Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Acting Funny, lot of network connections, slow - Combofix Log Attached


  • This topic is locked This topic is locked
9 replies to this topic

#1 ryanjpfaff

ryanjpfaff

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 07 November 2015 - 09:06 AM

Thanks in advance for any help, I ran combofix before I got here sorry if I jumped the gun.  
 
 
 
ComboFix 15-11-05.01 - RyanTix 11/07/2015   6:25.1.12 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.65453.60693 [GMT -7:00]
Running from: c:\users\RyanTix\Documents\123.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-07 to 2015-11-07  )))))))))))))))))))))))))))))))
.
.
2015-11-07 13:28 . 2015-11-07 13:28 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2015-11-07 13:28 . 2015-11-07 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-07 10:09 . 2015-11-07 10:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-11-07 00:01 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9429D6C-127E-42AF-8B88-E0BD788F4191}\mpengine.dll
2015-10-16 08:58 . 2015-10-16 08:58 189136 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2015-10-15 06:18 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 06:18 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 06:18 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 06:18 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 06:18 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 06:18 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll
2015-10-15 06:18 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-10-14 09:59 . 2015-09-29 03:16 5569472 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-07 10:09 . 2015-07-07 22:40 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-10-30 12:40 . 2015-05-06 04:48 632432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-10-29 20:11 . 2015-04-29 19:03 122400 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2015-10-29 20:11 . 2015-04-29 19:03 35328 ----a-w- c:\windows\system32\LMIport.dll
2015-10-29 20:11 . 2015-04-29 19:03 107008 ----a-w- c:\windows\system32\LMIinit.dll
2015-10-17 08:41 . 2015-04-26 07:07 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-17 08:41 . 2015-04-26 07:07 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-15 09:02 . 2015-04-26 07:38 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-09-29 02:58 . 2015-10-14 09:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-02 03:04 . 2015-09-09 13:57 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 13:57 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 13:57 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 13:57 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 13:57 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 13:57 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 13:57 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 13:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-09 13:57 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-09 13:57 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 13:57 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-09 13:57 2004480 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-09 13:57 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-09 13:57 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-09 13:57 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-09 13:57 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-09 13:57 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-09 13:57 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 13:57 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-15 14:55 . 2015-04-29 19:03 122752 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2015-08-15 14:55 . 2015-04-29 19:03 107368 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ACEC6276-3D7B-4AA9-BE79-23520A23026D}]
2014-08-28 03:39 38752 ----a-w- c:\program files (x86)\Soda PDF 6\creator-ie-helper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{35251526-B7A4-44E4-8B2E-FD62AE267B82}"= "c:\program files (x86)\Soda PDF 6\creator-ie-plugin.dll" [2014-08-28 479584]
.
[HKEY_CLASSES_ROOT\clsid\{35251526-b7a4-44e4-8b2e-fd62ae267b82}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{4255D129-EA58-4912-9C1E-95A57D3865B2}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="c:\users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-19 134512]
"GoogleChromeAutoLaunch_F9D5FAED6397588C0DB5E8C28DA2DACC"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-10-20 811848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2012-03-15 286720]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-10-03 47616]
"Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2014-02-07 435712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-07 597040]
.
c:\users\RyanTix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\RyanTix\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 36711472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LULU Software CrashHandler;LULU Software CrashHandler;c:\program files (x86)\Soda PDF 6\crash-handler-ws.exe;c:\program files (x86)\Soda PDF 6\crash-handler-ws.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Soda PDF 6;Soda PDF 6;c:\program files (x86)\Soda PDF 6\ws.exe;c:\program files (x86)\Soda PDF 6\ws.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 Soda PDF 6 Creator;Soda PDF 6 Creator;c:\program files (x86)\Soda PDF 6\creator-ws.exe;c:\program files (x86)\Soda PDF 6\creator-ws.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-24 05:02 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-26 08:41]
.
2015-11-07 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1943265577-1131406837-4153604767-1000Core.job
- c:\users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:52]
.
2015-11-07 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1943265577-1131406837-4153604767-1000UA.job
- c:\users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:52]
.
2015-11-07 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1943265577-1131406837-4153604767-1000.job
- c:\users\RyanTix\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-10-29 19:59]
.
2015-11-07 c:\windows\Tasks\G2MUploadTask-S-1-5-21-1943265577-1131406837-4153604767-1000.job
- c:\users\RyanTix\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-10-29 19:59]
.
2015-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-08 01:31]
.
2015-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-08 01:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2015-02-16 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 104.251.91.113:29842
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\RyanTix\AppData\Roaming\Mozilla\Firefox\Profiles\6x4bcklr.default-1431047896472\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 104.251.83.100
FF - prefs.js: network.proxy.ftp_port - 29842
FF - prefs.js: network.proxy.http - 104.251.83.100
FF - prefs.js: network.proxy.http_port - 29842
FF - prefs.js: network.proxy.socks - 104.251.83.100
FF - prefs.js: network.proxy.socks_port - 29842
FF - prefs.js: network.proxy.ssl - 104.251.83.100
FF - prefs.js: network.proxy.ssl_port - 29842
FF - prefs.js: network.proxy.type - 1
user_pref(extensions.autoDisableScopes,14);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-11-07  06:29:02
ComboFix-quarantined-files.txt  2015-11-07 13:29
.
Pre-Run: 62,720,905,216 bytes free
Post-Run: 62,332,891,136 bytes free
.
- - End Of File - - F599B7E8CA5D67F4B809660EE8EEE1D9
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 PM

Posted 09 November 2015 - 11:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#3 ryanjpfaff

ryanjpfaff
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 09 November 2015 - 11:12 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by RyanTix (administrator) on RYANTIX-PC (09-11-2015 09:09:29)
Running from C:\Users\RyanTix\Desktop
Loaded Profiles: RyanTix (Available Profiles: RyanTix & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LULU SOFTWARE LIMITED) C:\Program Files (x86)\Soda PDF 6\creator-ws.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(Dropbox, Inc.) C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Orbiscom Ltd.) C:\Windows\SysWOW64\OBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-02-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-03-15] (Intel Corporation)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-10-03] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [Virtual Account Numbers] => C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe [435712 2014-02-07] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-1943265577-1131406837-4153604767-1000\...\Run: [Dropbox Update] => C:\Users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-1943265577-1131406837-4153604767-1000\...\Run: [GoogleChromeAutoLaunch_F9D5FAED6397588C0DB5E8C28DA2DACC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\Users\RyanTix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1943265577-1131406837-4153604767-1000] => 104.251.91.113:29842
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3FA49138-AED4-4259-A325-619D4DD75A9B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{63235F66-C246-42A3-823A-778877255591}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1943265577-1131406837-4153604767-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1943265577-1131406837-4153604767-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1943265577-1131406837-4153604767-1000 -> DefaultScope {56D20242-FC95-46F1-96E5-052F16501B36} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1943265577-1131406837-4153604767-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1943265577-1131406837-4153604767-1000 -> {56D20242-FC95-46F1-96E5-052F16501B36} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-30] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
BHO-x32: Virtual Account Numbers Helper -> {17424104-1444-4810-85D7-B4DA413C5A9A} -> C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll [2014-01-07] (Orbiscom Ltd. All rights reserved.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-07] (Oracle Corporation)
BHO-x32: Soda PDF 6 Helper -> {ACEC6276-3D7B-4AA9-BE79-23520A23026D} -> C:\Program Files (x86)\Soda PDF 6\creator-ie-helper.dll [2014-08-27] (LULU SOFTWARE LIMITED)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-07] (Oracle Corporation)
Toolbar: HKLM-x32 - Soda PDF 6 Toolbar - {35251526-B7A4-44E4-8B2E-FD62AE267B82} - C:\Program Files (x86)\Soda PDF 6\creator-ie-plugin.dll [2014-08-27] (LULU SOFTWARE LIMITED)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll [2014-01-07] (Orbiscom Ltd. All rights reserved.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-05] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\RyanTix\AppData\Roaming\Mozilla\Firefox\Profiles\6x4bcklr.default-1431047896472
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "198.71.85.134"
FF NetworkProxy: "backup.ftp_port", 29842
FF NetworkProxy: "backup.socks", "198.71.85.134"
FF NetworkProxy: "backup.socks_port", 29842
FF NetworkProxy: "backup.ssl", "198.71.85.134"
FF NetworkProxy: "backup.ssl_port", 29842
FF NetworkProxy: "ftp", "104.251.83.100"
FF NetworkProxy: "ftp_port", 29842
FF NetworkProxy: "http", "104.251.83.100"
FF NetworkProxy: "http_port", 29842
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "104.251.83.100"
FF NetworkProxy: "socks_port", 29842
FF NetworkProxy: "ssl", "104.251.83.100"
FF NetworkProxy: "ssl_port", 29842
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-22] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: Soda PDF 6 -> C:\Program Files (x86)\Soda PDF 6\np-previewer.dll [2014-08-27] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-1943265577-1131406837-4153604767-1000: @citrixonline.com/appdetectorplugin -> C:\Users\RyanTix\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-28] (Citrix Online)
FF Extension: AwardWallet - C:\Users\RyanTix\AppData\Roaming\Mozilla\Firefox\Profiles\6x4bcklr.default-1431047896472\Extensions\6200cc7406cd11e1a68a12313d1adcbe@jetpack.xpi [2015-06-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_6_conv@sodapdf.com] - C:\Program Files (x86)\Soda PDF 6\resources\firefoxextension
FF Extension: Soda PDF 6 Creator - C:\Program Files (x86)\Soda PDF 6\resources\firefoxextension [2015-04-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Virtual Account Numbers
FF Extension: Virtual Account Numbers for Firefox - C:\Program Files (x86)\Virtual Account Numbers [2015-06-01] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?tab=wm&pli=1#inbox","hxxp://showsonsale.com/memberhome.aspx","hxxps://mail.google.com/mail/u/1/?tab=wm&pli=1#inbox","hxxps://1ticket.com/tickets_tm.asp"
CHR Profile: C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (AwardWallet) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lppkddfmnlpjbojooindbmcokchjgbib [2015-07-17]
CHR Extension: (ZIP Extractor) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2015-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-03-17] () [File not signed]
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-03-15] (Intel Corporation) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-11-09] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-11-09] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-02-16] (LogMeIn, Inc.)
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [744800 2014-08-27] (LULU SOFTWARE LIMITED)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Soda PDF 6; C:\Program Files (x86)\Soda PDF 6\ws.exe [1655136 2014-08-27] (LULU SOFTWARE LIMITED)
R2 Soda PDF 6 Creator; C:\Program Files (x86)\Soda PDF 6\creator-ws.exe [621408 2014-08-27] (LULU SOFTWARE LIMITED)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [70912 2011-10-03] (Fresco Logic)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-05-07] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-15] (Intel Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-02-16] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-06] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-09 09:09 - 2015-11-09 09:09 - 02198528 _____ (Farbar) C:\Users\RyanTix\Desktop\FRST64.exe
2015-11-09 09:09 - 2015-11-09 09:09 - 00019554 _____ C:\Users\RyanTix\Desktop\FRST.txt
2015-11-09 09:09 - 2015-11-09 09:09 - 00000000 ____D C:\FRST
2015-11-09 09:06 - 2015-11-09 09:07 - 00000000 ____D C:\AdwCleaner
2015-11-09 09:05 - 2015-11-09 09:05 - 01712128 _____ C:\Users\RyanTix\Downloads\AdwCleaner.exe
2015-11-09 08:57 - 2015-11-09 08:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\RyanTix\Downloads\HijackThis.exe
2015-11-09 08:57 - 2015-11-09 08:57 - 00010538 _____ C:\Users\RyanTix\Downloads\hijackthis.log
2015-11-09 08:31 - 2015-11-09 08:31 - 00688992 ____R (Swearware) C:\Users\RyanTix\Desktop\dds.scr
2015-11-09 08:31 - 2015-11-09 08:31 - 00023485 _____ C:\Users\RyanTix\Desktop\dds.txt
2015-11-09 08:31 - 2015-11-09 08:31 - 00004250 _____ C:\Users\RyanTix\Desktop\attach.txt
2015-11-09 07:45 - 2015-11-09 07:45 - 00001267 _____ C:\Users\RyanTix\Documents\Automatick-Accounts.txt
2015-11-09 07:10 - 2015-11-09 07:10 - 157732311 _____ C:\Users\RyanTix\Downloads\319.tmp
2015-11-07 06:29 - 2015-11-07 06:29 - 00027280 _____ C:\ComboFix.txt
2015-11-07 06:25 - 2015-11-07 06:29 - 00000000 ____D C:\Qoobox
2015-11-07 06:25 - 2015-11-07 06:28 - 00000000 ____D C:\Windows\erdnt
2015-11-07 06:25 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-07 06:25 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-07 06:25 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-07 06:25 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-07 06:25 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-07 06:25 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-07 06:25 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-07 06:25 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-07 06:24 - 2015-11-07 06:24 - 05637844 ____R (Swearware) C:\Users\RyanTix\Documents\123.exe
2015-11-07 05:50 - 2015-11-09 09:08 - 00000022 _____ C:\Windows\S.dirmngr
2015-11-07 05:47 - 2015-11-07 05:47 - 00002878 _____ C:\Users\RyanTix\Documents\scan.txt
2015-11-06 14:50 - 2015-11-07 04:48 - 00000000 ____D C:\Users\RyanTix\Documents\LuisReza
2015-11-03 10:53 - 2015-11-07 03:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-29 12:59 - 2015-11-09 08:19 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1943265577-1131406837-4153604767-1000.job
2015-10-29 12:59 - 2015-11-09 07:11 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1943265577-1131406837-4153604767-1000.job
2015-10-29 12:59 - 2015-10-29 12:59 - 00304848 _____ (Citrix Online) C:\Users\RyanTix\Downloads\GoToWebinar Launcher(1).exe
2015-10-29 12:59 - 2015-10-29 12:59 - 00003704 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1943265577-1131406837-4153604767-1000
2015-10-29 12:59 - 2015-10-29 12:59 - 00003608 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1943265577-1131406837-4153604767-1000
2015-10-20 17:14 - 2015-10-21 06:20 - 00429304 _____ C:\Users\RyanTix\Downloads\telluridebets.xlsm
2015-10-19 14:24 - 2015-10-19 14:24 - 00000000 ____D C:\Users\RyanTix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-16 08:14 - 2015-10-16 08:14 - 00005462 _____ C:\Users\RyanTix\Desktop\10-16PRIOXIES.txt
2015-10-14 23:18 - 2015-09-18 12:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-14 23:18 - 2015-09-18 12:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-14 23:18 - 2015-09-18 12:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-14 23:18 - 2015-09-18 12:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-14 23:18 - 2015-09-18 12:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-14 23:18 - 2015-09-18 12:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 23:18 - 2015-09-18 12:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 03:00 - 2015-09-25 11:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 03:00 - 2015-09-25 11:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 03:00 - 2015-09-25 11:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 03:00 - 2015-09-25 11:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 03:00 - 2015-09-25 10:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 03:00 - 2015-09-25 10:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 03:00 - 2015-09-25 10:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 03:00 - 2015-09-25 10:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 03:00 - 2015-09-25 10:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 03:00 - 2015-09-18 12:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 03:00 - 2015-09-18 11:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 03:00 - 2015-09-15 21:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 03:00 - 2015-09-15 21:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 03:00 - 2015-09-15 21:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 03:00 - 2015-09-15 21:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 03:00 - 2015-09-15 21:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 03:00 - 2015-09-15 21:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 03:00 - 2015-09-15 21:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 03:00 - 2015-09-15 21:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 03:00 - 2015-09-15 21:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 03:00 - 2015-09-15 21:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 03:00 - 2015-09-15 21:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 03:00 - 2015-09-15 21:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 03:00 - 2015-09-15 21:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 03:00 - 2015-09-15 21:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 03:00 - 2015-09-15 21:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 03:00 - 2015-09-15 21:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 03:00 - 2015-09-15 21:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 03:00 - 2015-09-15 21:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 03:00 - 2015-09-15 20:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 03:00 - 2015-09-15 20:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 03:00 - 2015-09-15 20:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 03:00 - 2015-09-15 20:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 03:00 - 2015-09-15 20:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 03:00 - 2015-09-15 20:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 03:00 - 2015-09-15 20:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 03:00 - 2015-09-15 20:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 03:00 - 2015-09-15 20:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 03:00 - 2015-09-15 20:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 03:00 - 2015-09-15 20:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 03:00 - 2015-09-15 20:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 03:00 - 2015-09-15 20:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 03:00 - 2015-09-15 20:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 03:00 - 2015-09-15 20:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 03:00 - 2015-09-15 20:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 03:00 - 2015-09-15 20:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 03:00 - 2015-09-15 20:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 03:00 - 2015-09-15 20:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 03:00 - 2015-09-15 20:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 03:00 - 2015-09-15 20:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 03:00 - 2015-09-15 20:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 03:00 - 2015-09-15 20:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 03:00 - 2015-09-15 20:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 03:00 - 2015-09-15 20:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 03:00 - 2015-09-15 20:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 03:00 - 2015-09-15 20:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 03:00 - 2015-09-15 20:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 03:00 - 2015-09-15 20:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 03:00 - 2015-09-15 20:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 03:00 - 2015-09-15 20:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 03:00 - 2015-09-15 20:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 03:00 - 2015-09-15 20:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 03:00 - 2015-09-15 20:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 03:00 - 2015-09-15 19:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 03:00 - 2015-09-15 19:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 03:00 - 2015-09-15 19:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 03:00 - 2015-09-15 19:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 03:00 - 2015-09-15 19:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 03:00 - 2015-09-15 19:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 03:00 - 2015-09-15 19:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 03:00 - 2015-09-15 19:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 03:00 - 2015-09-15 19:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 03:00 - 2015-09-15 19:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 03:00 - 2015-08-06 11:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 03:00 - 2015-08-06 11:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 03:00 - 2015-08-06 10:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 03:00 - 2015-08-06 10:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 02:59 - 2015-10-01 11:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 02:59 - 2015-10-01 11:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 02:59 - 2015-10-01 11:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 02:59 - 2015-10-01 11:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 02:59 - 2015-10-01 11:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 02:59 - 2015-10-01 11:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 02:59 - 2015-10-01 11:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 02:59 - 2015-10-01 10:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 02:59 - 2015-10-01 10:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 02:59 - 2015-09-28 20:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 02:59 - 2015-09-28 20:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 02:59 - 2015-09-28 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 02:59 - 2015-09-28 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 02:59 - 2015-09-28 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 02:59 - 2015-09-28 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 02:59 - 2015-09-28 20:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 02:59 - 2015-09-28 20:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 02:59 - 2015-09-28 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 02:59 - 2015-09-28 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 02:59 - 2015-09-28 20:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 02:59 - 2015-09-28 19:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 02:59 - 2015-09-28 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 02:59 - 2015-09-28 19:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 02:59 - 2015-09-28 19:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 02:59 - 2015-09-28 19:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 02:59 - 2015-09-28 19:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 02:59 - 2015-09-28 19:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 02:59 - 2015-09-28 19:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 02:59 - 2015-09-28 19:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 02:59 - 2015-09-28 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 18:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 02:59 - 2015-09-28 18:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 02:59 - 2015-09-28 18:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 02:59 - 2015-09-28 18:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 02:59 - 2015-09-28 18:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 02:59 - 2015-09-28 18:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 18:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 18:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 18:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 02:59 - 2015-09-15 11:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 02:59 - 2015-09-15 11:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 02:59 - 2015-09-15 11:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 02:59 - 2015-09-15 11:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 02:59 - 2015-09-15 11:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 02:59 - 2015-09-15 11:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 02:59 - 2015-09-15 11:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 02:59 - 2015-09-15 11:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 02:59 - 2015-09-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 02:59 - 2015-09-15 10:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 02:59 - 2015-09-15 10:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 02:59 - 2015-09-15 10:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 02:59 - 2015-09-15 10:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 15:00 - 2015-10-13 15:02 - 00000000 ____D C:\Users\RyanTix\Documents\GabrielHjorth
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-09 09:09 - 2015-04-25 23:11 - 01207711 _____ C:\Windows\WindowsUpdate.log
2015-11-09 09:08 - 2015-05-07 18:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-09 09:08 - 2015-04-29 12:03 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-11-09 09:08 - 2015-04-29 12:03 - 00107008 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-11-09 09:08 - 2015-04-29 12:03 - 00035328 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-11-09 09:08 - 2015-04-29 12:03 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-11-09 09:08 - 2015-04-29 12:03 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-11-09 09:08 - 2015-04-29 12:03 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-11-09 09:08 - 2015-04-26 01:39 - 00000000 ___RD C:\Users\RyanTix\Dropbox
2015-11-09 09:08 - 2015-04-26 01:36 - 00000000 ____D C:\Users\RyanTix\AppData\Roaming\Dropbox
2015-11-09 09:08 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-09 09:07 - 2015-08-30 08:34 - 00029006 _____ C:\Windows\PFRO.log
2015-11-09 09:07 - 2015-08-17 23:44 - 00002520 _____ C:\Windows\setupact.log
2015-11-09 09:07 - 2015-04-25 23:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-09 08:59 - 2009-07-13 22:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-09 08:52 - 2015-04-29 12:03 - 00000000 ____D C:\ProgramData\LogMeIn
2015-11-09 08:41 - 2015-04-26 00:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-09 08:03 - 2015-06-19 08:52 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1943265577-1131406837-4153604767-1000UA.job
2015-11-09 08:03 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-09 08:03 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-09 08:01 - 2015-05-07 18:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-09 07:45 - 2015-06-15 03:30 - 00001267 _____ C:\Users\RyanTix\Desktop\Automatick-Accounts.txt
2015-11-08 17:03 - 2015-06-19 08:52 - 00000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1943265577-1131406837-4153604767-1000Core.job
2015-11-07 07:26 - 2015-08-17 21:37 - 00007636 _____ C:\Users\RyanTix\AppData\Local\Resmon.ResmonCfg
2015-11-07 06:29 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default
2015-11-07 06:28 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2015-11-07 03:31 - 2015-04-26 01:30 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-07 03:18 - 2015-07-06 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 03:16 - 2015-09-16 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KVS Tool
2015-11-07 03:10 - 2015-04-26 00:42 - 00000000 ____D C:\ProgramData\Oracle
2015-11-07 03:09 - 2015-09-30 14:42 - 00000000 ____D C:\Users\RyanTix\.oracle_jre_usage
2015-11-07 03:09 - 2015-07-07 15:40 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-07 03:09 - 2015-07-07 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-07 03:09 - 2015-07-07 15:40 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-04 11:36 - 2015-06-01 17:11 - 00000000 ____D C:\Users\RyanTix\Desktop\Tor Browser
2015-10-30 05:41 - 2015-05-05 21:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-29 12:59 - 2015-05-28 12:50 - 00000000 ____D C:\Users\RyanTix\AppData\Local\Citrix
2015-10-29 12:19 - 2015-04-26 01:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-26 08:06 - 2015-04-26 02:02 - 00000000 ____D C:\Users\RyanTix\Documents\Soda PDF 6
2015-10-23 22:03 - 2015-05-07 18:32 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-17 01:41 - 2015-04-26 00:07 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 01:41 - 2015-04-26 00:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 01:41 - 2015-04-26 00:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-15 04:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-10-15 02:21 - 2015-04-26 01:43 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 02:21 - 2015-04-26 01:43 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 02:06 - 2015-04-26 00:38 - 00000000 ____D C:\Windows\system32\MRT
2015-10-15 02:02 - 2015-04-26 00:38 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-12 11:36 - 2015-04-26 07:00 - 00000000 ____D C:\Tickpro
 
==================== Files in the root of some directories =======
 
2015-08-26 07:48 - 2015-08-26 07:48 - 0002172 _____ () C:\Users\RyanTix\AppData\Local\recently-used.xbel
2015-08-17 21:37 - 2015-11-07 07:26 - 0007636 _____ () C:\Users\RyanTix\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\RyanTix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppgo_pa.dll
C:\Users\RyanTix\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-30 23:56
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by RyanTix (administrator) on RYANTIX-PC (09-11-2015 09:09:29)
Running from C:\Users\RyanTix\Desktop
Loaded Profiles: RyanTix (Available Profiles: RyanTix & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LULU SOFTWARE LIMITED) C:\Program Files (x86)\Soda PDF 6\creator-ws.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(Dropbox, Inc.) C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Orbiscom Ltd.) C:\Windows\SysWOW64\OBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-02-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-03-15] (Intel Corporation)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-10-03] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [Virtual Account Numbers] => C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe [435712 2014-02-07] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-1943265577-1131406837-4153604767-1000\...\Run: [Dropbox Update] => C:\Users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-1943265577-1131406837-4153604767-1000\...\Run: [GoogleChromeAutoLaunch_F9D5FAED6397588C0DB5E8C28DA2DACC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\Users\RyanTix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1943265577-1131406837-4153604767-1000] => 104.251.91.113:29842
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3FA49138-AED4-4259-A325-619D4DD75A9B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{63235F66-C246-42A3-823A-778877255591}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1943265577-1131406837-4153604767-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1943265577-1131406837-4153604767-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1943265577-1131406837-4153604767-1000 -> DefaultScope {56D20242-FC95-46F1-96E5-052F16501B36} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1943265577-1131406837-4153604767-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1943265577-1131406837-4153604767-1000 -> {56D20242-FC95-46F1-96E5-052F16501B36} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-30] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
BHO-x32: Virtual Account Numbers Helper -> {17424104-1444-4810-85D7-B4DA413C5A9A} -> C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll [2014-01-07] (Orbiscom Ltd. All rights reserved.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-07] (Oracle Corporation)
BHO-x32: Soda PDF 6 Helper -> {ACEC6276-3D7B-4AA9-BE79-23520A23026D} -> C:\Program Files (x86)\Soda PDF 6\creator-ie-helper.dll [2014-08-27] (LULU SOFTWARE LIMITED)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-07] (Oracle Corporation)
Toolbar: HKLM-x32 - Soda PDF 6 Toolbar - {35251526-B7A4-44E4-8B2E-FD62AE267B82} - C:\Program Files (x86)\Soda PDF 6\creator-ie-plugin.dll [2014-08-27] (LULU SOFTWARE LIMITED)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll [2014-01-07] (Orbiscom Ltd. All rights reserved.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-05] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\RyanTix\AppData\Roaming\Mozilla\Firefox\Profiles\6x4bcklr.default-1431047896472
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "198.71.85.134"
FF NetworkProxy: "backup.ftp_port", 29842
FF NetworkProxy: "backup.socks", "198.71.85.134"
FF NetworkProxy: "backup.socks_port", 29842
FF NetworkProxy: "backup.ssl", "198.71.85.134"
FF NetworkProxy: "backup.ssl_port", 29842
FF NetworkProxy: "ftp", "104.251.83.100"
FF NetworkProxy: "ftp_port", 29842
FF NetworkProxy: "http", "104.251.83.100"
FF NetworkProxy: "http_port", 29842
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "104.251.83.100"
FF NetworkProxy: "socks_port", 29842
FF NetworkProxy: "ssl", "104.251.83.100"
FF NetworkProxy: "ssl_port", 29842
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-22] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: Soda PDF 6 -> C:\Program Files (x86)\Soda PDF 6\np-previewer.dll [2014-08-27] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-1943265577-1131406837-4153604767-1000: @citrixonline.com/appdetectorplugin -> C:\Users\RyanTix\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-28] (Citrix Online)
FF Extension: AwardWallet - C:\Users\RyanTix\AppData\Roaming\Mozilla\Firefox\Profiles\6x4bcklr.default-1431047896472\Extensions\6200cc7406cd11e1a68a12313d1adcbe@jetpack.xpi [2015-06-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_6_conv@sodapdf.com] - C:\Program Files (x86)\Soda PDF 6\resources\firefoxextension
FF Extension: Soda PDF 6 Creator - C:\Program Files (x86)\Soda PDF 6\resources\firefoxextension [2015-04-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Virtual Account Numbers
FF Extension: Virtual Account Numbers for Firefox - C:\Program Files (x86)\Virtual Account Numbers [2015-06-01] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?tab=wm&pli=1#inbox","hxxp://showsonsale.com/memberhome.aspx","hxxps://mail.google.com/mail/u/1/?tab=wm&pli=1#inbox","hxxps://1ticket.com/tickets_tm.asp"
CHR Profile: C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (AwardWallet) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lppkddfmnlpjbojooindbmcokchjgbib [2015-07-17]
CHR Extension: (ZIP Extractor) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2015-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\RyanTix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-03-17] () [File not signed]
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-03-15] (Intel Corporation) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-11-09] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-11-09] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-02-16] (LogMeIn, Inc.)
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [744800 2014-08-27] (LULU SOFTWARE LIMITED)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Soda PDF 6; C:\Program Files (x86)\Soda PDF 6\ws.exe [1655136 2014-08-27] (LULU SOFTWARE LIMITED)
R2 Soda PDF 6 Creator; C:\Program Files (x86)\Soda PDF 6\creator-ws.exe [621408 2014-08-27] (LULU SOFTWARE LIMITED)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [70912 2011-10-03] (Fresco Logic)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-05-07] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-03-15] (Intel Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-02-16] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-06] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-09 09:09 - 2015-11-09 09:09 - 02198528 _____ (Farbar) C:\Users\RyanTix\Desktop\FRST64.exe
2015-11-09 09:09 - 2015-11-09 09:09 - 00019554 _____ C:\Users\RyanTix\Desktop\FRST.txt
2015-11-09 09:09 - 2015-11-09 09:09 - 00000000 ____D C:\FRST
2015-11-09 09:06 - 2015-11-09 09:07 - 00000000 ____D C:\AdwCleaner
2015-11-09 09:05 - 2015-11-09 09:05 - 01712128 _____ C:\Users\RyanTix\Downloads\AdwCleaner.exe
2015-11-09 08:57 - 2015-11-09 08:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\RyanTix\Downloads\HijackThis.exe
2015-11-09 08:57 - 2015-11-09 08:57 - 00010538 _____ C:\Users\RyanTix\Downloads\hijackthis.log
2015-11-09 08:31 - 2015-11-09 08:31 - 00688992 ____R (Swearware) C:\Users\RyanTix\Desktop\dds.scr
2015-11-09 08:31 - 2015-11-09 08:31 - 00023485 _____ C:\Users\RyanTix\Desktop\dds.txt
2015-11-09 08:31 - 2015-11-09 08:31 - 00004250 _____ C:\Users\RyanTix\Desktop\attach.txt
2015-11-09 07:45 - 2015-11-09 07:45 - 00001267 _____ C:\Users\RyanTix\Documents\Automatick-Accounts.txt
2015-11-09 07:10 - 2015-11-09 07:10 - 157732311 _____ C:\Users\RyanTix\Downloads\319.tmp
2015-11-07 06:29 - 2015-11-07 06:29 - 00027280 _____ C:\ComboFix.txt
2015-11-07 06:25 - 2015-11-07 06:29 - 00000000 ____D C:\Qoobox
2015-11-07 06:25 - 2015-11-07 06:28 - 00000000 ____D C:\Windows\erdnt
2015-11-07 06:25 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-07 06:25 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-07 06:25 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-07 06:25 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-07 06:25 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-07 06:25 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-07 06:25 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-07 06:25 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-07 06:24 - 2015-11-07 06:24 - 05637844 ____R (Swearware) C:\Users\RyanTix\Documents\123.exe
2015-11-07 05:50 - 2015-11-09 09:08 - 00000022 _____ C:\Windows\S.dirmngr
2015-11-07 05:47 - 2015-11-07 05:47 - 00002878 _____ C:\Users\RyanTix\Documents\scan.txt
2015-11-06 14:50 - 2015-11-07 04:48 - 00000000 ____D C:\Users\RyanTix\Documents\LuisReza
2015-11-03 10:53 - 2015-11-07 03:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-29 12:59 - 2015-11-09 08:19 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1943265577-1131406837-4153604767-1000.job
2015-10-29 12:59 - 2015-11-09 07:11 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1943265577-1131406837-4153604767-1000.job
2015-10-29 12:59 - 2015-10-29 12:59 - 00304848 _____ (Citrix Online) C:\Users\RyanTix\Downloads\GoToWebinar Launcher(1).exe
2015-10-29 12:59 - 2015-10-29 12:59 - 00003704 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1943265577-1131406837-4153604767-1000
2015-10-29 12:59 - 2015-10-29 12:59 - 00003608 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1943265577-1131406837-4153604767-1000
2015-10-20 17:14 - 2015-10-21 06:20 - 00429304 _____ C:\Users\RyanTix\Downloads\telluridebets.xlsm
2015-10-19 14:24 - 2015-10-19 14:24 - 00000000 ____D C:\Users\RyanTix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-16 08:14 - 2015-10-16 08:14 - 00005462 _____ C:\Users\RyanTix\Desktop\10-16PRIOXIES.txt
2015-10-14 23:18 - 2015-09-18 12:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-14 23:18 - 2015-09-18 12:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-14 23:18 - 2015-09-18 12:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-14 23:18 - 2015-09-18 12:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-14 23:18 - 2015-09-18 12:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-14 23:18 - 2015-09-18 12:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 23:18 - 2015-09-18 12:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 03:00 - 2015-09-25 11:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 03:00 - 2015-09-25 11:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 03:00 - 2015-09-25 11:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 03:00 - 2015-09-25 11:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 03:00 - 2015-09-25 11:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 03:00 - 2015-09-25 10:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 03:00 - 2015-09-25 10:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 03:00 - 2015-09-25 10:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 03:00 - 2015-09-25 10:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 03:00 - 2015-09-25 10:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 03:00 - 2015-09-18 12:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 03:00 - 2015-09-18 11:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 03:00 - 2015-09-15 21:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 03:00 - 2015-09-15 21:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 03:00 - 2015-09-15 21:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 03:00 - 2015-09-15 21:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 03:00 - 2015-09-15 21:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 03:00 - 2015-09-15 21:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 03:00 - 2015-09-15 21:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 03:00 - 2015-09-15 21:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 03:00 - 2015-09-15 21:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 03:00 - 2015-09-15 21:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 03:00 - 2015-09-15 21:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 03:00 - 2015-09-15 21:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 03:00 - 2015-09-15 21:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 03:00 - 2015-09-15 21:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 03:00 - 2015-09-15 21:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 03:00 - 2015-09-15 21:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 03:00 - 2015-09-15 21:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 03:00 - 2015-09-15 21:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 03:00 - 2015-09-15 20:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 03:00 - 2015-09-15 20:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 03:00 - 2015-09-15 20:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 03:00 - 2015-09-15 20:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 03:00 - 2015-09-15 20:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 03:00 - 2015-09-15 20:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 03:00 - 2015-09-15 20:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 03:00 - 2015-09-15 20:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 03:00 - 2015-09-15 20:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 03:00 - 2015-09-15 20:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 03:00 - 2015-09-15 20:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 03:00 - 2015-09-15 20:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 03:00 - 2015-09-15 20:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 03:00 - 2015-09-15 20:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 03:00 - 2015-09-15 20:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 03:00 - 2015-09-15 20:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 03:00 - 2015-09-15 20:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 03:00 - 2015-09-15 20:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 03:00 - 2015-09-15 20:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 03:00 - 2015-09-15 20:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 03:00 - 2015-09-15 20:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 03:00 - 2015-09-15 20:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 03:00 - 2015-09-15 20:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 03:00 - 2015-09-15 20:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 03:00 - 2015-09-15 20:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 03:00 - 2015-09-15 20:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 03:00 - 2015-09-15 20:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 03:00 - 2015-09-15 20:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 03:00 - 2015-09-15 20:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 03:00 - 2015-09-15 20:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 03:00 - 2015-09-15 20:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 03:00 - 2015-09-15 20:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 03:00 - 2015-09-15 20:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 03:00 - 2015-09-15 20:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 03:00 - 2015-09-15 19:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 03:00 - 2015-09-15 19:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 03:00 - 2015-09-15 19:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 03:00 - 2015-09-15 19:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 03:00 - 2015-09-15 19:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 03:00 - 2015-09-15 19:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 03:00 - 2015-09-15 19:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 03:00 - 2015-09-15 19:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 03:00 - 2015-09-15 19:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 03:00 - 2015-09-15 19:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 03:00 - 2015-08-06 11:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 03:00 - 2015-08-06 11:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 03:00 - 2015-08-06 10:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 03:00 - 2015-08-06 10:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 02:59 - 2015-10-01 11:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 02:59 - 2015-10-01 11:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 02:59 - 2015-10-01 11:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 02:59 - 2015-10-01 11:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 02:59 - 2015-10-01 11:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 02:59 - 2015-10-01 11:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 02:59 - 2015-10-01 11:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 02:59 - 2015-10-01 10:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 02:59 - 2015-10-01 10:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 02:59 - 2015-09-28 20:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 02:59 - 2015-09-28 20:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 02:59 - 2015-09-28 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 02:59 - 2015-09-28 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 02:59 - 2015-09-28 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 02:59 - 2015-09-28 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 02:59 - 2015-09-28 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 02:59 - 2015-09-28 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 02:59 - 2015-09-28 20:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 02:59 - 2015-09-28 20:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 02:59 - 2015-09-28 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 02:59 - 2015-09-28 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 02:59 - 2015-09-28 20:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 02:59 - 2015-09-28 19:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 02:59 - 2015-09-28 19:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 02:59 - 2015-09-28 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 02:59 - 2015-09-28 19:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 02:59 - 2015-09-28 19:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 02:59 - 2015-09-28 19:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 02:59 - 2015-09-28 19:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 02:59 - 2015-09-28 19:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 02:59 - 2015-09-28 19:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 02:59 - 2015-09-28 19:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 02:59 - 2015-09-28 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 19:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 18:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 02:59 - 2015-09-28 18:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 02:59 - 2015-09-28 18:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 02:59 - 2015-09-28 18:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 02:59 - 2015-09-28 18:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 02:59 - 2015-09-28 18:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 18:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 18:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 02:59 - 2015-09-28 18:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 02:59 - 2015-09-15 11:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 02:59 - 2015-09-15 11:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 02:59 - 2015-09-15 11:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 02:59 - 2015-09-15 11:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 02:59 - 2015-09-15 11:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 02:59 - 2015-09-15 11:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 02:59 - 2015-09-15 11:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 02:59 - 2015-09-15 11:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 02:59 - 2015-09-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 02:59 - 2015-09-15 10:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 02:59 - 2015-09-15 10:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 02:59 - 2015-09-15 10:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 02:59 - 2015-09-15 10:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 02:59 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 15:00 - 2015-10-13 15:02 - 00000000 ____D C:\Users\RyanTix\Documents\GabrielHjorth
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-09 09:09 - 2015-04-25 23:11 - 01207711 _____ C:\Windows\WindowsUpdate.log
2015-11-09 09:08 - 2015-05-07 18:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-09 09:08 - 2015-04-29 12:03 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-11-09 09:08 - 2015-04-29 12:03 - 00107008 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-11-09 09:08 - 2015-04-29 12:03 - 00035328 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-11-09 09:08 - 2015-04-29 12:03 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-11-09 09:08 - 2015-04-29 12:03 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-11-09 09:08 - 2015-04-29 12:03 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-11-09 09:08 - 2015-04-26 01:39 - 00000000 ___RD C:\Users\RyanTix\Dropbox
2015-11-09 09:08 - 2015-04-26 01:36 - 00000000 ____D C:\Users\RyanTix\AppData\Roaming\Dropbox
2015-11-09 09:08 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-09 09:07 - 2015-08-30 08:34 - 00029006 _____ C:\Windows\PFRO.log
2015-11-09 09:07 - 2015-08-17 23:44 - 00002520 _____ C:\Windows\setupact.log
2015-11-09 09:07 - 2015-04-25 23:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-09 08:59 - 2009-07-13 22:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-09 08:52 - 2015-04-29 12:03 - 00000000 ____D C:\ProgramData\LogMeIn
2015-11-09 08:41 - 2015-04-26 00:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-09 08:03 - 2015-06-19 08:52 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1943265577-1131406837-4153604767-1000UA.job
2015-11-09 08:03 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-09 08:03 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-09 08:01 - 2015-05-07 18:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-09 07:45 - 2015-06-15 03:30 - 00001267 _____ C:\Users\RyanTix\Desktop\Automatick-Accounts.txt
2015-11-08 17:03 - 2015-06-19 08:52 - 00000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1943265577-1131406837-4153604767-1000Core.job
2015-11-07 07:26 - 2015-08-17 21:37 - 00007636 _____ C:\Users\RyanTix\AppData\Local\Resmon.ResmonCfg
2015-11-07 06:29 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default
2015-11-07 06:28 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2015-11-07 03:31 - 2015-04-26 01:30 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-07 03:18 - 2015-07-06 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 03:16 - 2015-09-16 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KVS Tool
2015-11-07 03:10 - 2015-04-26 00:42 - 00000000 ____D C:\ProgramData\Oracle
2015-11-07 03:09 - 2015-09-30 14:42 - 00000000 ____D C:\Users\RyanTix\.oracle_jre_usage
2015-11-07 03:09 - 2015-07-07 15:40 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-07 03:09 - 2015-07-07 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-07 03:09 - 2015-07-07 15:40 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-04 11:36 - 2015-06-01 17:11 - 00000000 ____D C:\Users\RyanTix\Desktop\Tor Browser
2015-10-30 05:41 - 2015-05-05 21:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-29 12:59 - 2015-05-28 12:50 - 00000000 ____D C:\Users\RyanTix\AppData\Local\Citrix
2015-10-29 12:19 - 2015-04-26 01:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-26 08:06 - 2015-04-26 02:02 - 00000000 ____D C:\Users\RyanTix\Documents\Soda PDF 6
2015-10-23 22:03 - 2015-05-07 18:32 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-17 01:41 - 2015-04-26 00:07 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 01:41 - 2015-04-26 00:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 01:41 - 2015-04-26 00:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-15 04:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-10-15 02:21 - 2015-04-26 01:43 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 02:21 - 2015-04-26 01:43 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 02:06 - 2015-04-26 00:38 - 00000000 ____D C:\Windows\system32\MRT
2015-10-15 02:02 - 2015-04-26 00:38 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-12 11:36 - 2015-04-26 07:00 - 00000000 ____D C:\Tickpro
 
==================== Files in the root of some directories =======
 
2015-08-26 07:48 - 2015-08-26 07:48 - 0002172 _____ () C:\Users\RyanTix\AppData\Local\recently-used.xbel
2015-08-17 21:37 - 2015-11-07 07:26 - 0007636 _____ () C:\Users\RyanTix\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\RyanTix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppgo_pa.dll
C:\Users\RyanTix\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-30 23:56
 
==================== End of FRST.txt ============================

Attached Files



#4 ryanjpfaff

ryanjpfaff
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 09 November 2015 - 11:13 AM

# AdwCleaner v5.019 - Logfile created 09/11/2015 at 09:07:06
# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : RyanTix - RYANTIX-PC
# Running from : C:\Users\RyanTix\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\oTweak
[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\ProgramData\RegClean
[-] Folder Deleted : C:\Users\RyanTix\AppData\Local\DriverToolkit
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\RyanTix\AppData\Roaming\Mozilla\Firefox\Profiles\6x4bcklr.default-1431047896472\user.js
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20B9C05C-99C9-4BAB-B596-FB0C0E1C9F55}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKCU\Software\oTweak
[-] Key Deleted : HKCU\Software\DriverToolkit
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1282 bytes] ##########
 


#5 ryanjpfaff

ryanjpfaff
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 09 November 2015 - 11:22 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/9/2015
Scan Time: 9:16 AM
Logfile: text.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.09.04
Rootkit Database: v2015.11.04.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RyanTix
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376306
Time Elapsed: 4 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 PM

Posted 09 November 2015 - 02:11 PM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1943265577-1131406837-4153604767-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 LMIRfsClientNP; no ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
AlternateDataStreams: C:\Users\RyanTix\Desktop\dd214.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\RyanTix\Desktop\dd214.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\RyanTix\Desktop\seasonpass.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\RyanTix\Desktop\seasonpass.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\RyanTix\Desktop\studentid.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\RyanTix\Desktop\studentid.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

P.S.
Are you still using this Chrome Extension?
https://chrome.google.com/webstore/detail/awardwallet/lppkddfmnlpjbojooindbmcokchjgbib/reviews

How is the computer running now?

#7 ryanjpfaff

ryanjpfaff
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 09 November 2015 - 03:36 PM

Still using that chrome extension,  fix log below

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015

Ran by RyanTix (2015-11-09 13:30:46) Run:1
Running from C:\Users\RyanTix\Desktop
Loaded Profiles: RyanTix (Available Profiles: RyanTix & LogMeInRemoteUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1943265577-1131406837-4153604767-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S4 LMIRfsClientNP; no ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
AlternateDataStreams: C:\Users\RyanTix\Desktop\dd214.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\RyanTix\Desktop\dd214.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\RyanTix\Desktop\seasonpass.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\RyanTix\Desktop\seasonpass.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\RyanTix\Desktop\studentid.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\RyanTix\Desktop\studentid.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1943265577-1131406837-4153604767-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
LMIRfsClientNP => service removed successfully
MBAMSwissArmy => service not found.
NvStreamKms => service removed successfully
nvvad_WaveExtensible => service removed successfully
"C:\Users\RyanTix\Desktop\dd214.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\RyanTix\Desktop\dd214.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\RyanTix\Desktop\seasonpass.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\RyanTix\Desktop\seasonpass.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\RyanTix\Desktop\studentid.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\RyanTix\Desktop\studentid.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
EmptyTemp: => 929.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:32:14 ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 PM

Posted 10 November 2015 - 09:48 AM

Any remaining issues?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 PM

Posted 16 November 2015 - 09:46 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 PM

Posted 22 November 2015 - 08:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users