Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent last week, now CrackTool.agent


  • This topic is locked This topic is locked
18 replies to this topic

#1 itsdot

itsdot

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 PM

Posted 10 November 2015 - 05:38 PM

Like everyone else who writes, I need HELP. Last week I ended up with Trojan.Agent on my computer but was able to get rid of it with Malwarebytes and several other programs. A couple of days ago I noticed I have no sound on my computer. I ran Malwarebytes again and it found and quarantined CrackTool.Agent. I went ahead and deleted it thinking that would solve my problem. Nope. I have read other fixes for this on your site but am not savvy enough to feel comfortable just executing without some hand holding. Can you help?



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 13 November 2015 - 11:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Let me know what problem persists

#3 itsdot

itsdot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 PM

Posted 15 November 2015 - 12:51 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Dot (administrator) on DOT-PC (14-11-2015 23:05:02)
Running from C:\Users\Dot\Desktop
Loaded Profiles: Dot & QBDataServiceUser25 (Available Profiles: Dot & QBDataServiceUser22 & QBDataServiceUser25)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBDBMgrN.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBDBMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [Monotype SkyFonts System Extension] => C:\Program Files\Monotype\SkyFonts\SkyFonts.exe [2403792 2015-10-27] (Monotype Inc.)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [Monotype SkyFonts Rack Up] => C:\Program Files\Monotype\SkyFonts\SFC.exe [24016 2015-10-27] (Monotype Imaging)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [GoogleChromeAutoLaunch_0BBCD82A44F2A3C2BB7EBD870E321555] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.)
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Monotype SkyFonts System Extension] => C:\Program Files\Monotype\SkyFonts\SkyFonts.exe [2403792 2015-10-27] (Monotype Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-29]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-29]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{DF35EC01-C6E8-4697-8369-41264D2ABBD6}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-02] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-02] (Oracle Corporation)
DPF: HKLM-x32 {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} hxxp://aceonline.asicentral.com/ace/ltocx13n.cab
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\HelpAsyncPluggableProtocol.dll [2015-10-15] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.searchqu.com/406
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\PepperFlash\19.0.0.226\pepflashplayer.dll ()
CHR Profile: C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-10-16]
CHR Extension: (YouTube) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2015-10-16]
CHR Extension: (Google Search) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-17]
CHR Extension: (Love Smoke) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb [2015-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Read Your AOL Mail) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp [2015-10-16]
CHR Extension: (Gmail) - C:\Users\Dot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 HPSLPSVC; C:\Users\Dot\AppData\Local\Temp\7zS0D8A\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-10-15] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-03-17] (Intuit Inc.) [File not signed]
R3 QuickBooksDB25; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBDBMgrN.exe [827392 2015-03-17] (Intuit, Inc.) [File not signed]
S2 SkyFontsService; C:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe [44496 2015-10-27] (Monotype Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [68608 2008-12-19] (Windows ® Codename Longhorn DDK provider)
R3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [96768 2009-07-23] ()
R3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [122880 2008-12-19] ()
R3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
S3 VUSBSTOR; C:\Windows\System32\Drivers\vusbstor.sys [86064 2013-01-17] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 SydexFDD; system32\drives\sydexfdd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-14 23:05 - 2015-11-14 23:05 - 00016984 _____ C:\Users\Dot\Desktop\FRST.txt
2015-11-14 23:04 - 2015-11-14 23:05 - 00000000 ____D C:\FRST
2015-11-14 17:59 - 2015-11-14 17:59 - 01624774 _____ C:\Users\Dot\Downloads\htd_paris.zip
2015-11-14 08:34 - 2015-11-14 08:33 - 02198528 _____ (Farbar) C:\Users\Dot\Desktop\FRST64.exe
2015-11-14 08:33 - 2015-11-14 08:33 - 02198528 _____ (Farbar) C:\Users\Dot\Downloads\FRST64.exe
2015-11-14 08:02 - 2015-11-14 08:02 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-11-14 08:02 - 2015-11-14 08:02 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-14 08:02 - 2015-11-14 08:02 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\Program Files\Speccy
2015-11-14 08:02 - 2015-11-14 08:02 - 00000000 ____D C:\Program Files\CCleaner
2015-11-14 08:00 - 2015-11-14 08:01 - 05127432 _____ (Piriform Ltd) C:\Users\Dot\Downloads\spsetup128.exe
2015-11-14 07:36 - 2015-11-14 07:36 - 00001125 _____ C:\Users\Dot\Desktop\DriveImage XML.lnk
2015-11-14 07:35 - 2015-11-14 07:35 - 00001107 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2015-11-14 07:35 - 2015-11-14 07:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2015-11-14 07:35 - 2015-11-14 07:35 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2015-11-14 07:33 - 2015-11-14 07:33 - 02026456 _____ C:\Users\Dot\Desktop\dixmlsetup.exe
2015-11-11 02:31 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 02:30 - 2015-10-19 19:17 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 02:30 - 2015-10-19 19:17 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-11 02:30 - 2015-10-19 19:17 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 02:30 - 2015-10-19 19:17 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 02:30 - 2015-10-19 19:14 - 01729984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 02:30 - 2015-10-19 19:14 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-11 02:30 - 2015-10-19 19:12 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 02:30 - 2015-10-19 19:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 02:30 - 2015-10-19 19:12 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 02:30 - 2015-10-19 19:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 01166336 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 02:30 - 2015-10-19 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 02:30 - 2015-10-19 19:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 02:30 - 2015-10-19 19:11 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 02:30 - 2015-10-19 19:10 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 02:30 - 2015-10-19 19:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-11-11 02:30 - 2015-10-19 19:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:54 - 03996608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 02:30 - 2015-10-19 18:54 - 03940800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 02:30 - 2015-10-19 18:50 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 02:30 - 2015-10-19 18:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 02:30 - 2015-10-19 18:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 02:30 - 2015-10-19 18:46 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 02:30 - 2015-10-19 18:45 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 02:30 - 2015-10-19 18:45 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 18:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-11-11 02:30 - 2015-10-19 17:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 02:30 - 2015-10-19 17:47 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 02:30 - 2015-10-19 17:47 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 02:30 - 2015-10-19 17:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 02:30 - 2015-10-19 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 02:30 - 2015-10-19 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 02:30 - 2015-09-23 07:18 - 00459344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 02:30 - 2015-09-23 07:18 - 00298192 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 02:30 - 2015-09-23 07:08 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 02:29 - 2015-10-19 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 02:29 - 2015-10-19 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 02:29 - 2015-10-19 19:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 02:29 - 2015-10-19 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 18:41 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 02:29 - 2015-10-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 02:29 - 2015-10-19 18:37 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 02:29 - 2015-10-19 18:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 02:29 - 2015-10-19 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 02:27 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 02:27 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 02:27 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 02:27 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 02:27 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 02:27 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 02:27 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 02:27 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 02:27 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 02:27 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 02:27 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 02:27 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 02:27 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 02:27 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 02:27 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 02:27 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 02:27 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 02:27 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 02:27 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 02:27 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 02:27 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 02:27 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 02:27 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 02:27 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 02:27 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 02:27 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 02:27 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 02:27 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 02:27 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 02:27 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 02:27 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 02:27 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 02:27 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 02:27 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 02:27 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 02:27 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 02:27 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 02:27 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 02:27 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 02:27 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 02:27 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 02:27 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 02:27 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 02:27 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 02:27 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 02:27 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 02:27 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 02:27 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 02:27 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 02:27 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 02:27 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 02:27 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 02:27 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 02:27 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 02:27 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 02:27 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 02:27 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 02:27 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 02:27 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 02:27 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 02:27 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 02:27 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 02:27 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 02:27 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 02:27 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 02:27 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 02:27 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 02:27 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 02:27 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 02:27 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 02:26 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 02:26 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 02:26 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 02:26 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 02:26 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 02:26 - 2015-10-19 17:58 - 03214848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 02:26 - 2015-10-13 18:50 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 02:26 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 02:05 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 02:05 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 02:05 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-10 13:32 - 2015-11-10 13:32 - 00440829 _____ C:\Users\Dot\Downloads\BJD_SC1.zip
2015-11-10 13:32 - 2015-11-10 13:32 - 00439048 _____ C:\Users\Dot\Downloads\BJD_SB3-1.zip
2015-11-03 09:45 - 2015-11-03 09:45 - 00000000 ____D C:\Users\Dot\AppData\Local\Monotype_Inc
2015-11-02 12:37 - 2015-11-09 09:53 - 00000000 ____D C:\Users\Dot\AppData\Local\CrashDumps
2015-11-01 11:25 - 2015-11-01 11:25 - 05749660 _____ C:\Users\Dot\Downloads\61049-900.zip
2015-10-28 09:36 - 2015-10-28 09:36 - 00040494 _____ C:\Users\Dot\Downloads\--SV-DFS01-ClubRunnerdata-PublicAccounts-2386-ExportMember-590912_ExportMember.csv
2015-10-23 15:29 - 2015-10-23 15:29 - 00003692 _____ C:\Users\Dot\Downloads\1_Chicago_West_Chicago_Dupage_Airport.csv
2015-10-23 14:46 - 2015-10-23 14:46 - 00128301 _____ C:\Users\Dot\Downloads\EXAMPLE.xlsb
2015-10-23 14:34 - 2015-10-23 14:34 - 00035840 _____ C:\Users\Dot\Downloads\D9374 (2).xls
2015-10-23 14:34 - 2015-10-23 14:34 - 00034304 _____ C:\Users\Dot\Downloads\D9374 (3).xls
2015-10-23 14:32 - 2015-10-23 14:32 - 00034304 _____ C:\Users\Dot\Downloads\D9374 (1).xls
2015-10-23 14:23 - 2015-10-23 14:23 - 00035328 _____ C:\Users\Dot\Downloads\D9374.xls
2015-10-22 13:21 - 2015-11-14 22:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-22 13:21 - 2015-11-10 17:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-19 11:54 - 2015-11-10 07:25 - 00000000 ____D C:\EEK
2015-10-19 11:54 - 2015-10-19 11:54 - 00000743 _____ C:\Users\Dot\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-19 11:53 - 2015-10-19 11:53 - 168848536 _____ C:\Users\Dot\Downloads\EmsisoftEmergencyKit.exe
2015-10-19 11:50 - 2015-10-19 11:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-10-19 11:48 - 2015-10-19 11:48 - 00089276 _____ C:\Users\Dot\Downloads\HitmanPro_20151019_1247.log
2015-10-19 11:28 - 2015-10-19 11:28 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-10-19 11:28 - 2015-10-19 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-10-19 11:28 - 2015-10-19 11:28 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-19 11:20 - 2015-10-19 11:20 - 22795336 _____ C:\Users\Dot\Downloads\RogueKillerX64.exe
2015-10-19 10:24 - 2015-10-19 10:25 - 11336600 _____ (SurfRight B.V.) C:\Users\Dot\Downloads\HitmanPro_x64.exe
2015-10-19 10:23 - 2015-10-19 11:52 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-19 10:23 - 2015-10-19 10:23 - 10357568 _____ (SurfRight B.V.) C:\Users\Dot\Downloads\HitmanPro.exe
2015-10-19 10:13 - 2015-10-19 10:13 - 00018752 _____ C:\Users\Dot\Downloads\RogueKillerRegistryReport.txt
2015-10-19 10:12 - 2015-10-19 10:12 - 00018754 _____ C:\Users\Dot\Downloads\rk_54D3.tmp.txt
2015-10-18 19:30 - 2015-10-18 19:30 - 00018752 _____ C:\Users\Dot\Downloads\RogueKillerDiskReport.txt
2015-10-18 19:28 - 2015-10-18 19:28 - 00018752 _____ C:\Users\Dot\Downloads\RogueKillerReport.txt
2015-10-18 08:01 - 2015-10-19 11:20 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-18 08:01 - 2015-10-19 10:15 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-18 08:01 - 2015-10-18 08:01 - 18832456 _____ C:\Users\Dot\Downloads\RogueKiller.exe
2015-10-18 07:47 - 2015-10-18 07:47 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Dot\Downloads\tdsskiller.exe
2015-10-17 16:39 - 2015-11-14 17:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-17 16:39 - 2015-10-17 16:39 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-17 16:38 - 2015-10-17 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 16:38 - 2015-10-17 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-17 16:38 - 2015-10-17 16:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 16:38 - 2015-10-05 08:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-17 16:38 - 2015-10-05 08:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-17 16:38 - 2015-10-05 08:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-17 16:35 - 2015-10-17 16:35 - 22908888 _____ (Malwarebytes ) C:\Users\Dot\Downloads\mbam-setup-2.2.0.1024 (2).exe
2015-10-17 16:35 - 2015-10-17 16:35 - 22908888 _____ (Malwarebytes ) C:\Users\Dot\Downloads\mbam-setup-2.2.0.1024 (1).exe
2015-10-17 16:31 - 2015-10-17 16:31 - 22908888 _____ (Malwarebytes ) C:\mbam-setup-2.2.0.1024.exe
2015-10-17 16:04 - 2015-10-17 16:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d10927d9fa2f75.job
2015-10-17 16:01 - 2015-11-10 21:12 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-17 16:01 - 2015-10-17 16:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d109275575ab3c.job
2015-10-17 16:01 - 2015-10-17 16:01 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-17 16:01 - 2015-10-17 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-17 16:00 - 2015-11-10 17:34 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 16:00 - 2015-11-10 17:34 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 09:08 - 2015-10-17 09:08 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-10-16 18:05 - 2015-10-16 18:05 - 00037805 _____ C:\Users\Dot\Documents\bookmarks_10_16_15.html
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-14 21:39 - 2015-02-28 09:09 - 01200029 _____ C:\Windows\WindowsUpdate.log
2015-11-14 11:00 - 2009-07-13 22:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-14 11:00 - 2009-07-13 22:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-14 07:14 - 2009-07-13 23:13 - 00785858 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-14 07:07 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-14 07:07 - 2009-07-13 22:51 - 00064264 _____ C:\Windows\setupact.log
2015-11-14 07:06 - 2014-07-21 16:47 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-11 21:45 - 2015-10-07 16:34 - 00000000 ____D C:\Users\Dot\AppData\Roaming\Monotype
2015-11-11 04:52 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-11-11 04:15 - 2009-07-13 22:45 - 05114032 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 03:56 - 2014-06-10 12:33 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:38 - 2014-06-10 12:33 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 03:37 - 2015-03-06 14:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 03:16 - 2014-06-10 13:03 - 00777980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 03:08 - 2011-04-12 02:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 16:21 - 2015-03-06 14:03 - 00138568 _____ C:\Users\Dot\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-10 16:20 - 2010-11-20 21:47 - 00030740 _____ C:\Windows\PFRO.log
2015-11-10 16:16 - 2014-07-21 17:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-10 16:15 - 2014-07-21 17:10 - 00000000 ____D C:\ProgramData\Adobe
2015-11-10 16:04 - 2015-03-06 14:35 - 00000000 ____D C:\Program Files\Adobe
2015-11-10 07:20 - 2015-08-17 12:43 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-11-10 07:20 - 2014-07-21 16:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-05 00:06 - 2015-07-27 14:32 - 00000000 ____D C:\Users\Dot\Documents\QB
2015-11-05 00:06 - 2015-03-17 19:23 - 00000000 ____D C:\ESPOnline
2015-11-03 11:01 - 2015-09-10 00:58 - 00000000 ___HD C:\$Windows.~BT
2015-11-03 10:44 - 2014-06-10 12:03 - 00000000 ____D C:\Windows\Panther
2015-11-03 10:33 - 2015-07-27 12:53 - 00038901 _____ C:\Users\Dot\AppData\Roaming\QBFileDrTool.log
2015-11-03 09:44 - 2015-10-07 16:35 - 00001880 _____ C:\Users\Public\Desktop\SkyFonts.lnk
2015-11-02 13:00 - 2015-03-06 16:24 - 00000111 _____ C:\Windows\QBChanUtil_Trigger.ini
2015-10-22 13:23 - 2015-03-17 15:28 - 00000000 ____D C:\Users\Dot\AppData\Local\Adobe
2015-10-19 12:02 - 2015-03-06 16:26 - 00000000 ____D C:\Users\QBDataServiceUser22
2015-10-17 16:01 - 2015-03-06 14:05 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-17 12:19 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-17 09:03 - 2015-03-06 14:05 - 00000000 ____D C:\Users\Dot\AppData\Local\Deployment
2015-10-15 02:32 - 2015-03-18 02:34 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 02:32 - 2015-03-18 02:34 - 00000000 ____D C:\Windows\system32\appraiser
 
==================== Files in the root of some directories =======
 
2015-04-28 17:41 - 2015-05-26 08:34 - 0000132 _____ () C:\Users\Dot\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-07-27 15:03 - 2015-07-29 14:50 - 0031669 _____ () C:\Users\Dot\AppData\Roaming\FileDrTool.log
2015-07-27 12:53 - 2015-11-03 10:33 - 0038901 _____ () C:\Users\Dot\AppData\Roaming\QBFileDrTool.log
2015-05-13 15:55 - 2015-06-27 11:55 - 0001456 _____ () C:\Users\Dot\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-17 15:47 - 2015-03-17 15:47 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Dot\AppData\Local\Temp\Abspdf.exe
C:\Users\Dot\AppData\Local\Temp\acfpdfu.dll
C:\Users\Dot\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Dot\AppData\Local\Temp\acfpdfui.dll
C:\Users\Dot\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Dot\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Dot\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Dot\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Dot\AppData\Local\Temp\cdintf.dll
C:\Users\Dot\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dot\AppData\Local\Temp\HPPSdr.exe
C:\Users\Dot\AppData\Local\Temp\hrlxp3gz.dll
C:\Users\Dot\AppData\Local\Temp\MSIZAP.EXE
C:\Users\Dot\AppData\Local\Temp\nvStInst.exe
C:\Users\Dot\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Dot\AppData\Local\Temp\RatsHelper.dll
C:\Users\Dot\AppData\Local\Temp\stlport_r50.dll
C:\Users\Dot\AppData\Local\Temp\xmllite.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-10 18:42
 
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 15 November 2015 - 09:11 AM


You decided to not remove this key. It's your call.

***** [ Registry ] *****

[x] Key Not Deleted : HKCU\Software\933578e4ae5933280c14cf09e3d201c8


If any problem persists read this article from McAfee and decide if you want to keep it.
http://home.mcafee.com/virusinfo/virusprofile.aspx?key=9373199#none

p.s.
The AdwCleaner keep the deleted items in the Quarantine folder. You can restore it if it's realy needed.
===

No malitius malware was found in your logs.

This is just a cleanup.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [AdobeBridge] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://www.searchqu.com/406
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 SydexFDD; system32\drives\sydexfdd.sys
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6E5E1994-CB2C-432F-8E95-93658B807ABB} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8715663B-E9D4-472E-A2CD-C40BDF8F2FED} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know of any pending issues with this computer.

#5 itsdot

itsdot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 PM

Posted 15 November 2015 - 01:18 PM

I got rid of that key along with the searchqu/404. i didn't initially because I didn't know what it was. I performed the cleanup and am in the process of running FRST/fix but it seems tobe taking an inordinate amount of time? It's been more than three hours. Is this normal?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 15 November 2015 - 02:41 PM

Stop the process.

If a Fixlog.txt was created post it.

If not please run the Farbar tool normally and post a fresh FRST log for my review.

#7 itsdot

itsdot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 PM

Posted 15 November 2015 - 02:53 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Dot (2015-11-15 09:12:39) Run:1
Running from C:\Users\Dot\Desktop
Loaded Profiles: Dot & QBDataServiceUser25 (Available Profiles: Dot & QBDataServiceUser22 & QBDataServiceUser25)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\...\Run: [AdobeBridge] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://www.searchqu.com/406
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 SydexFDD; system32\drives\sydexfdd.sys
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6E5E1994-CB2C-432F-8E95-93658B807ABB} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8715663B-E9D4-472E-A2CD-C40BDF8F2FED} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4154183769-122929292-2090752055-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Chrome HomePage => removed successfully
gdrv => service removed successfully
SydexFDD => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E5E1994-CB2C-432F-8E95-93658B807ABB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E5E1994-CB2C-432F-8E95-93658B807ABB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8715663B-E9D4-472E-A2CD-C40BDF8F2FED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8715663B-E9D4-472E-A2CD-C40BDF8F2FED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 16 November 2015 - 08:22 AM

How is the computer running now?

#9 itsdot

itsdot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 PM

Posted 16 November 2015 - 08:41 AM

I tried to run a Malwarebytes scan yesterday after posting to see what if anything would be picked up. The scan hung up and would not proceed. Following instructions [from their site], I removed the program and tried to re-install but cannot get the setup to execute; keep getting an Access is denied error. I wrote to them this morning for help. Without knowing whether cracktoolagent is gone for sure, am afraid to open anything that is password protected...



#10 itsdot

itsdot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 PM

Posted 16 November 2015 - 09:14 AM

With advice from malwarebytes site, I was able to re-install program and am currently running the scan...



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 16 November 2015 - 09:41 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 itsdot

itsdot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 PM

Posted 17 November 2015 - 05:43 AM

got malwarebytes re-installed and ran. It did not pick up anything. I noticed it did not run with "scan for rootkits" checked so re-ran. It has been running all night and has hung up in the same spot as yesterday??? C:\Windows\syswow64\wbem\wsdapi.mof



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 17 November 2015 - 10:02 AM

Try disabling rootkit scanning during the scan and let us know if the scan completes. Additionally we can try a couple of things...

Please try the following and let us know if that corrects it or not.

Follow the instructions on this page.
https://forums.malwarebytes.org/index.php?/topic/147112-scan-stopping/
MBAM Clean Removal Process 2x

Keep me posted.

#14 itsdot

itsdot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 PM

Posted 17 November 2015 - 08:18 PM

It ran clean with the the rootkit scanning disabled but will not run complete with it enabled. I had already done the clean removal process and reinstall before this happened because it hung up in the same spot prior. can you help with the diagnostics or do you want me to work with malwarebytes on that? I had asked them a question when I had a problem reinstalling and they referred me back to you:)



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 18 November 2015 - 09:06 AM

If you do not have any other issues with this computer I suggest you deal with them.

If you do have other issues please explain.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users