----a-w- C:\Windows\SysWow64\aaclient.dll 2015-07-16 19:11:18 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2015-07-16 19:11:17 5779456 ----a-w- C:\Windows\System32\mstscax.dll 2015-07-16 19:11:09 322560 ----a-w- C:\Windows\System32\aaclient.dll 2015-07-15 18:15:12 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys 2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll 2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll 2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll 2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll 2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll 2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe 2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe 2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll 2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll 2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll 2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll 2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll 2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll 2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll 2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll 2015-07-15 17:54:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll 2015-07-15 17:54:40 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2015-07-15 17:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2015-07-15 17:53:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe 2015-07-15 17:53:37 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2015-07-15 17:53:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2015-07-15 17:53:36 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2015-07-15 17:53:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2015-07-15 17:49:10 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll 2015-07-15 17:48:14 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll 2015-07-15 16:46:59 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2015-07-15 16:46:17 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2015-07-15 16:46:13 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2015-07-15 16:37:02 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2015-07-15 16:37:00 2048 ----a-w- C:\Windows\SysWow64\user.exe 2015-07-15 16:34:10 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2015-07-15 16:34:10 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2015-07-15 16:34:10 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2015-07-15 16:34:10 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2015-07-15 03:19:57 2004992 ----a-w- C:\Windows\System32\msxml6.dll 2015-07-15 03:19:57 1887232 ----a-w- C:\Windows\System32\msxml3.dll 2015-07-15 03:19:45 52736 ----a-w- C:\Windows\System32\basesrv.dll 2015-07-15 03:14:09 2048 ----a-w- C:\Windows\System32\msxml6r.dll 2015-07-15 03:13:59 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2015-07-15 02:55:45 1390592 ----a-w- C:\Windows\SysWow64\msxml6.dll 2015-07-15 02:55:45 1241088 ----a-w- C:\Windows\SysWow64\msxml3.dll 2015-07-15 02:51:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll 2015-07-15 02:51:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll 2009-12-06 09:18:14 26624 --sh--w- C:\Windows\bfcs2.dll . ============= FINISH: 21:50:07,50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 21 August 2015 - 10:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

p.s.
Please save the logs with NotePad and make sure the WordWrap is on.
You DDS log submitted is not readable. Each line must end with a Carriage Return and Line Fee.

#3 shaanou

shaanou
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 21 August 2015 - 11:58 AM

Thanks Nasdaq

Wonderful

 

Nothing happened with HijackThis or DDs, but Adwclean did the trick ... I managed to get rid of everything along with some remains of old malware ...

I shall certainly use that Adwclean again..

which I don't yet know

And maybe too Farbar Recovery Scan Tool (64 bit) which I don't yet know

 

Thanks so much again

 

Shaanou



#4 shaanou

shaanou
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 21 August 2015 - 01:00 PM

Attached File  FRST.txt   69.23KB   0 downloads

Attached File  Addition.txt   48.19KB   2 downloads

 

Hello Nasdaq,

 

By the way, I used  Farbar Recovery Scan Tool (64 bit) too and herewith are the reports which do not seem this good .... Can you tell me what to do to correct it all?

Hope that you will get readable files this time.

 

I have a 64 bits operating system on Windows 7 home premium Service pack 1. But it seems to me that 1/2 my system has been transformed in 32 bits!!

 

Thanking you in advance again

 

Shaanou

 


#5 shaanou

shaanou
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 21 August 2015 - 01:03 PM

Hereunder the FRST copied just in case:

 

.............................

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-08-2015
Ran by User (administrator) on TALLINN-PC (21-08-2015 20:27:34)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser path: "C:\Program Files (x86)\SlimBrowser\sbframe.exe" -nosp -ni)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Orbitdownloader.com) C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 9\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 9\SnagPriv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItEditor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(FlashPeak Inc.) C:\Program Files (x86)\SlimBrowser\sbframe.exe
(FlashPeak Inc.) C:\Program Files (x86)\SlimBrowser\SBRender.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dllATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-668110010-1646736774-1458346147-1000\...\Run: [OV2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe [231784 2013-01-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-668110010-1646736774-1458346147-1000\...\Run: [EPSON Stylus DX4400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE [211456 2007-03-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-668110010-1646736774-1458346147-1000\...\Run: [EPSON Stylus DX4400 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE [211456 2007-03-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-668110010-1646736774-1458346147-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-08-03] (Glarysoft Ltd)
HKU\S-1-5-21-668110010-1646736774-1458346147-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)
HKU\S-1-5-21-668110010-1646736774-1458346147-1000\...\Run: [OneDrive] => C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe [402632 2015-07-24] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2015-08-20]
ShortcutTarget: Orbit.lnk -> C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 9.lnk [2012-12-19]
ShortcutTarget: SnagIt 9.lnk -> C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe (TechSmith Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShellExt1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\PROGRA~2\4Sync\ShellExt.dll No File
ShellIconOverlayIdentifiers: [ShellExt2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\PROGRA~2\4Sync\ShellExt.dll No File
ShellIconOverlayIdentifiers: [ShellExt3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\PROGRA~2\4Sync\ShellExt.dll No File
ShellIconOverlayIdentifiers: [ShellExt4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => C:\PROGRA~2\4Sync\ShellExt.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk *  BootDefrag.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-668110010-1646736774-1458346147-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ilm.ee/tallinn
HKU\S-1-5-21-668110010-1646736774-1458346147-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {EE95430D-5149-4D38-BDC1-F1348F895972} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKU\S-1-5-21-668110010-1646736774-1458346147-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-668110010-1646736774-1458346147-1000 -> {0D8E0D58-2862-4923-A97A-2DD1379BEEFD} URL = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=86779ab2000000000000bc5ff45776af&q={searchTerms}&r=909
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll [2008-09-16] (TechSmith Corporation)
BHO: EstEIDIEPluginBHO Class -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll [2013-04-15] (RIA)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2012-09-14] (Orbitdownloader.com)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll [2008-09-16] (TechSmith Corporation)
BHO-x32: EstEIDIEPluginBHO Class -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll [2013-04-15] (RIA)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-19] (Oracle Corporation)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-09-16] (TechSmith Corporation)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll [2012-09-14] ()
Toolbar: HKU\S-1-5-21-668110010-1646736774-1458346147-1000 -> No Name - {B24BA06E-FB7B-4757-95C2-DC01125F750E} -  No File
Toolbar: HKU\S-1-5-21-668110010-1646736774-1458346147-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9700D2D2-4B1E-4498-8697-274193B40778}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405
FF Homepage: hxxp://ilm.ee/tallinn/?linn=tallinn
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @RIA/esteid-firefox-plugin -> C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll [2013-04-15] (RIA)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-668110010-1646736774-1458346147-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1401100-0-npoctoshape.dll [2014-01-10] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-05-24] (Octoshape ApS)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\searchplugins\netiee-search.xml [2015-08-19]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\Extensions\artur.dubovoy@gmail.com [2015-08-17]
FF Extension: Youtube Downloader - 4K Download - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\Extensions\paulsaintuzb@gmail.com [2015-08-17]
FF Extension: BlackFox V2 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\Extensions\zigboom@hotmail.com [2015-08-19]
FF Extension: All Downloader Professional - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\Extensions\alldownloader@link64.xpi [2015-08-17]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2015-08-17]
FF Extension: Who stole my pictures? - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\Extensions\images@wink.su.xpi [2015-08-17]
FF Extension: Tumblr Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\Extensions\tumblrS@link64.xpi [2015-08-17]
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-08-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-20]
FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a66}] - C:\Program Files (x86)\Estonian ID Card\Firefox PKCS11 Loader
FF Extension: Estonian ID Card PKCS11 module loader - C:\Program Files (x86)\Estonian ID Card\Firefox PKCS11 Loader [2013-05-29]
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TV) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph [2015-06-09]
CHR Extension: (Twitter for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdoinklelehcpndgmcddkkdhibpoglnk [2014-06-20]
CHR Extension: (tumblr Downloader Professional) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cengbbaiachjhffjjinmkdlfcegpjaii [2014-06-20]
CHR Extension: (Pin It Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-09-19]
CHR Extension: (everygain Translator) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhijkfigabfjoaejaejbpmcncfbaomap [2015-05-24]
CHR Extension: (Translate Language) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoffajhlcondkegakhecieebichfkbff [2015-05-24]
CHR Extension: (DownFlickr - Flickr Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idiemcijhbenngdhkdiipmpkafnkbkeg [2014-08-11]
CHR Extension: (Auto Refresh) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2014-06-20]
CHR Extension: (Night Time In New York City) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2015-08-19]
CHR Extension: (Speedtest.net) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabkiphacephdnjaeciclbmkkmacoebe [2014-10-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Ghostery) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-03]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2015-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-11]
CHR Extension: (Instagram for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-06-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
S3 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-04-14] (The OpenVPN Project)
S3 SmartCardRemoval; C:\Program Files\Estonian ID Card\SmartCardRemoval.exe [322832 2013-04-15] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S2 Winmgmt; C:\Users\User\AppData\Local\Temp\rj8zodjhx.zvv [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-21] (Microsoft Corporation)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-11] (Advanced Micro Devices)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [39424 2015-06-19] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag264.sys [38912 2015-06-19] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [46080 2015-06-19] (LG Electronics Inc.)
R5 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] (Microsoft Corporation)
S3 atrfiltr; C:\Windows\System32\drivers\atrfiltr.sys [16184 2012-04-03] (Windows ® Win 7 DDK provider)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R5 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R5 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R5 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R5 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-03] (AVG Technologies)
R5 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-03] (Glarysoft Ltd)
R5 CLFS; C:\Windows\System32\CLFS.sys [367552 2015-03-04] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [459336 2015-01-31] (Microsoft Corporation)
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
R5 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-04-29] (Glarysoft Ltd)
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] (Microsoft Corporation)
R5 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [568600 2012-02-01] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R5 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16152 2012-02-26] (Intel Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2015-07-23] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155584 2015-07-23] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-07-15] (Microsoft Corporation)
R5 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Corporation)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] (Microsoft Corporation)
R5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] (Microsoft Corporation)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] (Microsoft Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-08-18] ()
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-21 20:27 - 2015-08-21 20:27 - 00030710 _____ C:\Users\User\Downloads\FRST.txt
2015-08-21 20:27 - 2015-08-21 20:27 - 00000000 ____D C:\FRST
2015-08-21 20:26 - 2015-08-21 20:26 - 02173952 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-08-21 17:53 - 2015-08-21 17:53 - 00000056 _____ C:\Windows\setupact.log
2015-08-21 17:53 - 2015-08-21 17:53 - 00000000 _____ C:\Windows\setuperr.log
2015-08-20 08:37 - 2015-08-20 14:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-20 08:14 - 2015-08-20 08:14 - 00000000 ____D C:\Users\User\AppData\Roaming\ProgSense
2015-08-20 08:14 - 2015-08-20 08:14 - 00000000 ____D C:\Users\User\AppData\Roaming\GrabPro
2015-08-20 08:14 - 2015-08-20 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
2015-08-20 08:14 - 2015-08-20 08:14 - 00000000 ____D C:\Program Files (x86)\Orbitdownloader
2015-08-20 08:12 - 2015-08-20 08:12 - 04539792 _____ (www.orbitdownloader.com ) C:\Users\User\Downloads\OrbitDownloaderSetup.exe
2015-08-20 08:09 - 2015-07-23 03:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-20 08:09 - 2015-07-23 03:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-20 08:09 - 2015-07-23 03:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-20 08:09 - 2015-07-23 03:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-20 08:09 - 2015-07-23 03:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-20 08:09 - 2015-07-23 03:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-20 08:09 - 2015-07-23 03:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-20 08:09 - 2015-07-23 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-20 08:09 - 2015-07-23 03:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-20 08:09 - 2015-07-23 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-20 08:09 - 2015-07-23 03:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-20 08:09 - 2015-07-23 03:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-20 08:09 - 2015-07-23 03:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-20 08:09 - 2015-07-23 03:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-20 08:09 - 2015-07-23 02:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-20 08:09 - 2015-07-23 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-20 08:09 - 2015-07-23 02:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-20 08:09 - 2015-07-22 20:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-20 08:09 - 2015-07-22 20:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-20 08:09 - 2015-07-22 20:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-20 08:09 - 2015-07-22 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-20 08:09 - 2015-07-22 20:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-20 08:09 - 2015-07-22 20:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-20 08:09 - 2015-07-22 20:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-20 08:09 - 2015-07-22 20:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-20 08:09 - 2015-07-22 20:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-20 08:09 - 2015-07-22 20:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-20 08:09 - 2015-07-22 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-20 08:09 - 2015-07-22 20:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-20 08:09 - 2015-07-22 20:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 19:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-08-20 08:09 - 2015-07-22 19:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-20 08:09 - 2015-07-22 19:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-20 08:09 - 2015-07-22 19:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-20 08:09 - 2015-07-22 19:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-20 08:09 - 2015-07-22 19:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-20 08:09 - 2015-07-22 19:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 19:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-20 08:09 - 2015-07-22 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-20 08:08 - 2015-07-15 06:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-08-20 08:08 - 2015-07-15 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-08-20 08:08 - 2015-07-09 20:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-20 08:08 - 2015-07-09 20:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-20 08:08 - 2015-07-09 20:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-20 08:08 - 2015-07-09 20:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-08-20 08:08 - 2015-06-25 13:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-20 08:08 - 2015-06-25 13:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-20 08:08 - 2015-06-25 13:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-20 08:08 - 2015-06-25 12:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-19 21:33 - 2015-08-13 15:34 - 19292160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 21:33 - 2015-08-13 14:02 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 21:33 - 2015-08-13 13:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 21:33 - 2015-08-13 13:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 20:33 - 2015-08-19 20:33 - 01585664 _____ C:\Users\User\Downloads\adwcleaner_5.002.exe
2015-08-19 20:29 - 2015-08-19 20:29 - 00000317 _____ C:\AdwCleaner[S5].txt
2015-08-19 20:24 - 2015-08-19 20:24 - 00000317 _____ C:\AdwCleaner[S4].txt
2015-08-19 20:23 - 2015-08-19 20:23 - 00000323 _____ C:\AdwCleaner[S3].txt
2015-08-19 20:22 - 2015-08-19 20:22 - 00000311 _____ C:\AdwCleaner[S2].txt
2015-08-18 05:12 - 2015-08-21 20:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 05:12 - 2015-08-21 17:53 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-18 05:12 - 2015-08-18 05:12 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-18 05:12 - 2015-08-18 05:12 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-17 20:47 - 2015-08-17 20:49 - 199573152 _____ (Microsoft Corporation) C:\Users\User\Downloads\msert.exe
2015-08-17 07:31 - 2015-08-17 07:31 - 00000000 _____ C:\autoexec.bat
2015-08-16 18:36 - 2015-08-16 18:36 - 00001842 _____ C:\Users\User\AppData\Local\recently-used.xbel
2015-08-16 18:36 - 2015-08-16 18:36 - 00000000 ____D C:\Users\User\AppData\Local\gtk-2.0
2015-08-16 18:36 - 2015-08-16 18:36 - 00000000 ____D C:\Users\User\.thumbnails
2015-08-16 18:29 - 2015-08-16 18:31 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-13 06:53 - 2015-07-30 16:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 06:53 - 2015-07-30 16:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 05:12 - 2015-07-30 21:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 05:12 - 2015-07-30 21:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 05:12 - 2015-07-30 21:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 05:12 - 2015-07-30 21:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 05:12 - 2015-07-30 21:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 05:12 - 2015-07-30 21:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 05:12 - 2015-07-30 21:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 05:12 - 2015-07-30 20:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-13 05:12 - 2015-07-30 20:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-13 05:12 - 2015-07-30 20:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-13 05:12 - 2015-07-30 20:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-13 05:12 - 2015-07-30 20:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-13 05:12 - 2015-07-30 20:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-13 05:12 - 2015-07-30 19:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 05:12 - 2015-07-30 19:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 05:12 - 2015-07-30 19:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-13 05:12 - 2015-07-26 02:18 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 05:12 - 2015-07-26 02:18 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 05:12 - 2015-07-26 02:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 05:12 - 2015-07-26 02:18 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 05:12 - 2015-07-26 02:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 05:12 - 2015-07-26 02:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 05:12 - 2015-07-26 02:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 05:12 - 2015-07-26 02:17 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 05:12 - 2015-07-26 02:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 05:12 - 2015-07-26 02:17 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 05:12 - 2015-07-26 02:17 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 05:12 - 2015-07-26 02:17 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 05:12 - 2015-07-26 02:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 05:12 - 2015-07-26 02:17 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 05:12 - 2015-07-26 02:17 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 05:12 - 2015-07-26 02:17 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 05:12 - 2015-07-26 02:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-08-13 05:12 - 2015-07-26 02:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 05:12 - 2015-07-26 02:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 05:12 - 2015-07-26 02:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 05:12 - 2015-07-25 23:24 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 05:12 - 2015-07-25 23:24 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 05:12 - 2015-07-25 23:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-13 05:12 - 2015-07-25 23:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-13 05:12 - 2015-07-25 23:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-13 05:12 - 2015-07-25 23:24 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-13 05:12 - 2015-07-25 23:23 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-13 05:12 - 2015-07-25 23:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-13 05:12 - 2015-07-25 21:17 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 05:12 - 2015-07-25 21:09 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 05:12 - 2015-07-25 20:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-08-13 05:12 - 2015-07-25 20:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-08-13 05:12 - 2015-07-16 22:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-13 05:12 - 2015-07-16 22:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-13 05:12 - 2015-07-16 22:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-13 05:12 - 2015-07-16 22:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 05:12 - 2015-07-16 22:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-13 05:12 - 2015-07-16 22:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 05:12 - 2015-07-15 21:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 05:12 - 2015-07-15 21:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 05:12 - 2015-07-15 21:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 05:12 - 2015-07-15 06:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 05:12 - 2015-07-15 06:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 05:12 - 2015-07-15 06:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 05:12 - 2015-07-15 06:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 05:12 - 2015-07-15 06:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-13 05:12 - 2015-07-15 05:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-13 05:12 - 2015-07-15 05:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-13 05:12 - 2015-07-15 05:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-13 05:12 - 2015-07-15 05:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-13 05:12 - 2015-07-10 20:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 05:12 - 2015-07-10 20:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-13 05:12 - 2015-07-09 20:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 05:12 - 2015-07-09 20:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 05:12 - 2015-07-09 20:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 04:56 - 2015-08-12 04:56 - 00000000 ___HD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2015-08-09 19:27 - 2015-08-13 07:05 - 00000000 ____D C:\Users\User\Downloads\NeoDownloader
2015-08-09 16:55 - 2015-08-09 17:29 - 00000000 ____D C:\Users\User\Downloads\1
2015-08-09 16:34 - 2015-08-09 16:34 - 00000000 ____D C:\Users\User\Documents\My Weblog Posts
2015-08-09 08:39 - 2015-08-09 08:39 - 00000000 ____D C:\Program Files (x86)\TumblRipper
2015-08-09 08:14 - 2015-08-09 08:14 - 00000000 ____D C:\Program Files (x86)\DownloadAir
2015-08-09 08:01 - 2015-08-09 16:44 - 00000000 ____D C:\ProgramData\Freelang
2015-08-04 21:29 - 2015-08-04 21:29 - 00000000 ____D C:\Users\User\Documents\My Digital Editions
2015-08-03 21:16 - 2015-08-03 21:16 - 00001219 _____ C:\Users\User\Gd Livre - Banques.xls.lnk
2015-08-02 17:51 - 2015-08-08 12:08 - 00000000 ____D C:\ProgramData\iofhifnmmpebckclbhdlgchkpecllglc
2015-08-02 17:50 - 2015-08-19 17:27 - 00000360 _____ C:\Windows\Tasks\SmartDesign.job
2015-08-02 17:50 - 2015-08-18 20:24 - 00003282 _____ C:\Windows\System32\Tasks\SmartDesign
2015-08-02 17:18 - 2015-08-02 17:18 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71d.dll
2015-08-01 20:37 - 2015-08-10 07:05 - 00000750 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-07-30 17:54 - 2015-07-30 17:54 - 00000000 ____D C:\Users\User\AppData\Roaming\ProductData
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-21 20:00 - 2014-06-15 09:05 - 01243986 _____ C:\Windows\WindowsUpdate.log
2015-08-21 19:59 - 2012-12-05 14:57 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-08-21 19:53 - 2012-12-18 10:10 - 00000000 ____D C:\Users\User\AppData\Roaming\SlimBrowser
2015-08-21 19:39 - 2012-12-18 10:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-21 18:44 - 2012-12-30 10:02 - 00000000 ____D C:\ProgramData\MFAData
2015-08-21 18:05 - 2009-07-14 07:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-21 18:05 - 2009-07-14 07:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-21 17:56 - 2014-07-23 20:07 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-08-21 17:54 - 2015-06-03 07:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Orbit
2015-08-21 17:54 - 2012-12-19 19:04 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2015-08-21 17:54 - 2012-12-05 14:57 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-08-21 17:53 - 2014-06-15 09:08 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-08-21 17:53 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-21 08:47 - 2012-12-18 10:23 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-08-21 08:40 - 2015-02-16 09:07 - 00000000 ____D C:\Users\User\AppData\Local\JDownloader v2.0
2015-08-21 05:18 - 2014-09-15 19:29 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-20 15:22 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2015-08-20 14:48 - 2013-03-24 11:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-20 07:53 - 2014-06-12 20:52 - 00000000 ____D C:\AdwCleaner
2015-08-19 20:56 - 2013-03-24 11:17 - 00001049 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-19 20:56 - 2012-12-05 14:47 - 00000987 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-19 17:27 - 2014-01-05 13:11 - 00000380 _____ C:\Windows\Tasks\Amigabit Disk Defrag.job
2015-08-18 22:26 - 2012-12-20 13:12 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-08-18 22:26 - 2012-12-18 15:38 - 00000000 ____D C:\ProgramData\Adobe
2015-08-18 22:23 - 2012-12-28 23:25 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2015-08-18 20:25 - 2014-02-16 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2015-08-18 20:22 - 2014-01-05 13:11 - 00003162 _____ C:\Windows\System32\Tasks\Amigabit Disk Defrag
2015-08-18 19:55 - 2014-06-15 08:55 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-18 19:39 - 2012-12-05 14:58 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-08-18 08:47 - 2012-12-18 15:23 - 00000000 ___RD C:\Users\User\SkyDrive
2015-08-18 07:04 - 2012-12-18 17:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-18 06:26 - 2012-12-18 10:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2015-08-17 20:40 - 2012-12-19 12:25 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-08-17 20:39 - 2012-12-19 12:25 - 00000000 ____D C:\ProgramData\Skype
2015-08-17 07:19 - 2013-07-14 10:11 - 00003080 _____ C:\Windows\System32\Tasks\{53948B30-08AA-4E46-96E4-510A80B51144}
2015-08-17 06:29 - 2012-12-24 16:06 - 00000000 ____D C:\Users\User\AppData\Local\Google
2015-08-17 04:58 - 2013-11-05 06:15 - 00000000 ____D C:\ProgramData\ProductData
2015-08-17 04:56 - 2014-07-23 20:07 - 00000000 ____D C:\Users\User\AppData\Roaming\DiskDefrag
2015-08-16 18:40 - 2015-01-07 21:37 - 00000000 ____D C:\Users\User\.gimp-2.8
2015-08-16 17:58 - 2014-06-20 08:38 - 45800960 ___SH C:\Users\User\Downloads\Thumbs.db
2015-08-15 19:07 - 2013-12-14 17:29 - 00000000 ____D C:\Users\User\AppData\Roaming\LG Electronics
2015-08-15 18:55 - 2013-11-24 12:42 - 00000000 ____D C:\Users\User\.android
2015-08-13 12:28 - 2009-07-14 07:45 - 05031328 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 12:27 - 2014-05-30 06:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 12:27 - 2014-05-30 06:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 06:53 - 2014-05-30 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 06:48 - 2014-06-15 18:53 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 06:00 - 2012-12-18 15:11 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 15:32 - 2013-10-16 05:31 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2015-08-12 10:36 - 2012-12-18 10:11 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 10:36 - 2012-12-18 10:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 10:36 - 2012-12-18 10:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 05:10 - 2014-10-14 05:51 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-08-11 05:10 - 2014-07-23 20:07 - 00002974 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2015-08-11 05:10 - 2014-07-23 20:07 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-08-11 05:10 - 2014-06-04 15:26 - 00003314 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2015-08-11 05:02 - 2009-07-14 08:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-10 21:01 - 2009-07-14 07:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-09 16:44 - 2014-03-27 18:26 - 00001091 _____ C:\Users\Public\Desktop\Freelang.lnk
2015-08-09 16:44 - 2014-03-27 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelang
2015-08-09 16:44 - 2014-03-27 18:26 - 00000000 ____D C:\Program Files (x86)\Freelang
2015-08-09 16:29 - 2014-07-29 18:46 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-08-09 16:29 - 2012-12-18 10:55 - 00000000 ____D C:\Program Files (x86)\IrfanView
2015-08-09 08:14 - 2014-09-07 18:06 - 00000913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownloadAir.lnk
2015-08-09 08:14 - 2014-09-07 18:06 - 00000901 _____ C:\Users\Public\Desktop\DownloadAir.lnk
2015-08-09 08:00 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\tracing
2015-08-08 19:44 - 2014-06-15 08:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-08 12:04 - 2014-06-15 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-08 12:04 - 2013-01-05 09:56 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-02 08:22 - 2015-07-04 18:29 - 00000000 ____D C:\Users\User\Downloads\Workout
2015-08-01 11:04 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-30 17:59 - 2015-02-23 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-30 17:59 - 2014-10-19 07:01 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-30 04:54 - 2009-07-14 08:08 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-24 18:05 - 2014-02-20 08:20 - 00002155 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2014-02-17 07:54 - 2014-06-03 12:03 - 0003747 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-06-19 19:34 - 2014-06-19 19:34 - 0000024 _____ () C:\Users\User\AppData\Roaming\temp.ini
2015-05-11 21:25 - 2015-05-11 21:25 - 0000096 _____ () C:\Users\User\AppData\Roaming\version2.xml
2014-11-25 09:36 - 2014-11-25 09:40 - 0005632 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-16 18:36 - 2015-08-16 18:36 - 0001842 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2014-01-20 09:35 - 2014-01-21 21:32 - 0000000 _____ () C:\ProgramData\rj8zodjhx.odd
2015-06-16 07:14 - 2015-06-16 07:14 - 0004872 _____ () C:\ProgramData\vczcspay.tpu
2012-01-05 11:11 - 2012-01-05 11:11 - 0002045 ____H () C:\ProgramData\whlb32g.dll
 
Files to move or delete:
====================
C:\ProgramData\rj8zodjhx.odd
C:\ProgramData\whlb32g.dll
C:\Users\User\fbchathistory.dat
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-12 13:35
 
==================== End of log ============================

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 22 August 2015 - 07:52 AM

Please remove the programs in bold using the Add/Remove Programs applet.

Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
IObit Apps Toolbar v7.1 (HKLM-x32\...\{EA0F950C-D926-4366-A60C-9E7B71DB1FF2}) (Version: 7.1 - Spigot, Inc.) <==== ATTENTION
JDownloader Packages (HKU\S-1-5-21-668110010-1646736774-1458346147-1000\...\JDownloader Packages) (Version: - ) <==== ATTENTION



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dllATTENTION! ====> ZeroAccess?
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShellExt1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\PROGRA~2\4Sync\ShellExt.dll No File
ShellIconOverlayIdentifiers: [ShellExt2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\PROGRA~2\4Sync\ShellExt.dll No File
ShellIconOverlayIdentifiers: [ShellExt3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\PROGRA~2\4Sync\ShellExt.dll No File
ShellIconOverlayIdentifiers: [ShellExt4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => C:\PROGRA~2\4Sync\ShellExt.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-668110010-1646736774-1458346147-1000 -> {0D8E0D58-2862-4923-A97A-2DD1379BEEFD} URL = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=86779ab2000000000000bc5ff45776af&q={searchTerms}&r=909
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2012-09-14] (Orbitdownloader.com)
Toolbar: HKU\S-1-5-21-668110010-1646736774-1458346147-1000 -> No Name - {B24BA06E-FB7B-4757-95C2-DC01125F750E} -  No File
Toolbar: HKU\S-1-5-21-668110010-1646736774-1458346147-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Winsock: Catalog5 01 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File not foundATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not ' & $found1 & 'ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\Extensions\artur.dubovoy@gmail.com [2015-08-17]
FF Extension: All Downloader Professional - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\Extensions\alldownloader@link64.xpi [2015-08-17]
FF Extension: Tumblr Image Search - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5bz589xx.default-1439831756405\Extensions\tumblrS@link64.xpi [2015-08-17]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx <not found>
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S2 Winmgmt; C:\Users\User\AppData\Local\Temp\rj8zodjhx.zvv [X]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
C:\ProgramData\rj8zodjhx.odd
Task: {7901AD84-FCBA-4942-8488-88857CDB3E6E} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
Task: {8AA18814-D64A-476B-B3EA-E8838433CC7F} - \EPUpdater -> No File <==== ATTENTION
Task: {F7F7A2D5-A89E-489F-B835-7CECD30E799E} - System32\Tasks\SmartDesign => c:\programdata\{6ee8e39b-3277-c4d5-6ee8-8e39b3278e6c}\9zvj8.tb.pcc.1.6.9.6.rar.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmartDesign.job => c:\programdata\{6ee8e39b-3277-c4d5-6ee8-8e39b3278e6c}\9zvj8.tb.pcc.1.6.9.6.rar.exe <==== ATTENTION
AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550
AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656
AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981
AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587
c:\programdata\{6ee8e39b-3277-c4d5-6ee8-8e39b3278e6c}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#7 shaanou

shaanou
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 22 August 2015 - 01:04 PM

Thanks Nasdaq,

 

It seems so much better now that I got back all system info that I had lost (as the management console too for example).

 

Enclose is the logfile generated afterwards.

 

Looking forward to your comments,

With my sincere thanks and all the best to you...

 

Maybe that now, my PC will start to download all the Windows updates that it refused up to now :) , but I shall wait for your comments

 

shaanou

 

 

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 22 August 2015 - 01:12 PM

Try the Windows updates.

Let me know how things develop.

#9 shaanou

shaanou
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 23 August 2015 - 08:45 AM

Attached File  Capture 16.33 - 2015-08-23.JPG   73.71KB   0 downloads

 

Hello Nasdaq,

 

I seem to have managed to install all Windows updates but didn't succeed at all with any Office 2003 one!

Any chance at all to install these (see enclosure).

 

Whatever, let me thank you for everything you have done this past week. I never would have been able to do it by myself, and you will remain a reference.

 

Best from me



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 23 August 2015 - 12:19 PM

Try to download one or two updates at at time.
You may find out which one is not being installed.

Keep me posted.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 29 August 2015 - 07:27 AM

Are you still with me?

#12 shaanou

shaanou
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 29 August 2015 - 10:58 AM

Hello Nasdaq,

 

Yes of course, I am here but these past working weeks have been lasting 6 days and I just got home. Fortunately for me, I will get 2 days off from now ...

 

I haven't been able to install any of the Microsoft Office 2003 updates as I mostly get "error 80240016" (also "error 80070643") ...!

 

I also tried to install Windows 10 offered free by Microsoft but these wasn't able to get installed either ("error 80240FFF"). I am not so much worried about Windows 10 which doesn't seem this good anyway as many of my various programs just may not work anymore. So I will wait until I will firstly change my laptop in December to get Windows 10 already installed on it, to try it out. But I will managed with Windows 7 on my desktop until such a time I can change my PC, no need to say.

 

This is about it since my last message.

Hoping to hear from you

With my best wishes

Shaanou



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 30 August 2015 - 06:48 AM

Microsoft Office 2003 updates as I mostly get "error 80240016"


Try this fix.
http://windows.microsoft.com/en-GB/windows7/Windows-Update-error-80240016

===

(also "error 80070643")


Read this article and see what you can do.

https://techjourney.net/windows-update-or-office-update-encounters-0x80070643-failed-update-error/

===

#14 shaanou

shaanou
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 30 August 2015 - 08:11 AM

Thanks Nasdaq,

 

Let me see what I can get ... I will keep you advised

Best

 

Shaanou



#15 shaanou

shaanou
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 06 September 2015 - 01:00 AM

Hello Nasdaq,

 

Thanks again,

So, I tried those 2 error fixes that you offered but unfortunately no result whatsoever.

 

Nothing happens with the various fixes that I also found for 0x80070643 ..!

As for 0x80240016, if this is corrected, then I get a further error 0x80242006 and then yet another 0x80246007 ...

 

I ran the Windows Update troubleshooter (http://windows.microsoft.com/en-us/windows/troubleshoot-problems-installing-updates#1TC=windows-7) but now, I still have the 0x80070643 error for some non-installed updates and 0x80246007 for the others ...

 

Strange that Microsoft cannot come up with some concrete answers/solutions to these problems.

 

So I guess that my only way out would be to re-install Office 2003 (which I rather prefer to later Offices), but since it doesn't stop me working I will wait to change my PC.

The same goes with Windows 10, I will get it already installed whenever I will change this PC (which is for the present time perfectly working with Windows 7).

 

Thanks again 1000 times for your time.

I no doubt will be back to you should I be in trouble again.

 

All the best






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users