Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Application windows keep deselecting themselves at regular intervals


  • Please log in to reply
14 replies to this topic

#1 SpreadableFruit

SpreadableFruit

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 14 October 2015 - 11:48 PM

Hello,

I am seeing an issue where any window I am working/watching something in, in any application, will deselect, causing me to have to click in the window to continue typing / scrolling / resume full screen / what have you. This is occurring at (seemingly exact) 40 second intervals, which I know from checking the time between each event while watching a video. It is extremely annoying.

Other potentially related symptoms that have popped up around the same time are the mouse cursor "arrow" will switch to the "loading arrow" D2alZ.gif even while there is nothing for my computer to be loading. This seems to be out of sync with the deselecting. Additionally my Microsoft Security Essentials is telling me I haven't run a scan for a while, even after running multiple quick scans, and scheduled full scans every night at 2am.

I recently added the screencast extension for Google Chrome, but have removed it after encountering the issue.

I have tried using a different mouse and keyboard.

I have run scans with

§  Malware Bytes antimalware

§  Microsoft security essentials

§  Spybot Search and Destroy

and used the cleaner and registry cleaner utilities of CCleaner.

 

Here is my FRST log, Addition attached.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-10-2015 01

Ran by David (administrator) on LEVIATHAN (14-10-2015 21:41:35)
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available Profiles: David & Blaire)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Google Inc.) C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
(Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
(Binary Fortress Software) E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
() C:\Users\David\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Binary Fortress Software) E:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => E:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1821240 2014-04-10] (CANON INC.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-10] (Spotify Ltd)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Spotify] => C:\Users\David\AppData\Roaming\Spotify\Spotify.exe [7660648 2015-10-10] (Spotify Ltd)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5127304 2014-11-20] (Plex, Inc.)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [F.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [DisplayFusion] => E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [645296 2009-12-09] (Binary Fortress Software)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [DAEMON Tools Lite] => E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Amazon Music] => C:\Users\David\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-07] ()
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1448738595-64493416-255540935-1000\...\Policies\Explorer: [] 
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
AutoConfigURL: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D79E8759-39D9-419B-9836-7274A5DBA2FF}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{D79E8759-39D9-419B-9836-7274A5DBA2FF}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1448738595-64493416-255540935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-14] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-14] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9d7myicn.default-1441939424714
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1448738595-64493416-255540935-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1448738595-64493416-255540935-1000: @talk.google.com/O1DPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1448738595-64493416-255540935-1000: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1448738595-64493416-255540935-1000: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-10]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-10]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-10]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-10]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-10]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-10]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-10]
CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-09-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-10]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-10]
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-29]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-20] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U4 secdrv; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-14 21:41 - 2015-10-14 21:41 - 00020404 _____ C:\Users\David\Downloads\FRST.txt
2015-10-14 21:41 - 2015-10-14 21:41 - 00000000 ____D C:\Users\David\Downloads\FRST-OlderVersion
2015-10-14 20:43 - 2015-10-14 20:43 - 00000000 ____D C:\Users\David\AppData\Roaming\Sun
2015-10-14 20:43 - 2015-10-14 20:43 - 00000000 ____D C:\Users\David\.oracle_jre_usage
2015-10-14 20:42 - 2015-10-14 20:42 - 00003232 _____ C:\Windows\System32\Tasks\{79484C6B-1A55-488B-9EC2-E4CFCB09CD67}
2015-10-14 20:42 - 2015-10-14 20:42 - 00000000 ____D C:\Users\David\AppData\LocalLow\Oracle
2015-10-14 04:05 - 2015-10-14 04:05 - 00001082 _____ C:\Windows\PFRO.log
2015-10-14 04:05 - 2015-10-14 04:05 - 00000056 _____ C:\Windows\setupact.log
2015-10-14 04:05 - 2015-10-14 04:05 - 00000000 _____ C:\Windows\setuperr.log
2015-10-14 04:04 - 2015-10-14 04:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-14 03:39 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-14 03:39 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-10-13 22:41 - 2015-10-13 22:41 - 747564288 _____ C:\Users\David\Desktop\[]Microsoft Office Professional Plus (x64) 2013 Incl  Activator  P2P.zip
2015-10-13 22:36 - 2015-01-08 20:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-10-13 22:36 - 2015-01-08 20:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-10-13 22:36 - 2015-01-08 20:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-10-13 22:36 - 2015-01-08 19:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-10-13 22:33 - 2015-09-18 12:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 22:33 - 2015-09-18 11:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 22:33 - 2015-09-15 21:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 22:33 - 2015-09-15 21:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 22:33 - 2015-09-15 21:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 22:33 - 2015-09-15 21:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 22:33 - 2015-09-15 21:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 22:33 - 2015-09-15 21:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 22:33 - 2015-09-15 21:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 22:33 - 2015-09-15 21:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 22:33 - 2015-09-15 21:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 22:33 - 2015-09-15 21:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 22:33 - 2015-09-15 21:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 22:33 - 2015-09-15 20:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 22:33 - 2015-09-15 20:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 22:33 - 2015-09-15 20:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 22:33 - 2015-09-15 20:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 22:33 - 2015-09-15 20:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 22:33 - 2015-09-15 20:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 22:33 - 2015-09-15 20:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 22:33 - 2015-09-15 20:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 22:33 - 2015-09-15 20:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 22:33 - 2015-09-15 20:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 22:33 - 2015-09-15 20:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 22:33 - 2015-09-15 20:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 22:33 - 2015-09-15 20:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 22:33 - 2015-09-15 20:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 22:33 - 2015-09-15 20:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 22:33 - 2015-09-15 20:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 22:33 - 2015-09-15 20:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 22:33 - 2015-09-15 20:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 22:33 - 2015-09-15 20:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 22:33 - 2015-09-15 20:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 22:33 - 2015-09-15 20:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 22:33 - 2015-09-15 20:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 22:33 - 2015-09-15 20:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 22:33 - 2015-09-15 20:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 22:33 - 2015-09-15 20:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 22:33 - 2015-09-15 20:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 22:33 - 2015-09-15 20:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 22:33 - 2015-09-15 20:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 22:33 - 2015-09-15 20:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 22:33 - 2015-09-15 20:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 22:33 - 2015-09-15 19:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 22:33 - 2015-09-15 19:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 22:33 - 2015-09-15 19:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 22:33 - 2015-09-15 19:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 22:33 - 2015-09-15 19:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 22:33 - 2015-09-15 19:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 22:33 - 2015-09-15 19:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 22:33 - 2015-09-15 19:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 22:33 - 2015-09-15 19:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 22:33 - 2015-09-15 19:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 22:33 - 2015-08-06 11:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 22:33 - 2015-08-06 11:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 22:33 - 2015-08-06 10:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 22:33 - 2015-08-06 10:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 22:33 - 2015-08-05 10:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-10-13 22:33 - 2015-08-05 10:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-10-13 22:33 - 2015-08-05 10:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-10-13 22:33 - 2015-08-05 10:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-10-13 22:33 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-13 22:33 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-13 22:33 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-13 22:33 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-13 22:33 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-13 22:33 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-10-13 22:33 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-13 22:33 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-13 22:33 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-10-13 22:33 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-10-13 22:33 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-10-13 22:33 - 2015-07-10 10:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-10-13 22:33 - 2015-07-10 10:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-10-13 22:33 - 2015-07-10 10:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-10-13 22:33 - 2015-07-10 10:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-10-13 22:33 - 2015-07-10 10:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-10-13 22:33 - 2015-07-10 10:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-10-13 22:33 - 2015-06-03 13:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-10-13 22:33 - 2015-06-03 13:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-10-13 22:33 - 2015-04-29 11:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-10-13 22:33 - 2015-04-29 11:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-10-13 22:33 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-10-13 22:33 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-10-13 22:33 - 2015-04-29 11:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-10-13 22:33 - 2015-04-29 11:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-10-13 22:33 - 2015-04-29 11:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-10-13 22:33 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-10-13 22:33 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-10-13 22:33 - 2015-04-29 11:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-10-13 22:33 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-10-13 22:33 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-10-13 22:33 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-10-13 22:32 - 2015-09-28 20:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 22:32 - 2015-09-28 20:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 22:32 - 2015-09-25 11:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 22:32 - 2015-09-25 11:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 22:32 - 2015-09-25 11:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 22:32 - 2015-09-25 11:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 22:32 - 2015-09-25 11:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 22:32 - 2015-09-25 11:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 22:32 - 2015-09-25 11:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 22:32 - 2015-09-25 11:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 22:32 - 2015-09-25 11:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 22:32 - 2015-09-25 11:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 22:32 - 2015-09-25 11:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 22:32 - 2015-09-25 10:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 22:32 - 2015-09-25 10:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 22:32 - 2015-09-25 10:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 22:32 - 2015-09-25 10:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-13 22:32 - 2015-09-25 10:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 22:32 - 2015-09-15 21:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 22:32 - 2015-09-15 21:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 22:32 - 2015-09-15 21:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 22:32 - 2015-09-15 21:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 22:32 - 2015-09-15 21:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 22:32 - 2015-09-15 21:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 22:32 - 2015-09-15 21:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 22:32 - 2015-09-15 20:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 22:32 - 2015-09-15 20:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 22:32 - 2015-09-15 20:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 22:32 - 2015-09-15 20:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 22:32 - 2015-09-15 11:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 22:32 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-10-13 22:32 - 2015-07-14 20:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-10-13 22:32 - 2015-07-14 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-10-13 22:32 - 2015-07-09 10:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-10-13 22:32 - 2015-07-09 10:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-10-13 22:32 - 2015-07-09 10:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-10-13 22:32 - 2015-07-09 10:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-10-13 22:32 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-10-13 22:32 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-10-13 22:31 - 2015-10-01 11:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 22:31 - 2015-10-01 11:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 22:31 - 2015-10-01 11:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 22:31 - 2015-10-01 11:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 22:31 - 2015-10-01 11:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 22:31 - 2015-10-01 11:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 22:31 - 2015-10-01 11:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 22:31 - 2015-10-01 10:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 22:31 - 2015-10-01 10:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 22:31 - 2015-09-28 20:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 22:31 - 2015-09-28 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 22:31 - 2015-09-28 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 22:31 - 2015-09-28 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 22:31 - 2015-09-28 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 22:31 - 2015-09-28 20:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 22:31 - 2015-09-28 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 22:31 - 2015-09-28 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 22:31 - 2015-09-28 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 22:31 - 2015-09-28 20:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 22:31 - 2015-09-28 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 22:31 - 2015-09-28 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 22:31 - 2015-09-28 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 22:31 - 2015-09-28 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 22:31 - 2015-09-28 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 22:31 - 2015-09-28 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 22:31 - 2015-09-28 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 22:31 - 2015-09-28 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 22:31 - 2015-09-28 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 22:31 - 2015-09-28 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 22:31 - 2015-09-28 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 22:31 - 2015-09-28 20:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 22:31 - 2015-09-28 20:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 22:31 - 2015-09-28 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 22:31 - 2015-09-28 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 22:31 - 2015-09-28 20:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 22:31 - 2015-09-28 19:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 22:31 - 2015-09-28 19:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 22:31 - 2015-09-28 19:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 22:31 - 2015-09-28 19:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 22:31 - 2015-09-28 19:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 22:31 - 2015-09-28 19:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 22:31 - 2015-09-28 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 22:31 - 2015-09-28 19:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 22:31 - 2015-09-28 19:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 22:31 - 2015-09-28 19:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 22:31 - 2015-09-28 19:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 22:31 - 2015-09-28 19:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 22:31 - 2015-09-28 19:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 22:31 - 2015-09-28 19:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 22:31 - 2015-09-28 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 18:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 22:31 - 2015-09-28 18:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 22:31 - 2015-09-28 18:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 22:31 - 2015-09-28 18:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 22:31 - 2015-09-28 18:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-13 22:31 - 2015-09-28 18:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 18:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 18:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 22:31 - 2015-09-28 18:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 22:31 - 2015-09-15 11:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 22:31 - 2015-09-15 11:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 22:31 - 2015-09-15 11:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 22:31 - 2015-09-15 11:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 22:31 - 2015-09-15 11:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 22:31 - 2015-09-15 11:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 22:31 - 2015-09-15 11:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 22:31 - 2015-09-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 22:31 - 2015-09-15 10:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 22:31 - 2015-09-15 10:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 22:31 - 2015-09-15 10:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 22:31 - 2015-09-15 10:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 22:31 - 2015-08-27 11:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-10-13 22:31 - 2015-08-27 11:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-10-13 22:31 - 2015-08-27 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-10-13 22:31 - 2015-08-27 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-10-13 22:31 - 2015-08-27 10:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-10-13 22:31 - 2015-08-27 10:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-10-13 22:31 - 2015-08-27 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-10-13 22:31 - 2015-08-27 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-10-13 22:31 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-10-13 22:31 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-10-13 22:31 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-10-13 22:31 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-10-13 22:31 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-10-13 22:31 - 2015-07-22 17:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-10-13 22:31 - 2015-07-22 17:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-10-13 22:31 - 2015-07-22 17:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-13 22:31 - 2015-07-22 10:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-13 22:31 - 2015-07-22 10:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-10-13 22:31 - 2015-07-22 09:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 22:31 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 22:31 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-10-13 22:31 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-10-13 22:31 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-10-13 22:31 - 2015-07-04 11:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-10-13 22:31 - 2015-07-04 10:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-10-13 22:31 - 2015-06-25 03:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-10-13 22:31 - 2015-06-25 03:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-10-13 22:31 - 2015-06-25 03:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-10-13 22:31 - 2015-06-25 02:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-10-13 22:31 - 2015-06-17 10:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-10-13 22:31 - 2015-06-17 10:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-10-13 22:31 - 2015-06-15 14:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-10-13 22:31 - 2015-06-15 14:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-10-13 22:31 - 2015-06-15 14:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-10-13 22:31 - 2015-06-15 14:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-10-13 22:31 - 2015-06-15 14:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-10-13 22:31 - 2015-06-15 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-10-13 22:31 - 2015-06-15 14:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-10-13 22:31 - 2015-06-15 14:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-10-13 22:31 - 2015-06-11 10:56 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-10-13 22:31 - 2015-06-11 10:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-10-13 22:31 - 2015-06-11 10:15 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-10-13 22:31 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-10-13 22:31 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-10-13 22:31 - 2015-05-25 11:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-10-13 22:31 - 2015-05-25 11:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-10-13 22:31 - 2015-05-25 11:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-10-13 22:31 - 2015-05-25 11:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-10-13 22:31 - 2015-05-25 11:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-10-13 22:31 - 2015-05-25 11:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-10-13 22:31 - 2015-05-25 11:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-10-13 22:31 - 2015-05-25 11:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-10-13 22:31 - 2015-05-25 11:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-10-13 22:31 - 2015-05-25 11:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-10-13 22:31 - 2015-05-25 11:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-10-13 22:31 - 2015-05-25 11:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-10-13 22:31 - 2015-04-24 11:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-10-13 22:31 - 2015-04-24 10:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-10-13 22:31 - 2015-04-10 20:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-10-13 22:30 - 2015-04-27 12:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-10-13 22:30 - 2015-04-27 12:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-10-13 22:30 - 2015-04-27 12:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-10-13 22:30 - 2015-04-27 12:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-10-13 22:30 - 2015-04-27 12:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-10-13 22:30 - 2015-04-27 12:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-10-13 22:30 - 2015-04-27 12:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-10-13 22:30 - 2015-04-27 12:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-10-13 22:30 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-10-13 22:30 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-10-13 22:25 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-10-13 22:25 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-10-13 22:25 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-10-13 22:25 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-10-13 22:20 - 2015-10-14 21:25 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-13 22:20 - 2015-10-14 20:36 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-13 22:20 - 2015-10-13 22:20 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-13 22:20 - 2015-10-13 22:20 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-13 22:20 - 2015-10-13 22:20 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-13 22:20 - 2015-10-13 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-13 22:20 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-10-13 22:20 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-10-13 22:20 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-10-13 22:20 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-10-13 22:20 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-10-13 22:20 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-10-13 22:20 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-10-13 22:19 - 2015-10-13 22:19 - 00929872 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup(3).exe
2015-10-12 22:04 - 2015-10-12 22:09 - 00000000 ____D C:\Windows\pss
2015-10-11 11:18 - 2015-10-11 11:18 - 02714235 _____ C:\Users\David\Desktop\ocean-to-ocean-bridge-yuma.psd
2015-10-10 18:00 - 2015-09-01 20:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-10-10 18:00 - 2015-09-01 20:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-10-10 18:00 - 2015-09-01 20:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-10-10 18:00 - 2015-09-01 20:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-10-10 18:00 - 2015-09-01 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-10-10 18:00 - 2015-09-01 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-10-10 18:00 - 2015-09-01 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-10-10 18:00 - 2015-09-01 19:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-10-10 18:00 - 2015-09-01 18:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-10-10 18:00 - 2015-09-01 18:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-10-10 18:00 - 2015-09-01 18:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-10-02 08:37 - 2015-10-02 08:37 - 00000000 ____D C:\Users\Blaire\AppData\Roaming\Canon
2015-10-02 08:37 - 2015-10-02 08:37 - 00000000 _____ C:\Users\Blaire\Sti_Trace.log
2015-09-29 22:27 - 2015-09-29 22:27 - 02706196 _____ C:\Users\David\Downloads\Untitled Screencast.webm
2015-09-29 22:23 - 2015-09-29 22:23 - 01399727 _____ C:\Users\David\Downloads\3d_pinball_for_windows_space_cadet.exe
2015-09-28 22:20 - 2015-09-28 22:21 - 00339210 _____ C:\Users\David\Desktop\test.ps
2015-09-28 22:17 - 2015-09-28 22:18 - 49043837 _____ ( ) C:\Users\David\Downloads\Setup Screen Capturer Recorder v0.12.8.exe
2015-09-17 07:36 - 2015-09-17 07:48 - 00042340 _____ C:\Users\David\Desktop\Okora_DBXenoverse_Stats.xlsx
2015-09-15 23:15 - 2015-09-15 23:15 - 00000000 ____D C:\Users\David\AppData\Local\MangaReader
2015-09-15 23:14 - 2010-12-06 19:58 - 02173952 _____ C:\Users\David\Downloads\MangaReaderSetup.msi
2015-09-15 23:14 - 2010-12-06 19:57 - 00495104 _____ () C:\Users\David\Downloads\setup.exe
2015-09-15 23:09 - 2015-09-15 23:23 - 00000000 ____D C:\Users\David\AppData\Roaming\rUpdater Software
2015-09-15 23:09 - 2015-09-15 23:09 - 00000000 ____D C:\Program Files (x86)\cbrreader_setup
2015-09-15 23:07 - 2015-09-15 23:07 - 00000000 ____D C:\ProgramData\Soda PDF 3D Reader
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-14 21:41 - 2015-09-09 17:58 - 02196992 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2015-10-14 21:41 - 2014-08-16 13:32 - 00000000 ____D C:\FRST
2015-10-14 21:41 - 2013-06-14 13:53 - 00000000 ___HD C:\Users\David\AppData\Local\Akamai
2015-10-14 21:37 - 2014-05-31 15:15 - 00000000 ____D C:\Users\David\AppData\Roaming\DisplayFusion
2015-10-14 21:06 - 2013-04-12 22:01 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000UA.job
2015-10-14 20:51 - 2013-04-23 22:20 - 01531915 _____ C:\Windows\WindowsUpdate.log
2015-10-14 20:43 - 2015-03-31 07:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-14 20:43 - 2015-03-31 07:14 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-14 20:43 - 2013-03-01 15:40 - 00000000 ____D C:\Users\David
2015-10-14 20:42 - 2015-03-31 07:14 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-14 20:41 - 2009-07-13 21:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-14 20:41 - 2009-07-13 21:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-14 20:37 - 2015-05-03 19:49 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify
2015-10-14 20:37 - 2015-05-03 19:49 - 00000000 ____D C:\Users\David\AppData\Local\Spotify
2015-10-14 20:36 - 2015-06-19 21:42 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-10-14 20:36 - 2014-02-17 11:32 - 00000000 ____D C:\Temp
2015-10-14 20:36 - 2013-03-03 15:14 - 00000000 ___HD C:\Users\David\AppData\Local\Adobe
2015-10-14 20:35 - 2013-04-12 22:01 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000Core.job
2015-10-14 04:30 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-10-14 04:12 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-14 04:05 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-14 04:04 - 2015-05-02 17:32 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-14 04:04 - 2015-05-02 17:32 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-14 04:04 - 2014-08-13 18:21 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-14 04:04 - 2009-07-14 00:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-14 04:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2015-10-14 04:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-10-14 04:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-14 04:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2015-10-14 03:47 - 2013-07-13 13:50 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 03:41 - 2013-03-18 13:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-14 03:40 - 2013-03-01 18:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 03:34 - 2013-03-01 17:46 - 00002155 _____ C:\Windows\epplauncher.mif
2015-10-14 03:34 - 2013-03-01 17:46 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-10-14 03:34 - 2013-03-01 17:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-10-14 03:34 - 2013-03-01 17:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-10-14 03:33 - 2009-07-13 19:34 - 00000478 _____ C:\Windows\win.ini
2015-10-13 22:40 - 2015-06-07 10:29 - 00000000 ___HD C:\Users\David\AppData\Local\CrashDumps
2015-10-13 22:40 - 2014-07-29 17:36 - 00000000 ____D C:\Users\David\AppData\Roaming\uTorrent
2015-10-13 22:40 - 2013-03-17 16:30 - 00000000 ____D C:\Users\David\AppData\Roaming\FileZilla
2015-10-13 22:39 - 2014-09-10 11:55 - 00000000 ____D C:\ProgramData\Origin
2015-10-13 22:39 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-13 22:20 - 2013-03-01 15:53 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-12 22:26 - 2014-07-19 15:52 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-12 22:07 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-12 21:29 - 2013-12-24 10:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-11 18:20 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-11 17:44 - 2009-07-13 21:45 - 05053480 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-11 17:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-10-11 17:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2015-10-11 11:19 - 2015-04-18 11:22 - 00000000 ____D C:\Users\David\Desktop\documents-export-2015-04-18
2015-10-02 12:09 - 2013-03-01 16:45 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-02 08:37 - 2013-10-14 16:12 - 00000000 ____D C:\Users\Blaire
2015-10-02 08:35 - 2013-10-14 16:12 - 00000000 ____D C:\Users\Blaire\AppData\Roaming\Apple Computer
2015-10-02 01:42 - 2015-09-10 21:31 - 00000068 _____ C:\Users\David\Documents\gpfax.adr
2015-10-02 00:11 - 2013-03-03 15:24 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
2015-09-26 22:59 - 2013-10-14 16:12 - 00000000 ____D C:\Users\Blaire\AppData\Local\Google
2015-09-17 19:34 - 2013-03-03 20:11 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-09-16 06:01 - 2013-04-12 22:01 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000UA
2015-09-16 06:01 - 2013-04-12 22:01 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000Core
2015-09-15 07:42 - 2015-08-09 20:15 - 00000600 _____ C:\Users\David\AppData\Roaming\PUTTY.RND
2015-09-14 14:22 - 2014-09-10 11:57 - 00000000 ____D C:\Users\Blaire\AppData\Roaming\Origin
 
==================== Files in the root of some directories =======
 
2014-08-17 18:14 - 2013-11-07 11:31 - 0642052 ____R () C:\Program Files (x86)\steam_api.dll
2014-08-17 18:14 - 2013-11-07 11:32 - 0002100 ____R () C:\Program Files (x86)\steam_api.ini
2015-01-10 08:05 - 2015-08-07 12:32 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-08-09 20:15 - 2015-09-15 07:42 - 0000600 _____ () C:\Users\David\AppData\Roaming\PUTTY.RND
2013-04-17 09:11 - 2015-08-21 12:37 - 0000600 ____H () C:\Users\David\AppData\Local\PUTTY.RND
2013-06-15 08:24 - 2013-06-15 08:24 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\David\AppData\Local\Temp\jre-8u60-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-11 10:18
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 15 October 2015 - 10:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

What is this for?
Does it need to be started as a Task?

Task: {FABE6D84-857C-40D1-9FF6-5F964E36ABFC} - System32\Tasks\{15D472B3-2F50-45E0-8FFF-BA2AC00D4D69} => pcalua.exe -a C:\Users\David\Downloads\converter.exe -d C:\Users\David\Downloads


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {027242E5-3527-458B-8687-5339E7EF3C34} - System32\Tasks\{79484C6B-1A55-488B-9EC2-E4CFCB09CD67} => pcalua.exe -a C:\Users\David\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {13BFC6F7-90A2-4764-AB95-F48C5235910B} - \PastaQuotes -> No File <==== ATTENTION
Task: {2DDAE854-99A0-4EAC-BF56-DB5024C206C8} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {D0024A61-CE09-419E-861F-449AF3B7F0E0} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {D8A2530F-B917-4A29-8EA8-2A6F5416CA25} - System32\Tasks\{2B068A27-BA3A-44DE-9312-0740294A1E52} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.105/en/abandoninstall?page=tsProgressBar
U4 secdrv; no ImagePath

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

How is the computer running now?

#3 SpreadableFruit

SpreadableFruit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 15 October 2015 - 10:29 PM

I'm still seeing the issue.

 

fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01
Ran by David (2015-10-15 20:14:48) Run:5
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available Profiles: David & Blaire)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Task: {027242E5-3527-458B-8687-5339E7EF3C34} - System32\Tasks\{79484C6B-1A55-488B-9EC2-E4CFCB09CD67} => pcalua.exe -a C:\Users\David\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {13BFC6F7-90A2-4764-AB95-F48C5235910B} - \PastaQuotes -> No File <==== ATTENTION
Task: {2DDAE854-99A0-4EAC-BF56-DB5024C206C8} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {D0024A61-CE09-419E-861F-449AF3B7F0E0} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {D8A2530F-B917-4A29-8EA8-2A6F5416CA25} - System32\Tasks\{2B068A27-BA3A-44DE-9312-0740294A1E52} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.105/en/abandoninstall?page=tsProgressBar
U4 secdrv; no ImagePath
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{027242E5-3527-458B-8687-5339E7EF3C34}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{027242E5-3527-458B-8687-5339E7EF3C34}" => key removed successfully
C:\Windows\System32\Tasks\{79484C6B-1A55-488B-9EC2-E4CFCB09CD67} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{79484C6B-1A55-488B-9EC2-E4CFCB09CD67}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13BFC6F7-90A2-4764-AB95-F48C5235910B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13BFC6F7-90A2-4764-AB95-F48C5235910B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DDAE854-99A0-4EAC-BF56-DB5024C206C8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DDAE854-99A0-4EAC-BF56-DB5024C206C8}" => key removed successfully
C:\Windows\System32\Tasks\YTAUpdate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTAUpdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D0024A61-CE09-419E-861F-449AF3B7F0E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0024A61-CE09-419E-861F-449AF3B7F0E0}" => key removed successfully
C:\Windows\System32\Tasks\YTAUpdate_logon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTAUpdate_logon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8A2530F-B917-4A29-8EA8-2A6F5416CA25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8A2530F-B917-4A29-8EA8-2A6F5416CA25}" => key removed successfully
C:\Windows\System32\Tasks\{2B068A27-BA3A-44DE-9312-0740294A1E52} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B068A27-BA3A-44DE-9312-0740294A1E52}" => key removed successfully
secdrv => service removed successfully
EmptyTemp: => 338.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:14:58 ====
 
 

AdwCleanerC2.txt

 

# AdwCleaner v5.013 - Logfile created 15/10/2015 at 20:21:37

# Updated 09/10/2015 by Xplode
# Database : 2015-10-13.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : David - LEVIATHAN
# Running from : C:\Users\David\Downloads\adwcleaner_5.013.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\JustCloud
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKU\.DEFAULT\Software\Goobzo
 
***** [ Web browsers ] *****
 
[-] [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1553 bytes] ##########
 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 16 October 2015 - 06:54 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#5 SpreadableFruit

SpreadableFruit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 17 October 2015 - 04:47 PM

I had a chance to try this today, I'm still seeing the issue.

Here is the output of the zoek-results.log

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by David on Sat 10/17/2015 at 14:30:09.36.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\David\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
10/17/2015 14:31:19 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Pando Networks deleted successfully
C:\PROGRA~2\VS Revo Group deleted successfully
C:\Users\Blaire\AppData\Roaming\.oit deleted successfully
C:\Users\David\AppData\Roaming\.oit deleted successfully
C:\Users\David\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\David\AppData\Roaming\rUpdater Software deleted successfully
C:\Users\David\AppData\Local\CrashDumps deleted successfully
C:\Users\David\AppData\Local\CutePDF Writer deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1448738595-64493416-255540935-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Pando Networks not found
C:\PROGRA~2\VS Revo Group not found
C:\PROGRA~2\MiniGet deleted
C:\Users\David\AppData\Roaming\calibre deleted
C:\windows\SysNative\Tasks\{CB827F34-01F2-4A1A-B110-6079A14E8B5E} deleted
C:\PROGRA~3\SummerSoft deleted
C:\PROGRA~2\Age of Empires II HD The Forgotten deleted
C:\LeagueofLegends_NA_Installer_05_07_13.exe deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\David\AppData\Local\cache deleted
C:\Users\David\AppData\Local\CrashRpt deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWOW64\AniGIF.ocx deleted
 
==== Firefox Extensions ======================
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9d7myicn.default-1441939424714
7D127425BBE91DF37448A7F44C1DDA52 - C:\Users\David\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update
49D429EBF5305FC9ADD7545B7C914333 - C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
6BEAD7859E8A087BE04556AB5A78855C - C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.71
 
 
Chrome Hotword Shared Module - Blaire\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
AdBlock - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Hotword Shared Module - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Chromium Fix ======================
 
C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_media.mtvnservices.com_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_media.mtvnservices.com_0.localstorage-journal deleted successfully
C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.voicedailydeals.com_0.localstorage deleted successfully
C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.voicedailydeals.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Blue Coat K9 Web Protection deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Blaire\AppData\Local\Mozilla\Firefox\Profiles\u4lfi84v.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Blaire\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=194 folders=125 169140973 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Blaire\AppData\Local\temp emptied successfully
C:\Users\David\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sat 10/17/2015 at 14:45:28.00 ======================

Edited by SpreadableFruit, 17 October 2015 - 05:52 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 18 October 2015 - 08:36 AM


Remove AdBlock from Chrome.
AdBlock - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Install this latest version Adblock Plus.
https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

==

If the problem persists the proceed with this.

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

Read and follow the instructions on the page before proceeding.

Did you find any conflicting issues?
===

#7 SpreadableFruit

SpreadableFruit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 18 October 2015 - 12:37 PM

After removing adblock I tried doing the selective startup to see if one of the services was causing the issue. With all the services disabled I wasn't encountering it, so I did the binary search as suggested on the Microsoft support page to determine which service might be causing it. After several restarts I was back at a selective startup with all of the services enabled and was still not encountering the issue.

 

When I resumed "Normal Startup" the issue returned.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 19 October 2015 - 06:55 AM

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

Before you post the log run this scan.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.
<<<>>>

Keep me posted.

#9 SpreadableFruit

SpreadableFruit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 20 October 2015 - 12:32 AM

Combofix log:

ComboFix 15-10-15.01 - David 10/19/2015  21:03:42.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8160.6374 [GMT -7:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-20 to 2015-10-20  )))))))))))))))))))))))))))))))
.
.
2015-10-20 04:07 . 2015-10-20 04:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-10-17 21:44 . 2015-10-17 21:29 24064 ----a-w- c:\windows\zoek-delete.exe
2015-10-17 21:29 . 2015-10-17 21:43 -------- d-----w- C:\zoek_backup
2015-10-15 03:48 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 03:48 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 03:48 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 03:48 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 03:48 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 03:48 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-10-15 03:43 . 2015-10-15 03:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-10-15 03:43 . 2015-10-15 03:43 -------- d-----w- c:\users\David\.oracle_jre_usage
2015-10-14 11:04 . 2015-10-16 01:53 -------- d-----w- c:\windows\system32\appraiser
2015-10-14 10:39 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-10-14 10:39 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-14 05:36 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-10-14 05:36 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-10-14 05:36 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-10-14 05:36 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-10-14 05:32 . 2015-09-16 04:09 5990912 ----a-w- c:\windows\system32\jscript9.dll
2015-10-14 05:31 . 2015-09-29 03:10 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-10-14 05:30 . 2015-04-27 19:23 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-10-14 05:30 . 2015-04-27 19:23 188416 ----a-w- c:\windows\system32\cryptsvc.dll
2015-10-14 05:30 . 2015-04-27 19:23 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-10-14 05:30 . 2015-04-27 19:04 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2015-10-14 05:30 . 2015-04-27 19:04 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-10-14 05:30 . 2015-04-27 19:23 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-10-14 05:30 . 2015-04-27 19:05 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-10-14 05:30 . 2015-04-27 19:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2015-10-14 05:30 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-10-14 05:30 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-10-14 05:25 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-10-14 05:25 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-10-14 05:25 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-10-14 05:25 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-10-14 05:20 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-10-14 05:20 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-10-14 05:20 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-10-14 05:20 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-10-14 05:20 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-10-14 05:20 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-10-14 05:20 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-10-11 01:00 . 2015-09-02 01:51 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-10-11 01:00 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll
2015-10-11 01:00 . 2015-09-02 03:04 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-10-11 01:00 . 2015-09-02 03:04 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-10-11 01:00 . 2015-09-02 03:04 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-10-11 01:00 . 2015-09-02 02:48 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-10-11 01:00 . 2015-09-02 02:48 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-10-11 01:00 . 2015-09-02 02:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-10-11 01:00 . 2015-09-02 02:47 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-10-11 01:00 . 2015-09-02 01:47 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-10-11 01:00 . 2015-09-02 01:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-10-02 15:37 . 2015-10-02 15:37 -------- d-----w- c:\users\Blaire\AppData\Roaming\Canon
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-15 03:42 . 2015-03-31 14:14 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-10-13 05:26 . 2014-07-19 22:52 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-02 19:09 . 2013-03-01 23:45 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-09-29 02:58 . 2015-10-14 05:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-11-07 18:31 . 2014-08-18 01:14 642052 ----a-r- c:\program files (x86)\steam_api.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-09-15 22:01 1733240 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-09-15 22:01 1733240 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-09-15 22:01 1733240 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2014-11-20 5127304]
"F.lux"="c:\users\David\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"DisplayFusion"="e:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Amazon Music"="c:\users\David\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-12-08 6277952]
"Akamai NetSession Interface"="c:\users\David\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="e:\program files (x86)\QuickTime\QTTask.exe" [2015-06-17 421888]
"Canon Toner Status"="c:\program files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe" [2014-04-10 1821240]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2015-9-15 222384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;e:\program files (x86)\Skype\Updater\Updater.exe;e:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 bckd;bckd;c:\windows\system32\drivers\bckd.sys;c:\windows\SYSNATIVE\drivers\bckd.sys [x]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-14 05:20 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14 05:20]
.
2015-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14 05:20]
.
2015-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-13 00:26]
.
2015-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1448738595-64493416-255540935-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-13 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-09-15 21:58 2339032 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-09-15 21:58 2339032 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-09-15 21:58 2339032 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-08-13 170256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D79E8759-39D9-419B-9836-7274A5DBA2FF}: NameServer = 208.67.222.222,208.67.220.220
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9d7myicn.default-1441939424714\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{16eca963-68c5-4756-80f9-db9094a4d6f0} - c:\programdata\Package Cache\{16eca963-68c5-4756-80f9-db9094a4d6f0}\pms.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-19  21:09:15
ComboFix-quarantined-files.txt  2015-10-20 04:09
.
Pre-Run: 10,400,546,816 bytes free
Post-Run: 13,621,182,464 bytes free
.
- - End Of File - - FA03508CED99DC22FB4C871C519B4865
A36C5E4F47E84449FF07ED3517B43A31
 
 
ESET Log:
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\steam_api.dll a variant of Win32/HackTool.Crack.DF potentially unsafe application
C:\Program Files (x86)\cbrreader_setup\cbrreader_setup\cbrreader_setup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\David\AppData\Roaming\uTorrent\updates\3.4.2_38656.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\David\Downloads\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\zoek_backup\C_PROGRA~2_Age of Empires II HD The Forgotten\steam_api.dll a variant of Win32/HackTool.Crack.DF potentially unsafe application
C:\zoek_backup\C_PROGRA~3_InstallMate\{5719B621-4A9C-49A2-AB49-02BE8CFA94D7}\Custom.dll a variant of Win32/InstalleRex.T potentially unwanted application
E:\Documents\SoftwareCracks\AutoCAD\ace2012_x64.iso Win32/Keygen.BL potentially unsafe application
E:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe.5800.tmp a variant of Win32/AdkDLLWrapper.A potentially unwanted application
 

Edited by SpreadableFruit, 20 October 2015 - 12:35 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 20 October 2015 - 07:38 AM

You decide if you want to keep the potentially unwanted applications.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Devices (problems only)
  • List Minidump Files
  • List Restore Points
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
================

#11 SpreadableFruit

SpreadableFruit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 20 October 2015 - 09:35 PM

Here is the result:

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by David (administrator) on 20-10-2015 at 19:31:03
Running from "C:\Users\David\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: To be filled by O.E.M. Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Leviathan
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 94-DE-80-0D-9E-4B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5cdf:c8a7:2763:8df2%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.199(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, October 20, 2015 19:22:37
   Lease Expires . . . . . . . . . . : Wednesday, October 21, 2015 19:22:36
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 244637312
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-C2-E8-71-94-DE-80-0D-9E-4B
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{D79E8759-39D9-419B-9836-7274A5DBA2FF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Name:    google.com
Addresses:  74.125.224.37
 74.125.224.36
 74.125.224.38
 74.125.224.46
 74.125.224.32
 74.125.224.40
 74.125.224.35
 74.125.224.33
 74.125.224.41
 74.125.224.39
 74.125.224.34
 
 
Pinging google.com [216.58.216.46] with 32 bytes of data:
Reply from 216.58.216.46: bytes=32 time=22ms TTL=128
Reply from 216.58.216.46: bytes=32 time=23ms TTL=128
 
Ping statistics for 216.58.216.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 23ms, Average = 22ms
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=89ms TTL=128
Reply from 98.139.183.24: bytes=32 time=86ms TTL=128
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 86ms, Maximum = 89ms, Average = 87ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...94 de 80 0d 9e 4b ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.199     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.199    276
    192.168.0.199  255.255.255.255         On-link     192.168.0.199    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.199    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.199    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.199    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::5cdf:c8a7:2763:8df2/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2004693108.48.56.39259506 - Audible, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{56E65A82-39F0-4FB3-9E06-B58CCCA4E6D6}) (Version: 0.9.32 - Kovid Goyal)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 1.2.11 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.2.11.10002 - CANON INC.)
Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
CodeBlocks (HKCU\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
DisplayFusion 3.1.6 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version:  - Binary Fortress Software)
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
DRAGON BALL XENOVERSE (HKLM-x32\...\Steam App 323470) (Version:  - DIMPS)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
f.lux (HKCU\...\Flux) (Version:  - )
FileZilla Client 3.11.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.0 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MATLAB R2012a (HKLM\...\Matlab R2012a) (Version: 7.14 - The MathWorks, Inc.)
Mendeley Desktop 1.8.1 (HKLM-x32\...\Mendeley Desktop) (Version: 1.8.1 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MinGW-Get version 0.5-beta-20120426-1 (HKLM-x32\...\{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1) (Version: 0.5-beta-20120426-1 - MinGW)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
Novarm DipTrace (HKLM\...\Novarm DipTrace) (Version: 2.3 - Novarm)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PLECS Standalone 3.7.2 (64 bit) (HKLM\...\{0CE54F47-B62A-4C34-9CB3-B677B12C630B}) (Version: 3.7.2 - Plexim)
Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{A6BF4853-41E9-4DA1-AD81-4B16FEE938C2}) (Version: 0.9.1104 - Plex, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.VISPRO_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.VISPRO_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{4BF13B26-3A95-4E42-900A-DEB16FDA75A0}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.VISPRO_{4BF13B26-3A95-4E42-900A-DEB16FDA75A0}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C5D14A1B-6E3E-491A-96C6-ABDEEEC4E97D}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0409-1000-0000000FF1CE}_Office15.VISPRO_{C5D14A1B-6E3E-491A-96C6-ABDEEEC4E97D}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0054-0409-1000-0000000FF1CE}_Office15.VISPRO_{5B661D9F-1BC2-42D0-AC22-8231AA3BF72D}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.VISPRO_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1931508C-C004-4983-81E3-70BE6252904B}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{1931508C-C004-4983-81E3-70BE6252904B}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E4F470B2-3601-4E1C-B291-D6B580F53136}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.VISPRO_{E4F470B2-3601-4E1C-B291-D6B580F53136}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0409-1000-0000000FF1CE}_Office15.VISPRO_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0115-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0115-0409-1000-0000000FF1CE}_Office15.VISPRO_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0117-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.0.0.0 - CANON INC.)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 37%
Total physical RAM: 8159.73 MB
Available physical RAM: 5074.69 MB
Total Virtual: 16317.67 MB
Available Virtual: 13278.23 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:119.14 GB) (Free:12.58 GB) NTFS
3 Drive e: (HDD) (Fixed) (Total:931.51 GB) (Free:449.61 GB) NTFS
4 Drive f: (15.0.4420.1017) (CDROM) (Total:0.79 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\LEVIATHAN
 
Administrator            Blaire                   David                    
Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
 
**** End of log ****


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 21 October 2015 - 09:00 AM


Did you by any chance delete this section.
List last 10 Event Viewer log

Other than that your log looks clean.
===

Check this out.

Diagnosing memory problems on your computer
http://windows.microsoft.com/en-ca/windows7/diagnosing-memory-problems-on-your-computer

#13 SpreadableFruit

SpreadableFruit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 22 October 2015 - 10:28 PM

Must have missed that checkbox... here's something interesting, there's a Akamai NetSession Interface error occurring at the same ~42sec interval as the window deselect issue

 

 

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by David (administrator) on 22-10-2015 at 20:21:06
Running from "C:\Users\David\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: To be filled by O.E.M. Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/22/2015 08:20:28 PM) (Source: MsiInstaller) (User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/22/2015 08:19:46 PM) (Source: MsiInstaller) (User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/22/2015 08:19:03 PM) (Source: MsiInstaller) (User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/22/2015 08:18:21 PM) (Source: MsiInstaller) (User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/22/2015 08:17:39 PM) (Source: MsiInstaller) (User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/22/2015 08:16:56 PM) (Source: MsiInstaller) (User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/22/2015 08:16:14 PM) (Source: MsiInstaller) (User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/22/2015 08:15:31 PM) (Source: MsiInstaller) (User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/22/2015 08:14:49 PM) (Source: MsiInstaller) (User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (10/22/2015 08:14:06 PM) (Source: MsiInstaller) (User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
 
System errors:
=============
Error: (10/22/2015 07:15:25 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/22/2015 07:15:25 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/22/2015 07:15:25 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
 
Error: (10/22/2015 07:21:22 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/22/2015 07:21:22 AM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/22/2015 07:21:22 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801
 
Error: (10/22/2015 07:21:22 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/22/2015 07:21:22 AM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/22/2015 07:21:22 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801
 
Error: (10/22/2015 06:49:58 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
 
Microsoft Office Sessions:
=========================
Error: (10/22/2015 08:20:28 PM) (Source: MsiInstaller)(User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (10/22/2015 08:19:46 PM) (Source: MsiInstaller)(User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (10/22/2015 08:19:03 PM) (Source: MsiInstaller)(User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (10/22/2015 08:18:21 PM) (Source: MsiInstaller)(User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (10/22/2015 08:17:39 PM) (Source: MsiInstaller)(User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (10/22/2015 08:16:56 PM) (Source: MsiInstaller)(User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (10/22/2015 08:16:14 PM) (Source: MsiInstaller)(User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (10/22/2015 08:15:31 PM) (Source: MsiInstaller)(User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (10/22/2015 08:14:49 PM) (Source: MsiInstaller)(User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (10/22/2015 08:14:06 PM) (Source: MsiInstaller)(User: Leviathan)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\David\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-10-19 21:07:32.841
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-19 21:07:32.778
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-07-31 22:53:04.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-31 22:38:34.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-11 16:16:54.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-11 16:10:25.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-28 17:43:43.597
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-28 17:43:43.519
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
**** End of log ****


#14 SpreadableFruit

SpreadableFruit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 22 October 2015 - 10:43 PM

The memory diagnostic tool didn't come up with any problems after restart



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 PM

Posted 23 October 2015 - 09:13 AM

An application is using this program to download/update it's files.


C:\Users\David\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory

Right click on the Akamai folder and select properties. Make sure you have access to it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users