Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop fails boot-up, stops with a BSOD.


  • This topic is locked This topic is locked
26 replies to this topic

#1 mdhvezda

mdhvezda

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:02:58 AM

Posted 14 December 2015 - 05:54 PM

Win 7 Home Premium OA (x64)  (Original installation, came pre-installed)
Age of system - 5 years
System Manufacturer ASUS
Exact model number K42J
 
The other day I was browsing amazon videos to find a movie for my grandson.  The laptop crashed with a BSOD.  Tried rebooting and the laptop brought up a Windows Error Recovery Screen, recommending that I launch Startup Repair.  Startup Repair finished with a "Windows cannot repair this computer automatically" message.  I tried rebooting again, and now the laptop went into a continually rebooting loop. Then I went into Advanced Boot Options and selected the "Disable automatic restart on system failure" option and rebooted.  Now the laptop stopped booting at a BSOD, with this info:
 
STOP:   C0000135
The program can't start because %hs is missing from your computer.  Try reinstalling the program to fix this problem.
 
At this time I started some google searching using the BSOD message.  After reading various search returns I ran a Farbar Recovery Scan as was suggested in various posts returned by the searches. In the FRST.txt results there was an entry in the Known DLLs (Whitelisted) section that had an "ATTENTION" tagged to it.  It said that C:\Windows\System32\LPK.dll IS MISSING.  
 
Next I ran the SFC /scannow command in the Win7 recovery environment. The response I received from that command was "Windows Resource Protection found corrupt files but was unable to fix some of them."
 
So now I went back to the Win7 recovery environment and copied the LPK.dll file from the C:\windows\SysWOW64 directory to the C:\windows\system32 directory and rebooted the laptop. Now the laptop stopped booting at a BSOD, with this info:
 
STOP:   C000007b  {Bad Image}
winsrv is either not designed to run on windows or it contains an error.  Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.
 
I then ran another Farbar Recovery Scan and have stopped. I have figured that I may be digging myself a deeper hole to get out of and to stop and seek professional help.  I am looking for some guidance/ideas on what I can do to get my laptop back to successfully booting up.
 
Attached below are the FRST.txt results from the two Farbar Recovery scans.
 
Thanks
Mark
 
 
 
 
****************************************************************************************************************************
*                                        Farbar Recovery Scan #1 results:                                                        *
****************************************************************************************************************************
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015
Ran by SYSTEM on MININT-119CB16 (13-12-2015 18:49:30)
Running from F:\FRST
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\Bryan Hvezda\...\Run: [googletalk] => C:\Users\Bryan Hvezda\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\Bryan Hvezda\...\Run: [Google Update] => C:\Users\Bryan Hvezda\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-06-17] (Google Inc.)
HKU\mdh\...\Run: [Google Update] => "C:\Users\mdh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\mdh\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2672488 2011-05-25] (Hewlett-Packard Co.)
HKU\mdh\...\Run: [Facebook Update] => C:\Users\mdh\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\mdh\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\mdh\...\Run: [GoogleChromeAutoLaunch_D7703F24C4B80D8F0D4348F21D7F4E89] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-04] (Google Inc.)
HKU\mdh\...\Run: [Dropbox Update] => C:\Users\mdh\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
HKU\mdh\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.)
Startup: C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-03-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TouchpadPal.lnk [2015-08-20]
ShortcutTarget: TouchpadPal.lnk -> C:\Program Files (x86)\TouchpadPal\TouchpadPal.exe ()
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-05] (AVAST Software)
S2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\ABService.exe [29912 2014-12-24] (AOMEI Tech Co., Ltd.)
S2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-29] (Microsoft Corporation)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [931640 2012-04-16] (Trusteer Ltd.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WinVNC4; C:\Program Files (x86)\TigerVNC\winvnc4.exe [5578105 2012-03-09] (TigerVNC Project)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-07-31] ()
S2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-07-31] ()
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
S2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-07-31] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-05] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-05] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-05] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-05] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-05] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-05] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S0 lhldjq; no ImagePath
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2012-04-16] (Trusteer Ltd.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2012-04-16] (Trusteer Ltd.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 HTTP; system32\drivers\HTTP.sys [X]
S3 srv; System32\DRIVERS\srv.sys [X]
S3 srvnet; System32\DRIVERS\srvnet.sys [X]
S3 tmlwf; no ImagePath
S3 tmwfp; no ImagePath
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-13 18:48 - 2015-12-13 18:49 - 00000000 ____D C:\FRST
2015-12-13 10:30 - 2015-12-13 10:30 - 00000051 _____ C:\Windows\System32\.directory
2015-12-12 20:50 - 2015-12-12 20:50 - 00000000 __SHD C:\found.001
2015-12-12 16:41 - 2015-12-12 16:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-11 15:43 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-12-11 15:43 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-12-11 15:43 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-12-11 15:43 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-11 15:43 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2015-12-11 15:43 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-11 15:43 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2015-12-11 15:43 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-12-11 15:42 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-12-11 15:42 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-12-11 15:42 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-11 15:42 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-11 15:42 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-11 15:42 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-11 15:42 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\System32\comsvcs.dll
2015-12-11 15:42 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\System32\catsrvut.dll
2015-12-11 15:42 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-11 15:42 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-11 15:42 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-12-11 15:42 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-12-11 15:42 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2015-12-11 15:42 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-11 15:42 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-11 15:42 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-12-11 15:42 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wshrm.dll
2015-12-11 15:42 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-11 15:42 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2015-12-11 15:41 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-12-11 15:41 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-11 15:41 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-12-11 15:41 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-11 15:41 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-11 15:41 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-11 15:41 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-11 15:41 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-12-11 15:41 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-11 15:41 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-11 15:41 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-11 15:41 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-11 15:41 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-11 15:41 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-11 15:41 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-11 15:41 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-11 15:41 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-11 15:41 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-11 15:41 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-11 15:41 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-11 15:41 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-11 15:41 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-11 15:41 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-11 15:41 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-11 15:41 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-11 15:41 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-11 15:41 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-11 15:41 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-11 15:41 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-11 15:41 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-11 15:41 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-11 15:41 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-11 15:41 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-11 15:41 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-12-11 15:41 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-12-11 15:41 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-12-11 15:41 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-12-11 15:41 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-12-11 15:41 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-12-11 15:41 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-12-11 15:41 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-12-11 15:41 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-12-11 15:41 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-12-11 15:41 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-12-11 15:41 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-12-11 15:41 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-12-11 15:41 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-12-11 15:41 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-12-11 15:41 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-12-11 15:41 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-12-11 15:41 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-12-11 15:41 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-12-11 15:41 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-12-11 15:41 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-12-11 15:41 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2015-12-11 15:41 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-12-11 15:41 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-12-11 15:41 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-12-11 15:41 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-12-11 15:41 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-12-11 15:41 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-12-11 15:41 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-12-11 15:41 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-12-11 15:41 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-12-11 15:39 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\System32\els.dll
2015-12-11 15:39 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-11 15:06 - 2015-12-11 15:06 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-11 15:06 - 2015-12-11 15:06 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-29 11:35 - 2015-11-29 11:35 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-21 22:00 - 2015-11-21 22:05 - 00000000 ____D C:\cbe57a76a702e6f997e5b655
2015-11-21 21:19 - 2015-10-19 17:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-11-21 21:19 - 2015-10-19 17:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-11-21 21:19 - 2015-10-19 17:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-11-21 21:19 - 2015-10-19 17:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-11-21 21:19 - 2015-10-19 17:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-11-21 21:19 - 2015-10-19 17:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-11-21 21:19 - 2015-10-19 17:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-11-21 21:19 - 2015-10-19 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-11-21 21:19 - 2015-10-19 17:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-11-21 21:19 - 2015-10-19 17:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-11-21 21:19 - 2015-10-19 17:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-11-21 21:19 - 2015-10-19 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-11-21 21:19 - 2015-10-19 17:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-11-21 21:19 - 2015-10-19 16:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-21 21:19 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-21 21:19 - 2015-10-19 16:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-21 21:19 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-21 21:19 - 2015-10-19 16:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-21 21:19 - 2015-10-19 16:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-21 21:19 - 2015-10-19 16:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-21 21:19 - 2015-10-19 16:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-21 21:19 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-21 21:19 - 2015-10-19 16:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 15:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2015-11-21 21:19 - 2015-10-19 15:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2015-11-21 21:19 - 2015-10-19 15:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-11-21 21:19 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-11-21 21:19 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll
2015-11-21 21:19 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-21 21:18 - 2015-10-19 17:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-11-21 21:18 - 2015-10-19 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-21 21:18 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 15:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-21 21:18 - 2015-10-19 15:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-21 21:18 - 2015-10-19 15:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 15:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 15:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 15:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-21 21:16 - 2015-10-29 09:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\apphelp.dll
2015-11-21 21:16 - 2015-10-29 09:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\System32\aelupsvc.dll
2015-11-21 21:16 - 2015-10-29 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\sdbinst.exe
2015-11-21 21:16 - 2015-10-29 09:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\shimeng.dll
2015-11-21 21:16 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-21 21:16 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-21 21:16 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-21 21:16 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2015-11-21 21:16 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2015-11-21 21:16 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2015-11-21 21:15 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll
2015-11-21 21:15 - 2015-10-01 10:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\jnwmon.dll
2015-11-21 21:15 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-21 20:12 - 2015-11-21 20:12 - 00273304 _____ C:\Windows\Minidump\112115-33290-01.dmp
2015-11-21 19:56 - 2015-11-21 19:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-13 10:08 - 2015-05-08 18:29 - 01056286 _____ C:\Windows\ntbtlog.txt
2015-12-12 17:12 - 2011-07-31 13:32 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job
2015-12-12 17:09 - 2011-07-31 17:44 - 00000000 ___RD C:\Users\mdh\Dropbox
2015-12-12 17:09 - 2011-07-31 17:43 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Dropbox
2015-12-12 17:09 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-12 17:09 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-12 17:08 - 2011-07-31 13:27 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Skype
2015-12-12 17:07 - 2015-01-21 16:05 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-12 17:07 - 2012-06-08 17:27 - 00000000 ___RD C:\Users\mdh\Google Drive
2015-12-12 17:05 - 2015-09-09 13:20 - 00000000 ___RD C:\Users\mdh\OneDrive
2015-12-12 17:03 - 2010-03-04 00:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-12 17:03 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-12 16:58 - 2015-06-12 10:46 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job
2015-12-12 16:52 - 2010-08-09 16:59 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1000UA.job
2015-12-12 16:41 - 2014-03-28 18:19 - 00000000 ____D C:\Users\mdh\AppData\Local\Skype
2015-12-12 16:41 - 2010-06-22 10:19 - 00000000 ____D C:\ProgramData\Skype
2015-12-12 16:34 - 2012-07-31 16:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-12 16:34 - 2009-07-13 20:45 - 00484480 _____ C:\Windows\System32\FNTCACHE.DAT
2015-12-12 16:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-11 16:44 - 2010-03-03 23:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-11 16:41 - 2013-03-12 19:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 16:41 - 2013-03-12 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 16:37 - 2013-08-19 18:43 - 00000000 ____D C:\Windows\System32\MRT
2015-12-11 16:25 - 2010-03-04 00:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 16:20 - 2012-07-31 16:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-11 16:20 - 2012-04-06 08:07 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-11 16:20 - 2011-12-22 13:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-11 16:07 - 2014-10-22 07:57 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Everything
2015-12-11 15:57 - 2012-03-18 11:40 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job
2015-12-11 15:57 - 2012-03-18 11:40 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job
2015-12-11 15:20 - 2010-03-04 00:28 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-11 15:20 - 2010-03-04 00:28 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-11 15:12 - 2011-07-31 13:32 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job
2015-12-11 15:07 - 2011-07-31 13:32 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA
2015-12-11 15:07 - 2011-07-31 13:32 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core
2015-12-10 23:20 - 2012-02-20 16:53 - 00000600 _____ C:\Users\mdh\AppData\Local\PUTTY.RND
2015-12-10 15:35 - 2012-01-25 22:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-10 15:17 - 2009-07-13 21:13 - 00782510 _____ C:\Windows\System32\PerfStringBackup.INI
2015-12-08 19:39 - 2010-05-06 13:34 - 00301728 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-11-29 12:57 - 2015-06-12 10:46 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job
2015-11-29 11:36 - 2014-12-28 14:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-29 11:35 - 2010-03-04 00:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-29 11:34 - 2010-03-04 00:26 - 00000000 ____D C:\ProgramData\Adobe
2015-11-22 16:47 - 2014-04-18 12:19 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-22 09:33 - 2011-07-23 01:32 - 00000000 ____D C:\Windows\rescache
2015-11-21 21:53 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-21 20:12 - 2011-11-12 20:47 - 00000000 ____D C:\Windows\Minidump
2015-11-21 20:11 - 2015-02-24 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-21 20:11 - 2015-02-12 19:21 - 607315358 _____ C:\Windows\MEMORY.DMP
2015-11-21 20:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
 
Some files in TEMP:
====================
C:\Users\mdh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbyz5ux.dll
C:\Users\mdh\AppData\Local\Temp\ETDUninst.dll
C:\Users\mdh\AppData\Local\Temp\Frameworkutils.dll
C:\Users\mdh\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\mdh\AppData\Local\Temp\install_flashplayer12x32au_mssd_aaa_aih.exe
C:\Users\mdh\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\mdh\AppData\Local\Temp\mssinstaller.exe
C:\Users\mdh\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mdh\AppData\Local\Temp\swt-win32-3347.dll
C:\Users\mdh\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\mdh\AppData\Local\Temp\winping.dll
C:\Users\mdh\AppData\Local\Temp\{40D732BE-B991-4CA9-A1A4-8A8708F64271}-DropboxClient_3.8.5.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-11 15:42] - [2015-11-10 10:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A
 
C:\Windows\SysWOW64\User32.dll
[2015-12-11 15:42] - [2015-11-10 10:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point date: 2015-08-19 12:55
Restore point date: 2015-09-07 21:22
Restore point date: 2015-09-08 18:38
Restore point date: 2015-09-25 07:08
Restore point date: 2015-10-05 10:34
Restore point date: 2015-10-05 10:52
Restore point date: 2015-10-09 09:39
Restore point date: 2015-10-09 13:34
Restore point date: 2015-10-18 17:12
Restore point date: 2015-10-18 20:16
Restore point date: 2015-11-01 10:28
Restore point date: 2015-11-01 19:48
Restore point date: 2015-11-01 19:52
Restore point date: 2015-11-01 19:56
Restore point date: 2015-11-21 20:04
Restore point date: 2015-11-21 20:34
Restore point date: 2015-11-21 21:39
Restore point date: 2015-11-22 16:45
Restore point date: 2015-11-26 12:48
Restore point date: 2015-12-11 15:53
Restore point date: 2015-12-11 16:10
Restore point date: 2015-12-12 16:44
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 3949.54 MB
Available physical RAM: 3319.45 MB
Total Virtual: 3947.69 MB
Available Virtual: 3321.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:350.48 GB) (Free:185.78 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:100.63 GB) (Free:78 GB) NTFS
Drive f: (TOSHIBA) (Removable) (Total:14.44 GB) (Free:13.93 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=350.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100.6 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6C5E55A2)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)
 
 
LastRegBack: 2015-11-21 23:12
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 

****************************************************************************************************************************
*                                        Farbar Recovery Scan #2 results:                                                        *
****************************************************************************************************************************
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015
Ran by SYSTEM on MININT-LDVKG3U (13-12-2015 22:27:55)
Running from F:\FRST
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\Bryan Hvezda\...\Run: [googletalk] => C:\Users\Bryan Hvezda\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\Bryan Hvezda\...\Run: [Google Update] => C:\Users\Bryan Hvezda\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-06-17] (Google Inc.)
HKU\mdh\...\Run: [Google Update] => "C:\Users\mdh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\mdh\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2672488 2011-05-25] (Hewlett-Packard Co.)
HKU\mdh\...\Run: [Facebook Update] => C:\Users\mdh\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\mdh\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\mdh\...\Run: [GoogleChromeAutoLaunch_D7703F24C4B80D8F0D4348F21D7F4E89] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-04] (Google Inc.)
HKU\mdh\...\Run: [Dropbox Update] => C:\Users\mdh\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
HKU\mdh\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.)
Startup: C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-03-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TouchpadPal.lnk [2015-08-20]
ShortcutTarget: TouchpadPal.lnk -> C:\Program Files (x86)\TouchpadPal\TouchpadPal.exe ()
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-05] (AVAST Software)
S2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\ABService.exe [29912 2014-12-24] (AOMEI Tech Co., Ltd.)
S2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-29] (Microsoft Corporation)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [931640 2012-04-16] (Trusteer Ltd.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WinVNC4; C:\Program Files (x86)\TigerVNC\winvnc4.exe [5578105 2012-03-09] (TigerVNC Project)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-07-31] ()
S2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-07-31] ()
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
S2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-07-31] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-05] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-05] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-05] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-05] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-05] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-05] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S0 lhldjq; no ImagePath
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2012-04-16] (Trusteer Ltd.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2012-04-16] (Trusteer Ltd.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 HTTP; system32\drivers\HTTP.sys [X]
S3 srv; System32\DRIVERS\srv.sys [X]
S3 srvnet; System32\DRIVERS\srvnet.sys [X]
S3 tmlwf; no ImagePath
S3 tmwfp; no ImagePath
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-13 22:04 - 2015-09-01 18:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-12-13 21:58 - 2015-12-13 21:58 - 00000000 _____ C:\sfcdetails.txt
2015-12-13 18:48 - 2015-12-13 22:27 - 00000000 ____D C:\FRST
2015-12-13 10:30 - 2015-12-13 10:30 - 00000051 _____ C:\Windows\System32\.directory
2015-12-12 20:50 - 2015-12-12 20:50 - 00000000 __SHD C:\found.001
2015-12-12 16:41 - 2015-12-12 16:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-11 15:43 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-12-11 15:43 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-12-11 15:43 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-12-11 15:43 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-11 15:43 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2015-12-11 15:43 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-11 15:43 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2015-12-11 15:43 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-12-11 15:42 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-12-11 15:42 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-12-11 15:42 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-12-11 15:42 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-11 15:42 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-11 15:42 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-11 15:42 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-11 15:42 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\System32\comsvcs.dll
2015-12-11 15:42 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\System32\catsrvut.dll
2015-12-11 15:42 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-11 15:42 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-11 15:42 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-12-11 15:42 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-12-11 15:42 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2015-12-11 15:42 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-11 15:42 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-11 15:42 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-12-11 15:42 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wshrm.dll
2015-12-11 15:42 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-11 15:42 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2015-12-11 15:41 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-12-11 15:41 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-11 15:41 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-12-11 15:41 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-11 15:41 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-11 15:41 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-11 15:41 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-11 15:41 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-12-11 15:41 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-11 15:41 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-11 15:41 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-11 15:41 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-11 15:41 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-11 15:41 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-11 15:41 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-11 15:41 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-11 15:41 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-11 15:41 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-11 15:41 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-11 15:41 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-11 15:41 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-11 15:41 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-11 15:41 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-11 15:41 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-11 15:41 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-11 15:41 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-11 15:41 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-11 15:41 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-11 15:41 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-11 15:41 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-11 15:41 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-11 15:41 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-11 15:41 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-11 15:41 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-12-11 15:41 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-12-11 15:41 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-12-11 15:41 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-12-11 15:41 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-12-11 15:41 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-12-11 15:41 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-12-11 15:41 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-12-11 15:41 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-12-11 15:41 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-12-11 15:41 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-12-11 15:41 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-12-11 15:41 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-12-11 15:41 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-12-11 15:41 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-12-11 15:41 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-12-11 15:41 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-12-11 15:41 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-12-11 15:41 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-12-11 15:41 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-12-11 15:41 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-12-11 15:41 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2015-12-11 15:41 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-12-11 15:41 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-12-11 15:41 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-12-11 15:41 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-12-11 15:41 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-12-11 15:41 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-12-11 15:41 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-12-11 15:41 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-12-11 15:41 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-12-11 15:39 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\System32\els.dll
2015-12-11 15:39 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-11 15:06 - 2015-12-11 15:06 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-11 15:06 - 2015-12-11 15:06 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-29 11:35 - 2015-11-29 11:35 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-21 22:00 - 2015-11-21 22:05 - 00000000 ____D C:\cbe57a76a702e6f997e5b655
2015-11-21 21:19 - 2015-10-19 17:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-11-21 21:19 - 2015-10-19 17:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-11-21 21:19 - 2015-10-19 17:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-11-21 21:19 - 2015-10-19 17:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-11-21 21:19 - 2015-10-19 17:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-11-21 21:19 - 2015-10-19 17:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-11-21 21:19 - 2015-10-19 17:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-11-21 21:19 - 2015-10-19 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-11-21 21:19 - 2015-10-19 17:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-11-21 21:19 - 2015-10-19 17:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-11-21 21:19 - 2015-10-19 17:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-11-21 21:19 - 2015-10-19 17:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-11-21 21:19 - 2015-10-19 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-11-21 21:19 - 2015-10-19 17:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-11-21 21:19 - 2015-10-19 16:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-21 21:19 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-21 21:19 - 2015-10-19 16:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-21 21:19 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-21 21:19 - 2015-10-19 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-21 21:19 - 2015-10-19 16:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-21 21:19 - 2015-10-19 16:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-21 21:19 - 2015-10-19 16:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-21 21:19 - 2015-10-19 16:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-21 21:19 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-21 21:19 - 2015-10-19 16:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-21 21:19 - 2015-10-19 15:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2015-11-21 21:19 - 2015-10-19 15:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2015-11-21 21:19 - 2015-10-19 15:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-11-21 21:19 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-11-21 21:19 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll
2015-11-21 21:19 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-21 21:18 - 2015-10-19 17:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-11-21 21:18 - 2015-10-19 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-21 21:18 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 15:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-21 21:18 - 2015-10-19 15:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-21 21:18 - 2015-10-19 15:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 15:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 15:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-21 21:18 - 2015-10-19 15:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-21 21:16 - 2015-10-29 09:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\apphelp.dll
2015-11-21 21:16 - 2015-10-29 09:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\System32\aelupsvc.dll
2015-11-21 21:16 - 2015-10-29 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\sdbinst.exe
2015-11-21 21:16 - 2015-10-29 09:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\shimeng.dll
2015-11-21 21:16 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-21 21:16 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-21 21:16 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-21 21:16 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2015-11-21 21:16 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2015-11-21 21:16 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2015-11-21 21:15 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll
2015-11-21 21:15 - 2015-10-01 10:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\jnwmon.dll
2015-11-21 21:15 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-21 20:12 - 2015-11-21 20:12 - 00273304 _____ C:\Windows\Minidump\112115-33290-01.dmp
2015-11-21 19:56 - 2015-11-21 19:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-13 20:11 - 2015-05-08 18:29 - 01289440 _____ C:\Windows\ntbtlog.txt
2015-12-12 17:12 - 2011-07-31 13:32 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job
2015-12-12 17:09 - 2011-07-31 17:44 - 00000000 ___RD C:\Users\mdh\Dropbox
2015-12-12 17:09 - 2011-07-31 17:43 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Dropbox
2015-12-12 17:09 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-12 17:09 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-12 17:08 - 2011-07-31 13:27 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Skype
2015-12-12 17:07 - 2015-01-21 16:05 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-12 17:07 - 2012-06-08 17:27 - 00000000 ___RD C:\Users\mdh\Google Drive
2015-12-12 17:05 - 2015-09-09 13:20 - 00000000 ___RD C:\Users\mdh\OneDrive
2015-12-12 17:03 - 2010-03-04 00:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-12 17:03 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-12 16:58 - 2015-06-12 10:46 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job
2015-12-12 16:52 - 2010-08-09 16:59 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1000UA.job
2015-12-12 16:41 - 2014-03-28 18:19 - 00000000 ____D C:\Users\mdh\AppData\Local\Skype
2015-12-12 16:41 - 2010-06-22 10:19 - 00000000 ____D C:\ProgramData\Skype
2015-12-12 16:34 - 2012-07-31 16:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-12 16:34 - 2009-07-13 20:45 - 00484480 _____ C:\Windows\System32\FNTCACHE.DAT
2015-12-12 16:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-11 16:44 - 2010-03-03 23:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-11 16:41 - 2013-03-12 19:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 16:41 - 2013-03-12 19:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 16:37 - 2013-08-19 18:43 - 00000000 ____D C:\Windows\System32\MRT
2015-12-11 16:25 - 2010-03-04 00:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 16:20 - 2012-07-31 16:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-11 16:20 - 2012-04-06 08:07 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-11 16:20 - 2011-12-22 13:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-11 16:07 - 2014-10-22 07:57 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Everything
2015-12-11 15:57 - 2012-03-18 11:40 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job
2015-12-11 15:57 - 2012-03-18 11:40 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job
2015-12-11 15:20 - 2010-03-04 00:28 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-11 15:20 - 2010-03-04 00:28 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-11 15:12 - 2011-07-31 13:32 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job
2015-12-11 15:07 - 2011-07-31 13:32 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA
2015-12-11 15:07 - 2011-07-31 13:32 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core
2015-12-10 23:20 - 2012-02-20 16:53 - 00000600 _____ C:\Users\mdh\AppData\Local\PUTTY.RND
2015-12-10 15:35 - 2012-01-25 22:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-10 15:17 - 2009-07-13 21:13 - 00782510 _____ C:\Windows\System32\PerfStringBackup.INI
2015-12-08 19:39 - 2010-05-06 13:34 - 00301728 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-11-29 12:57 - 2015-06-12 10:46 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job
2015-11-29 11:36 - 2014-12-28 14:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-29 11:35 - 2010-03-04 00:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-29 11:34 - 2010-03-04 00:26 - 00000000 ____D C:\ProgramData\Adobe
2015-11-22 16:47 - 2014-04-18 12:19 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-22 09:33 - 2011-07-23 01:32 - 00000000 ____D C:\Windows\rescache
2015-11-21 21:53 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-21 20:12 - 2011-11-12 20:47 - 00000000 ____D C:\Windows\Minidump
2015-11-21 20:11 - 2015-02-24 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-21 20:11 - 2015-02-12 19:21 - 607315358 _____ C:\Windows\MEMORY.DMP
2015-11-21 20:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
 
Some files in TEMP:
====================
C:\Users\mdh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbyz5ux.dll
C:\Users\mdh\AppData\Local\Temp\ETDUninst.dll
C:\Users\mdh\AppData\Local\Temp\Frameworkutils.dll
C:\Users\mdh\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\mdh\AppData\Local\Temp\install_flashplayer12x32au_mssd_aaa_aih.exe
C:\Users\mdh\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\mdh\AppData\Local\Temp\mssinstaller.exe
C:\Users\mdh\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mdh\AppData\Local\Temp\swt-win32-3347.dll
C:\Users\mdh\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\mdh\AppData\Local\Temp\winping.dll
C:\Users\mdh\AppData\Local\Temp\{40D732BE-B991-4CA9-A1A4-8A8708F64271}-DropboxClient_3.8.5.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-11 15:42] - [2015-11-10 10:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A
 
C:\Windows\SysWOW64\User32.dll
[2015-12-11 15:42] - [2015-11-10 10:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 3949.54 MB
Available physical RAM: 3318.37 MB
Total Virtual: 3947.69 MB
Available Virtual: 3314.38 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:350.48 GB) (Free:261.64 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:100.63 GB) (Free:78 GB) NTFS
Drive f: (TOSHIBA) (Removable) (Total:14.44 GB) (Free:13.93 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=350.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100.6 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6C5E55A2)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)
 
 
LastRegBack: 2015-11-21 23:12
 
==================== End of FRST.txt ============================

Edited by hamluis, 14 December 2015 - 06:52 PM.
Moved from Crashes/BSODs to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:58 AM

Posted 14 December 2015 - 06:47 PM

Hi Mark :welcome: to BleepingComputer

 

 

Let's see if we can fix this please run FRST again like you did before but this time on the Search box type:

LPK.dll;User32.dll

Click the Search Files button.

Please Copy & Past the content of Search.txt log to your post


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 mdhvezda

mdhvezda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:02:58 AM

Posted 14 December 2015 - 08:56 PM

Here are the results from the FRST Search Files scan:

--------------------------------------------------------------------------

 

Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by SYSTEM (2015-12-14 19:31:25)
Running from F:\FRST
Boot Mode: Recovery
 
================== Search Files: "LPK.dll;User32.dll" =============
 
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_36077453d1a24eea\user32.dll
[2015-12-11 15:42][2015-11-10 10:35] 0833024 ____A (Microsoft Corporation) D0A3A0DBF77EE35CE97E55DE92014E05
 
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_3579d47ab8884c9d\user32.dll
[2015-12-11 15:42][2015-11-10 10:37] 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722
 
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2011-06-23 04:16][2010-11-20 04:08] 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
 
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2009-07-13 15:24][2009-07-13 17:11] 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23188_none_128f7faabed9b3c4\lpk.dll
[2015-09-08 17:42][2015-09-01 18:36] 0025600 ____A (Microsoft Corporation) 3EDCBF9078520F613922E0D70A5906A7
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_12bbbfa4beb85d57\lpk.dll
[2015-08-16 08:10][2015-07-30 09:53] 0025600 ____A (Microsoft Corporation) FFE0FA7543E1B9B37352710BC8B9121C
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23126_none_12ce5e9ebeaad970\lpk.dll
[2015-07-26 12:36][2015-07-14 18:58] 0025600 ____A (Microsoft Corporation) 20503EB76CAE40D601ABD38FC1B2CDCF
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22974_none_12967466bed5020e\lpk.dll
[2015-03-10 17:50][2015-02-19 21:14] 0025600 ____A (Microsoft Corporation) 7B1CABC4896210612AE600238E59CF15
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22350_none_12a807b2bec875e6\lpk.dll
[2013-10-10 18:10][2013-06-05 21:07] 0025600 ____A (Microsoft Corporation) 84CA3579EEB69D8E1EE67E4F721BF71C
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22153_none_12ab04c4bec5c79d\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_12c3c5c0beb2b3e2\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18985_none_120309dfa5be94b3\lpk.dll
[2015-09-08 17:42][2015-09-01 18:47] 0025600 ____A (Microsoft Corporation) 415FB89174E6D8BFC885A00A01C3446B
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18946_none_122f49d9a59d3e46\lpk.dll
[2015-08-16 08:10][2015-07-30 09:55] 0025600 ____A (Microsoft Corporation) 9E2F12744DD9810961031C56FBB691F4
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18923_none_1241e8d3a58fba5f\lpk.dll
[2015-07-26 12:36][2015-07-14 18:54] 0025600 ____A (Microsoft Corporation) D80ECB18D64AE3C2A9D8220ABEBCE40A
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18768_none_121ba6c9a5abae88\lpk.dll
[2015-03-10 17:50][2015-02-19 20:12] 0025600 ____A (Microsoft Corporation) 01D9C9A70323BC7E5835B92442DD7EC2
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18177_none_120fcb2fa5b4c238\lpk.dll
[2013-10-10 18:10][2013-06-05 20:57] 0025600 ____A (Microsoft Corporation) CC23295DA8F7B5C53F93804D2F5D30EB
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_12360787a598d69a\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17991_none_11f44f93a5ca31a7\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_123b293fa5942d6f\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21402_none_10f9b8f6c177b3cc\lpk.dll
[2012-12-20 22:27][2012-12-16 08:34] 0025600 ____A (Microsoft Corporation) BF6CDA72E4112DAC01E2ED8911C3FD74
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21362_none_10b8d788c1a85e4b\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_10fcda1ac174d7f3\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20875_none_10b128c0c1ad9e63\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20821_none_10e33734c188ad52\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_10e23504c18996d4\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_10c4c252c19f3c5e\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_109e822ec1bb2dae\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17194_none_1010c9a7a8a147db\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17159_none_10410ac9a87c56ca\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_10305b4da889affa\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16734_none_1051cb5ba870757e\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16691_none_100de90fa8a3d3f8\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_106e3811a85bbf28\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_1046f5bda87899fa\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_107034d9a859f788\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_101cb471a89825ee\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_2bb2ca019d418cef\user32.dll
[2015-12-11 15:42][2015-11-10 10:59] 1009152 ____A (Microsoft Corporation) E42CB2576D5C8456C60988B1C908F41A
 
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_2b252a2884278aa2\user32.dll
[2015-12-11 15:42][2015-11-10 10:55] 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A
 
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2011-06-23 04:16][2010-11-20 05:27] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B
 
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009-07-13 15:38][2009-07-13 17:41] 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23188_none_083ad5588a78f1c9\lpk.dll
[2015-09-08 17:42][2015-09-01 19:10] 0000000 ____A () 
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_086715528a579b5c\lpk.dll
[2015-08-16 08:10][2015-07-30 10:22] 0041984 ____A (Microsoft Corporation) 6399191EEE641F711E094B95B91DBA4B
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23126_none_0879b44c8a4a1775\lpk.dll
[2015-07-26 12:36][2015-07-14 19:20] 0041984 ____A (Microsoft Corporation) 7F55FE319EF06C1986B994A3E86C52B4
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22974_none_0841ca148a744013\lpk.dll
[2015-03-10 17:50][2015-02-19 21:25] 0041984 ____A (Microsoft Corporation) DEEE064A330560593BBED835F591F0A5
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22350_none_08535d608a67b3eb\lpk.dll
[2013-10-10 18:10][2013-06-05 21:17] 0041472 ____A (Microsoft Corporation) 22FC61B8E1EBA296FF416C3678E26DD3
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_082d1b568a83a814\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22153_none_08565a728a6505a2\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_086f1b6e8a51f1e7\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18946_none_07da9f87713c7c4b\lpk.dll
[2015-08-16 08:10][2015-07-30 10:06] 0041984 ____A (Microsoft Corporation) 0365E7AED8A38CB5FFF1DFB4458C0593
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18923_none_07ed3e81712ef864\lpk.dll
[2015-07-26 12:36][2015-07-14 19:19] 0041984 ____A (Microsoft Corporation) D57C03D365BC71C7A30504644515F3F8
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18768_none_07c6fc77714aec8d\lpk.dll
[2015-03-10 17:50][2015-02-19 20:41] 0041984 ____A (Microsoft Corporation) F351B0E520502552734BE70AA5940784
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18177_none_07bb20dd7154003d\lpk.dll
[2013-10-10 18:10][2013-06-05 21:50] 0041472 ____A (Microsoft Corporation) 796B47A4B82EF1C39F13435B88834C48
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_07e15d357138149f\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17991_none_079fa54171696fac\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_07e67eed71336b74\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21402_none_06a50ea48d16f1d1\lpk.dll
[2012-12-20 22:27][2012-12-16 09:19] 0041472 ____A (Microsoft Corporation) 838BF2634A38B344B27AC080D76B28C2
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21362_none_06642d368d479c50\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_06a82fc88d1415f8\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20875_none_065c7e6e8d4cdc68\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20821_none_068e8ce28d27eb57\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_068d8ab28d28d4d9\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_067018008d3e7a63\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_0649d7dc8d5a6bb3\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17194_none_05bc1f55744085e0\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17159_none_05ec6077741b94cf\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_05dbb0fb7428edff\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16734_none_05fd2109740fb383\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16691_none_05b93ebd744311fd\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_06198dbf73fafd2d\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_05f24b6b7417d7ff\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_061b8a8773f9358d\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\SysWOW64\lpk.dll
[2015-09-08 17:42][2015-09-01 18:47] 0025600 ____A (Microsoft Corporation) 415FB89174E6D8BFC885A00A01C3446B
 
C:\Windows\SysWOW64\user32.dll
[2015-12-11 15:42][2015-11-10 10:37] 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722
 
C:\Windows\System32\lpk.dll
[2015-12-13 22:04][2015-09-01 18:47] 0025600 ____A (Microsoft Corporation) 415FB89174E6D8BFC885A00A01C3446B
 
C:\Windows\System32\user32.dll
[2015-12-11 15:42][2015-11-10 10:55] 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A
 
C:\found.001\dir0402.chk\lpk.dll
[2015-09-08 17:42][2015-09-01 19:10] 0041984 ____A (Microsoft Corporation) 38E22ADC0D95A1C860C900513A8DC5E9
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_10.0.10240.16384_none_d538ddf00809c9d6\user32.dll
[2015-07-10 02:30][2015-07-10 02:30] 1366168 ___AL () D41D8CD98F00B204E9800998ECF8427E
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.10240.16384_none_b1d38a26f533a7f0\lpk.dll
[2015-07-10 02:30][2015-07-10 02:30] 0003072 ___AL () D41D8CD98F00B204E9800998ECF8427E
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\lpk.dll
[2015-07-10 02:30][2015-07-10 02:30] 0003072 ___AL () D41D8CD98F00B204E9800998ECF8427E
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\user32.dll
[2015-07-10 02:30][2015-07-10 02:30] 1366168 ___AL () D41D8CD98F00B204E9800998ECF8427E
 
X:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009-07-13 15:38][2009-07-13 17:41] 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6
 
X:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
X:\Windows\System32\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
X:\Windows\System32\user32.dll
[2009-07-13 15:38][2009-07-13 17:41] 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6
 
====== End of Search ======


#4 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:58 AM

Posted 15 December 2015 - 06:16 AM

Hi,
 
Let's replace the damaged files...
 
!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...
 
- Download Attached File  fixlist.txt   292bytes   9 downloads and save it to the flash drive in the same place as the FRST64 program (make sure the file is named fixlist.txt)
- Access the Recovery Environment like you did before and run FRST64
- click the Fix button
- The tool will make a log (Fixlog.txt) on the same location as FRST64 please post it in your next reply

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#5 mdhvezda

mdhvezda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:02:58 AM

Posted 15 December 2015 - 11:52 AM

SleepyDude,

Shown below are the results from the FRST Fixlist run.  That did it, my laptop now successfully boots up, thank you so much.  A question for you --  I see that this post was moved to this forum, so, the laptop had some kind of virus/malware? 

 

**************************************************************************************************************

Fix result of Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by SYSTEM (2015-12-15 10:09:01) Run:1
Running from F:\FRST
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_086715528a579b5c\lpk.dll c:\windows\system32\lpk.dll
Replace: C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_12bbbfa4beb85d57\lpk.dll C:\Windows\SysWOW64\lpk.dll
 
*****************
 
c:\windows\system32\lpk.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_086715528a579b5c\lpk.dll copied successfully to c:\windows\system32\lpk.dll
C:\Windows\SysWOW64\lpk.dll => moved successfully
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_12bbbfa4beb85d57\lpk.dll copied successfully to C:\Windows\SysWOW64\lpk.dll
 
==== End of Fixlog 10:09:02 ====


#6 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:58 AM

Posted 15 December 2015 - 12:41 PM

Hi,
 

SleepyDude,
Shown below are the results from the FRST Fixlist run.  That did it, my laptop now successfully boots up, thank you so much.  A question for you --  I see that this post was moved to this forum, so, the laptop had some kind of virus/malware?

 
Not exactly, by the forum rules the FRST reports are only allowed on the Malware Removal Logs section of the forum...
 
The log show that the lpk file was moved due to some disk error:

C:\found.001\dir0402.chk\lpk.dll


The FRST log you provided didn't show evidences of malware but the log generated from the Recovery Environment doesn't show everything, if you want to check more I will need a fresh FRST64 log.
 
I suspect you have at least some outdated software that could put the computer security at risk.
  • Download SecurityCheck by glax24 here and save utility on your Desktop
  • Double-click it (For Windows XP users) or right-click and choose Run As Administrator (on Windows Vista or higher)
  • Do not block the utility by your Firewall warnings (if any).
  • Wait for the end of scan. The log SecurityCheck.txt will be open in the Notepad;
  • In case you close the Notepad you can find a log in the system root folder named SecurityCheck, for example C:\SecurityCheck\SecurityCheck.txt
  • Copy its contents to your next post.

Edited by SleepyDude, 15 December 2015 - 12:42 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#7 mdhvezda

mdhvezda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:02:58 AM

Posted 15 December 2015 - 08:35 PM

I have completed the SecurityCheck, and also did another FRST.  The results are show below.

 

 

************************************************************************************************************************

SecurityCheck by glax24 v.1.4.0.32 [01.11.15]
WebSite: www.safezone.cc
DateLog: 15.12.2015 17:05:34
Path starting: C:\Users\mdh\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: mdh
VersionXML: 2.19is-15.12.2015
___________________________________________________________________________
 
Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 05.05.2010 15:33:01
LicenseStatus: Windows® 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [350.5 Gb] Used: [93 Gb] Free: [257.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18124
User Account Control enabled
Automatic download and scheduled installation
Date install updates: 2015-12-15 18:53:25
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
---------------------------- [ Antivirus_WMI ] ----------------------------
Microsoft Security Essentials (enabled and up to date)
avast! Antivirus (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Microsoft Security Essentials (enabled and up to date)
Windows Defender (disabled and up to date)
avast! Antivirus (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Microsoft Security Essentials v.4.8.204.0
Avast Free Antivirus v.10.4.2233
Sophos Virus Removal Tool v.2.5.4
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.0.4.1028 v.2.0.4.1028
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.2.1
Microsoft Silverlight v.5.1.41105.0
TeamViewer 11 v.11.0.53254 [+]
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.17 v.7.17.104
-------------------------------- [ Java ] ---------------------------------
JavaFX 2.1.1 v.2.1.1 Warning! Download Update
Java 8 Update 65 v.8.0.650.17 Warning! Download Update
Uninstall old version and install new one.
--------------------------- [ AppleProduction ] ---------------------------
QuickTime 7 v.7.78.80.95
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 20 ActiveX v.20.0.0.228
Adobe Flash Player 20 NPAPI v.20.0.0.235
Adobe Acrobat Reader DC v.15.009.20079
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 43.0 (x64 en-US) v.43.0
Google Chrome v.47.0.2526.80
----------------------------- [ EmailClient ] -----------------------------
Windows Live Mail v.15.4.3502.0922
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.47.0.2526.80
C:\Program Files\Microsoft Security Client\MsMpEng.exe v.4.8.204.0
C:\Program Files\Microsoft Security Client\NisSrv.exe v.4.8.204.0
----------------------------- [ End of Log ] ------------------------------
 
 
 
 
**********************************************************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015
Ran by mdh (administrator) on ASUS-LAPTOP (15-12-2015 19:08:17)
Running from F:\FRST
Loaded Profiles: mdh (Available Profiles: Bryan Hvezda & mdh & Ramona)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\ABService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Everything\Everything.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TigerVNC Project) C:\Program Files (x86)\TigerVNC\winvnc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Everything\Everything.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Dropbox, Inc.) C:\found.001\dir2113.chk\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files (x86)\TouchpadPal\TouchpadPal.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Just Great Software) C:\Program Files (x86)\Just Great Software\EditPadLite7\EditPadLite7.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\...\Run: [Google Update] => "C:\Users\mdh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2672488 2011-05-25] (Hewlett-Packard Co.)
HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\...\Run: [Facebook Update] => C:\Users\mdh\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\...\Run: [GoogleChromeAutoLaunch_D7703F24C4B80D8F0D4348F21D7F4E89] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-04] (Google Inc.)
HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\...\Run: [Dropbox Update] => C:\Users\mdh\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50377336 2015-12-14] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-05] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\found.001\dir2113.chk\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\found.001\dir2113.chk\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\found.001\dir2113.chk\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\found.001\dir2113.chk\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mdh\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mdh\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mdh\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-04-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-03-04]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-03-04]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-15]
ShortcutTarget: Dropbox.lnk -> C:\found.001\dir2113.chk\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-03-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TouchpadPal.lnk [2015-08-20]
ShortcutTarget: TouchpadPal.lnk -> C:\Program Files (x86)\TouchpadPal\TouchpadPal.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File 
Winsock: Catalog5-x64 10 C:\Program Files\Bonjour\mdnsNSP.dll No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{063E9916-E100-48AE-A13A-4E9FF20762E4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{063E9916-E100-48AE-A13A-4E9FF20762E4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{83D7C943-544B-4BC6-A375-5D4C4CF37FCB}: [NameServer] 172.20.0.1,4.4.4.4
Tcpip\..\Interfaces\{C98691BF-F778-4BAF-BB8E-693BF8501125}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004 -> DefaultScope {028EE977-0F60-4541-B78F-BA56563F1E64} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004 -> {028EE977-0F60-4541-B78F-BA56563F1E64} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-12] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-08-26] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-01] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
 
FireFox:
========
FF ProfilePath: C:\Users\mdh\AppData\Roaming\Mozilla\Firefox\Profiles\9ymdzf6w.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1527920751-4294408137-3259649097-1004: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\mdh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-1527920751-4294408137-3259649097-1004: @talk.google.com/GoogleTalkPlugin -> C:\Users\mdh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [No File]
FF Plugin HKU\S-1-5-21-1527920751-4294408137-3259649097-1004: @talk.google.com/O1DPlugin -> C:\Users\mdh\AppData\Roaming\Mozilla\plugins\npo1d.dll [No File]
FF Plugin HKU\S-1-5-21-1527920751-4294408137-3259649097-1004: @tools.google.com/Google Update;version=3 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1527920751-4294408137-3259649097-1004: @tools.google.com/Google Update;version=9 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1527920751-4294408137-3259649097-1004: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\mdh\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin HKU\S-1-5-21-1527920751-4294408137-3259649097-1004: google.com/WidevineMediaOptimizer -> C:\Users\mdh\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll [2014-06-09] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT"
CHR Profile: C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-15]
CHR Extension: (Avast SafePrice) - C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-15]
CHR Extension: (Avast Online Security) - C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-15]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-12-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-15]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\mdh\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-12-15]
CHR HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-05] (AVAST Software)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\ABService.exe [29912 2014-12-24] (AOMEI Tech Co., Ltd.)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [931640 2012-04-17] (Trusteer Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WinVNC4; C:\Program Files (x86)\TigerVNC\winvnc4.exe [5578105 2012-03-09] (TigerVNC Project) [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-07-31] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-07-31] () [File not signed]
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-07-31] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-05] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [117760 2009-10-15] (ELAN Microelectronic Corp.) [File not signed]
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S0 lhldjq; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2012-04-17] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2012-04-17] (Trusteer Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 HTTP; system32\drivers\HTTP.sys [X]
S3 srv; System32\DRIVERS\srv.sys [X]
S3 srvnet; System32\DRIVERS\srvnet.sys [X]
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-15 18:11 - 2015-12-15 18:11 - 00000000 ___HD C:\OneDriveTemp
2015-12-15 16:51 - 2015-12-15 16:51 - 00000000 ____D C:\Users\mdh\AppData\Local\CEF
2015-12-15 16:47 - 2015-12-15 16:47 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Macromedia
2015-12-15 16:44 - 2015-12-15 16:44 - 00000798 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-12-15 16:44 - 2015-12-15 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-12-15 16:44 - 2015-12-15 16:44 - 00000000 ____D C:\Program Files\Speccy
2015-12-15 16:33 - 2015-12-15 16:51 - 00000000 ____D C:\Users\mdh\AppData\Local\Adobe
2015-12-15 16:26 - 2015-12-15 16:26 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Mozilla
2015-12-15 16:26 - 2015-12-15 16:26 - 00000000 ____D C:\Users\mdh\AppData\Local\Mozilla
2015-12-15 16:21 - 2015-12-15 16:21 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-15 16:05 - 2015-12-15 19:06 - 00000000 ____D C:\SecurityCheck
2015-12-15 11:19 - 2015-12-15 11:19 - 00000000 ____D C:\Windows\CheckSur
2015-12-15 11:08 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-15 10:30 - 2015-12-15 10:30 - 00001661 _____ C:\Users\mdh\Desktop\Google Drive.lnk
2015-12-15 10:14 - 2015-12-15 16:51 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Adobe
2015-12-15 10:14 - 2015-12-15 10:14 - 00002261 _____ C:\Users\mdh\Desktop\Web Browser.lnk
2015-12-15 10:14 - 2015-12-15 10:14 - 00000000 ____D C:\Users\mdh\AppData\Roaming\ATI
2015-12-15 10:14 - 2015-12-15 10:14 - 00000000 ____D C:\Users\mdh\AppData\Local\ATI
2015-12-15 10:13 - 2015-12-15 10:13 - 00000000 ____D C:\Users\mdh\AppData\Local\SRS Labs
2015-12-15 10:12 - 2015-12-15 16:36 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Apple Computer
2015-12-15 10:11 - 2015-12-15 11:06 - 00000000 ____D C:\Users\mdh\AppData\Local\Google
2015-12-15 10:11 - 2015-12-15 10:11 - 00000000 ____D C:\ProgramData\AomeiBR
2015-12-14 00:04 - 2015-07-30 12:22 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-12-13 23:58 - 2015-12-13 23:58 - 00000000 _____ C:\sfcdetails.txt
2015-12-13 20:48 - 2015-12-15 19:08 - 00000000 ____D C:\FRST
2015-12-13 12:30 - 2015-12-13 12:30 - 00000051 _____ C:\Windows\system32\.directory
2015-12-12 22:50 - 2015-12-12 22:50 - 00000000 __SHD C:\found.001
2015-12-12 18:41 - 2015-12-12 18:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-12 18:41 - 2015-12-12 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-11 17:51 - 2015-12-11 17:51 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 17:43 - 2015-11-20 12:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-11 17:43 - 2015-11-20 12:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-11 17:43 - 2015-11-20 12:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-11 17:43 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-11 17:43 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-11 17:43 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-11 17:43 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-11 17:43 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-11 17:42 - 2015-11-20 12:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-11 17:42 - 2015-11-20 12:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-11 17:42 - 2015-11-20 12:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-11 17:42 - 2015-11-20 12:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-11 17:42 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-11 17:42 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-11 17:42 - 2015-11-20 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-11 17:42 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-11 17:42 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-11 17:42 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-11 17:42 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-11 17:42 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-11 17:42 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-11 17:42 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-11 17:42 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-11 17:42 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-11 17:42 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-11 17:42 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-11 17:42 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-11 17:42 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-11 17:42 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-11 17:42 - 2015-11-10 11:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-11 17:42 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-11 17:42 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-11 17:42 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-11 17:41 - 2015-11-11 15:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-11 17:41 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-11 17:41 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-11 17:41 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-11 17:41 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-11 17:41 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-11 17:41 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-11 17:41 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-11 17:41 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-11 17:41 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-11 17:41 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-11 17:41 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-11 17:41 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-11 17:41 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-11 17:41 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-11 17:41 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-11 17:41 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-11 17:41 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-11 17:41 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-11 17:41 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-11 17:41 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-11 17:41 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-11 17:41 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-11 17:41 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-11 17:41 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-11 17:41 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-11 17:41 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-11 17:41 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-11 17:41 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-11 17:41 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-11 17:41 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-11 17:41 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-11 17:41 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-11 17:41 - 2015-11-08 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-11 17:41 - 2015-11-08 16:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-11 17:41 - 2015-11-08 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-11 17:41 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-11 17:41 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-11 17:41 - 2015-11-08 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-11 17:41 - 2015-11-08 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-11 17:41 - 2015-11-08 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-11 17:41 - 2015-11-08 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-11 17:41 - 2015-11-08 16:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-11 17:41 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-11 17:41 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-11 17:41 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-11 17:41 - 2015-11-08 16:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-11 17:41 - 2015-11-08 16:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-11 17:41 - 2015-11-08 16:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-11 17:41 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-11 17:41 - 2015-11-08 15:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-11 17:41 - 2015-11-08 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-11 17:41 - 2015-11-08 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-11 17:41 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-11 17:41 - 2015-11-08 15:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-11 17:41 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-11 17:41 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-11 17:41 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-11 17:41 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-11 17:41 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-11 17:41 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-11 17:41 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-11 17:41 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-11 17:41 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-11 17:39 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-11 17:39 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-11 17:06 - 2015-12-11 17:06 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-11 17:06 - 2015-12-11 17:06 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-29 13:35 - 2015-12-15 16:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-29 13:35 - 2015-11-29 13:35 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-22 00:00 - 2015-11-22 00:05 - 00000000 ____D C:\cbe57a76a702e6f997e5b655
2015-11-21 23:19 - 2015-10-19 19:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-21 23:19 - 2015-10-19 19:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-21 23:19 - 2015-10-19 19:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-21 23:19 - 2015-10-19 19:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-21 23:19 - 2015-10-19 19:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-21 23:19 - 2015-10-19 19:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-21 23:19 - 2015-10-19 19:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-21 23:19 - 2015-10-19 19:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-21 23:19 - 2015-10-19 19:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-21 23:19 - 2015-10-19 19:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-21 23:19 - 2015-10-19 19:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-21 23:19 - 2015-10-19 19:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-21 23:19 - 2015-10-19 19:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-21 23:19 - 2015-10-19 19:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-21 23:19 - 2015-10-19 18:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-21 23:19 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-21 23:19 - 2015-10-19 18:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-21 23:19 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-21 23:19 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-21 23:19 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-21 23:19 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-21 23:19 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-21 23:19 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-21 23:19 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-21 23:19 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-21 23:19 - 2015-10-19 18:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-21 23:19 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-21 23:19 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-21 23:19 - 2015-10-19 18:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-21 23:19 - 2015-10-19 18:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-21 23:19 - 2015-10-19 18:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-21 23:19 - 2015-10-19 18:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-21 23:19 - 2015-10-19 18:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-21 23:19 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-21 23:19 - 2015-10-19 18:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-21 23:19 - 2015-10-19 17:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-21 23:19 - 2015-10-19 17:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-21 23:19 - 2015-10-19 17:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-21 23:19 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-21 23:19 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-21 23:19 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-21 23:18 - 2015-10-19 19:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-21 23:18 - 2015-10-19 18:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-21 23:18 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-21 23:18 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-21 23:18 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-21 23:18 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 17:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-21 23:18 - 2015-10-19 17:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-21 23:18 - 2015-10-19 17:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 17:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 17:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-21 23:18 - 2015-10-19 17:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-21 23:16 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-21 23:16 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-21 23:16 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-21 23:16 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-21 23:16 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-21 23:16 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-21 23:16 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-21 23:16 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-21 23:16 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-21 23:16 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-21 23:15 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-21 23:15 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-21 23:15 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-21 22:12 - 2015-11-21 22:12 - 00273304 _____ C:\Windows\Minidump\112115-33290-01.dmp
2015-11-21 21:56 - 2015-12-15 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-15 19:00 - 2012-06-08 19:27 - 00000000 ___RD C:\Users\mdh\Google Drive
2015-12-15 18:58 - 2015-06-12 12:46 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job
2015-12-15 18:58 - 2011-07-31 15:27 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Skype
2015-12-15 18:52 - 2010-08-09 18:59 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1000UA.job
2015-12-15 18:47 - 2011-07-23 03:32 - 00000000 ____D C:\Windows\rescache
2015-12-15 18:41 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-15 18:41 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-15 18:25 - 2010-03-04 02:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-15 18:19 - 2012-07-31 18:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-15 18:12 - 2011-07-31 19:44 - 00000000 ___RD C:\Users\mdh\Dropbox
2015-12-15 18:12 - 2011-07-31 19:43 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Dropbox
2015-12-15 18:12 - 2011-07-31 15:32 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job
2015-12-15 18:11 - 2015-09-09 15:20 - 00000000 ___RD C:\Users\mdh\OneDrive
2015-12-15 18:10 - 2010-03-04 02:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-15 18:07 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-15 18:06 - 2014-10-22 09:57 - 00000000 ____D C:\Users\mdh\AppData\Roaming\Everything
2015-12-15 17:57 - 2012-03-18 13:40 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job
2015-12-15 17:57 - 2012-03-18 13:40 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job
2015-12-15 17:49 - 2011-07-31 11:37 - 00130840 _____ C:\Users\mdh\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-15 17:48 - 2009-07-13 22:45 - 00484480 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-15 17:47 - 2015-02-24 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-15 17:27 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-15 17:12 - 2011-07-31 15:32 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job
2015-12-15 16:48 - 2010-03-04 02:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-15 16:36 - 2010-06-01 21:29 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-15 16:24 - 2015-02-24 21:17 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-15 16:24 - 2015-02-24 21:17 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-15 16:21 - 2012-01-26 00:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-15 16:15 - 2010-06-22 12:19 - 00000000 ____D C:\ProgramData\Skype
2015-12-15 16:04 - 2009-07-13 23:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-15 16:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-15 15:33 - 2009-07-13 23:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-15 11:19 - 2013-08-19 20:43 - 00000000 ____D C:\Windows\system32\MRT
2015-12-15 10:21 - 2012-07-31 18:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-15 10:21 - 2012-04-06 10:07 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-15 10:21 - 2011-12-22 15:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-15 10:14 - 2015-09-09 15:20 - 00002118 _____ C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-12-15 10:11 - 2015-02-24 14:41 - 00000000 ____D C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2
2015-12-13 22:11 - 2015-05-08 20:29 - 01289440 _____ C:\Windows\ntbtlog.txt
2015-12-12 19:07 - 2015-01-21 18:05 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-12 18:41 - 2014-03-28 20:19 - 00000000 ____D C:\Users\mdh\AppData\Local\Skype
2015-12-11 18:44 - 2010-03-04 01:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-11 18:43 - 2013-03-12 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-11 18:41 - 2013-03-12 21:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 18:41 - 2013-03-12 21:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 17:20 - 2010-03-04 02:28 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-11 17:20 - 2010-03-04 02:28 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-11 17:07 - 2011-07-31 15:32 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA
2015-12-11 17:07 - 2011-07-31 15:32 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core
2015-12-11 01:20 - 2012-02-20 18:53 - 00000600 _____ C:\Users\mdh\AppData\Local\PUTTY.RND
2015-12-08 21:39 - 2010-05-06 15:34 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-29 14:57 - 2015-06-12 12:46 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job
2015-11-29 13:36 - 2014-12-28 16:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-29 13:34 - 2010-03-04 02:26 - 00000000 ____D C:\ProgramData\Adobe
2015-11-29 12:20 - 2012-06-08 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-22 18:47 - 2014-04-18 14:19 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-21 23:53 - 2009-07-14 01:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-21 22:12 - 2011-11-12 22:47 - 00000000 ____D C:\Windows\Minidump
2015-11-21 22:11 - 2015-02-12 21:21 - 607315358 _____ C:\Windows\MEMORY.DMP
 
==================== Files in the root of some directories =======
 
2011-12-27 22:51 - 2011-12-27 22:51 - 0000268 ___RH () C:\Users\mdh\AppData\Roaming\Image Capture
2011-12-27 22:51 - 2011-12-27 22:51 - 0000268 ___RH () C:\Users\mdh\AppData\Roaming\Image Manipulation
2011-12-27 22:51 - 2011-12-27 22:51 - 0000268 ___RH () C:\Users\mdh\AppData\Roaming\Image Units
2012-02-20 18:53 - 2015-12-11 01:20 - 0000600 _____ () C:\Users\mdh\AppData\Local\PUTTY.RND
2012-01-16 12:03 - 2012-01-16 12:03 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-06-22 12:21 - 2010-06-22 12:21 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-03-04 02:36 - 2009-09-10 11:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2011-12-27 22:51 - 2011-12-27 22:51 - 0000268 ___RH () C:\ProgramData\Importer
2011-12-27 22:51 - 2011-12-27 22:51 - 0000268 ___RH () C:\ProgramData\InkjetPrinter
2011-12-27 22:51 - 2011-12-27 22:51 - 0000268 ___RH () C:\ProgramData\Installer Plugin
2011-12-27 22:51 - 2011-12-27 22:51 - 0000012 ___RH () C:\ProgramData\LaserPrinter
2011-12-27 22:51 - 2011-12-27 22:51 - 0000012 ___RH () C:\ProgramData\Legacy
2011-12-27 22:51 - 2011-12-27 22:51 - 0000012 ___RH () C:\ProgramData\Licenses
2011-12-27 22:51 - 2011-12-27 22:51 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2011-12-27 22:51 - 2011-12-30 06:33 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2011-12-27 22:51 - 2011-12-27 22:51 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2010-03-04 02:22 - 2010-03-04 02:23 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-03-04 02:22 - 2010-03-04 02:22 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\mdh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbyz5ux.dll
C:\Users\mdh\AppData\Local\Temp\ETDUninst.dll
C:\Users\mdh\AppData\Local\Temp\Frameworkutils.dll
C:\Users\mdh\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\mdh\AppData\Local\Temp\install_flashplayer12x32au_mssd_aaa_aih.exe
C:\Users\mdh\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\mdh\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\mdh\AppData\Local\Temp\mssinstaller.exe
C:\Users\mdh\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mdh\AppData\Local\Temp\swt-win32-3347.dll
C:\Users\mdh\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\mdh\AppData\Local\Temp\winping.dll
C:\Users\mdh\AppData\Local\Temp\{40D732BE-B991-4CA9-A1A4-8A8708F64271}-DropboxClient_3.8.5.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\powertracker.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-15 18:39
 
==================== End of FRST.txt ============================


#8 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:58 AM

Posted 16 December 2015 - 11:33 AM

Hi,

Can you post also the contents of the Addition.txt log that was created by FRST please (it should be inside F:\FRST).


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#9 mdhvezda

mdhvezda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:02:58 AM

Posted 16 December 2015 - 01:03 PM

Here are the contents of the Addition.txt file :

 

***************************************************************************************************************

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-12-2015 03
Ran by mdh (2015-12-16 11:51:04)
Running from F:\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2010-05-05 15:33:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1527920751-4294408137-3259649097-500 - Administrator - Disabled)
Bryan Hvezda (S-1-5-21-1527920751-4294408137-3259649097-1000 - Administrator - Enabled) => C:\Users\Bryan Hvezda
Guest (S-1-5-21-1527920751-4294408137-3259649097-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1527920751-4294408137-3259649097-1002 - Limited - Enabled)
mdh (S-1-5-21-1527920751-4294408137-3259649097-1004 - Administrator - Enabled) => C:\Users\mdh
Ramona (S-1-5-21-1527920751-4294408137-3259649097-1005 - Limited - Enabled) => C:\Users\Ramona
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
AOMEI Backupper Standard Edition 2.2 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Standard Edition 5.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.6 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.18 - asus)
ATI AVIVO64 Codecs (Version: 10.12.0.41217 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D87D65E0-B704-9861-F836-5A310B41F153}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
ccc-core-static (x32 Version: 2009.1217.1632.29627 - ATI) Hidden
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.31 - Piriform)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Utility 2.3 (HKLM-x32\...\{9CD8BE6C-08AA-4363-8F0A-E27A4E813CFA}_is1) (Version: 2.3 - Pelco by Schneider Electric)
DISH Anywhere Video Player (HKLM-x32\...\{D180F2F3-9CD4-4867-A221-D81C725D8045}) (Version: 2.24.2 - DISH Anywhere)
DISH Anywhere Video Player Installer (x32 Version: 0.0.0.236 - Sling Media) Hidden
DishAnywhereDesktop (HKLM-x32\...\{330c332d-b8e7-4d1b-930b-a9852c7c4e9c}) (Version: 0.0.0.236 - Sling Media)
Dropbox (HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
EditPad Lite 7.3.1 (HKLM\...\EditPad Lite) (Version: 7.3.1 - Just Great Software)
Endura Utilities - 2.4.11.33 (HKLM-x32\...\{0651fc13-1fd0-4d6e-958a-b8e31c47caf4}) (Version: 2.4.11.33 - Pelco)
Endura Utilities (x32 Version: 2.4.11.33 - Pelco) Hidden
Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
ExamDiff Pro 4.5 (Build 4.5.2.2) (HKLM-x32\...\ExamDiff Pro_is1) (Version: 4.5.2.2 - PrestoSoft LLC)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
FileZilla Client 3.12.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{669A032D-4E28-3D11-BB26-8AD5D51EFE87}) (Version: 2.1.8.0 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{C51B24BD-9CF9-4170-8DB2-457002F68A65}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{10173615-D9A7-4C50-A036-38CA89221708}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{DB4AAFCB-1F3A-43F7-9E68-B06171C89CAB}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Img2Ozf Version 3 (HKLM-x32\...\Img2Ozf_is1) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.11.10 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0 (x64 en-US) (HKLM\...\Mozilla Firefox 43.0 (x64 en-US)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
OziExplorer 3.95 (HKLM-x32\...\OziExplorer 3.95_is1) (Version:  - )
Paint Shop Pro 7 ESD (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
Paint.NET v3.5.5 (HKLM\...\{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}) (Version: 3.55.0 - dotPDN LLC)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
Pop-up Bold (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Pop-up Bold) <==== ATTENTION
Printing Press Game (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - Printing Press Game) <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Rapport (HKLM-x32\...\Rapport_msi) (Version: 3.5.1108.76 - Trusteer)
Rapport (x32 Version: 3.5.1108.76 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6000 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Should I Remove It (HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.104 - Skype Technologies S.A.)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.2500 - SRS Labs, Inc.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Tera Term 4.85 (HKLM-x32\...\Tera Term_is1) (Version:  - )
TouchpadPal 1.4 (HKLM-x32\...\TouchpadPal) (Version: 1.4 - DeSofto)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.6 - uvnc bvba)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9400 - Broadcom Corporation)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.6678 - Widevine Technologies)
Widevine Media Optimizer Chrome 6.0.0 (HKU\.DEFAULT\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Widevine Media Optimizer IE 6.0.0 (HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
Widevine Media Transformer Chrome 5.0.0 (HKLM-x32\...\transformer_chrome) (Version: 5.0.0.4679 - Widevine Technologies)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mdh\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\mdh\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\mdh\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\found.001\dir2113.chk\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\found.001\dir2113.chk\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\found.001\dir2113.chk\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\found.001\dir2113.chk\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\found.001\dir2113.chk\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\found.001\dir2113.chk\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\found.001\dir2113.chk\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\found.001\dir2113.chk\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\found.001\dir2113.chk\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\found.001\dir2113.chk\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Restore Points =========================
 
15-12-2015 10:58:23 Windows Update
15-12-2015 11:07:51 Windows Update
15-12-2015 16:35:03 Removed iTunes
15-12-2015 17:04:48 Removed Bonjour
15-12-2015 20:22:58 Installed Should I Remove It
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2011-09-15 11:38 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
 
# 192.168.1.1 mdhvezda.homelinux.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00BB42E7-68AA-4FC1-BE25-60502F12BA56} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-23] (ATK)
Task: {1A0C5D1E-EB80-498E-924A-0845B6837A63} - System32\Tasks\{4E2B8364-3B03-4CF7-8690-CC1963209730} => pcalua.exe -a C:\Users\BRYANH~1\AppData\Local\Temp\neoTermServSetup.exe -d "C:\Users\Bryan Hvezda\AppData\Roaming\Juniper Networks\Setup Client"
Task: {1DCC6131-7F41-4650-8738-2E23A0C97F4B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-15] (Adobe Systems Incorporated)
Task: {263693D4-1E70-47A3-BB4F-9DD59F216D11} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {271BBA1B-A9C9-48DC-89E3-407C6804F48F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1000Core => C:\Users\Bryan Hvezda\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-17] (Google Inc.)
Task: {2C2F4639-D971-47E1-8034-87EF5196C2C0} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {3E6D7E7F-843C-4668-950F-71A5AE3E7A8F} - System32\Tasks\{EC03E1D0-D09D-44A1-92B0-E933A2AE7C73} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/12210
Task: {3F61C57D-22B0-44C7-959B-8D500204F16F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {456259F0-1079-4506-BFF1-C8E77C88AF12} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA => C:\Users\mdh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {4802FAD9-4B0C-4FF0-A14D-9F9346914D84} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {494C9075-E59F-4BBB-8FA2-5FF59DBCDF18} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core => C:\Users\mdh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {56FC4E4D-3FB5-4958-9F05-749BA7891924} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {7820A85B-08FC-4D47-85D5-23EB70A785E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {8BA9E04C-FFA0-4CDC-B830-FB1603BB7FB3} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {958401FF-3AF4-4E1E-85CC-F477446C19FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {B3A6AB04-2318-4F47-A5B2-6D05783D051B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core => C:\Users\mdh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {B4606066-45CD-4C35-A882-1A8D06DF7445} - System32\Tasks\{6F5C0505-0293-402B-843C-F154A12AC2A6} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-12-14] (Skype Technologies S.A.)
Task: {BB37F278-8AA6-4160-99E1-D51E78D12BCC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core => C:\Users\mdh\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.)
Task: {BBC04BA2-46DE-4698-B82F-C03A03DAEAD7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1000UA => C:\Users\Bryan Hvezda\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-17] (Google Inc.)
Task: {C2B26E95-A842-4321-A108-AFEC2B646320} - System32\Tasks\{08D614EE-3CBA-482B-9865-2FE0EA83BD58} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\uninstall\helper.exe"
Task: {C3B0AE4E-101D-424A-8A70-19D2C460F80E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA => C:\Users\mdh\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.)
Task: {CF881BA3-3FA5-422A-B512-6F5325A2A901} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {E0DCE382-9217-45BA-A297-83B585FB5AE9} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-05-25] (Hewlett-Packard Co.)
Task: {E6AA530E-D3DE-4250-8D39-E3C8D3ED39E2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-05] (AVAST Software)
Task: {E930E375-40B1-4C3C-9254-4ACE2AB76980} - \avastBCLRestartS-1-5-21-1527920751-4294408137-3259649097-1004 -> No File <==== ATTENTION
Task: {EAF32E54-9D42-44A1-9F24-14BA3389A48D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA => C:\Users\mdh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {F1F30E17-D3B6-4E89-9E23-F26CFD253DBF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job => C:\Users\mdh\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job => C:\Users\mdh\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job => C:\Users\mdh\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job => C:\Users\mdh\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1000Core.job => C:\Users\Bryan Hvezda\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1000UA.job => C:\Users\Bryan Hvezda\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004Core.job => C:\Users\mdh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527920751-4294408137-3259649097-1004UA.job => C:\Users\mdh\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-22 09:57 - 2014-08-05 19:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2009-12-23 15:12 - 2009-12-23 15:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-18 21:11 - 2009-12-18 21:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-01 01:02 - 2008-10-01 01:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-11-24 15:45 - 2009-11-24 15:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2015-07-09 11:32 - 2015-07-09 11:32 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-04 02:55 - 2007-11-30 13:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2013-10-10 10:57 - 2013-10-10 10:57 - 00547840 _____ () C:\Program Files (x86)\TouchpadPal\TouchpadPal.exe
2008-10-23 12:21 - 2008-10-23 12:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-03-04 02:49 - 2010-03-04 02:49 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-05-30 08:16 - 2012-05-30 08:16 - 00520464 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00270040 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\UiLogic.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00229080 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\diskmgr.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00278232 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\Comn.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\Ldm.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\Device.dll
2015-02-24 14:41 - 2015-01-26 11:42 - 00265944 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\BrFat.dll
2015-02-24 14:41 - 2015-01-26 11:42 - 00384728 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\BrNtfs.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00118488 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\FuncLogic.dll
2015-02-24 14:41 - 2015-01-26 11:42 - 00241368 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\Clone.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00343768 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\ImgFile.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\Encrypt.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00073432 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\Compress.dll
2015-02-24 14:41 - 2015-01-26 11:42 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\BrVol.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\GptBcd.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00151256 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\FlBackup.dll
2015-02-24 14:41 - 2015-01-26 11:43 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\EnumFolder.dll
2015-02-24 14:41 - 2015-01-26 11:42 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\Backup.dll
2015-02-24 14:41 - 2015-01-26 11:42 - 00098008 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\BrLog.dll
2015-02-24 14:41 - 2013-11-26 17:09 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.2\QtCore4.dll
2015-07-09 11:32 - 2015-07-09 11:32 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-12-11 17:51 - 2015-10-30 18:59 - 00034768 _____ () C:\found.001\dir2113.chk\_multiprocessing.pyd
2015-12-11 17:50 - 2015-10-30 19:00 - 00019408 _____ () C:\found.001\dir2113.chk\faulthandler.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00022848 _____ () C:\found.001\dir2113.chk\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00023352 _____ () C:\found.001\dir2113.chk\Crypto.Util._counter.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00042296 _____ () C:\found.001\dir2113.chk\Crypto.Cipher._AES.pyd
2015-12-11 17:50 - 2015-10-30 18:59 - 00116688 _____ () C:\found.001\dir2113.chk\pywintypes27.dll
2015-12-11 17:51 - 2015-10-30 18:59 - 00093640 _____ () C:\found.001\dir2113.chk\_ctypes.pyd
2015-12-11 17:51 - 2015-10-30 18:59 - 00018376 _____ () C:\found.001\dir2113.chk\select.pyd
2015-12-11 17:51 - 2015-12-08 15:36 - 00019760 _____ () C:\found.001\dir2113.chk\tornado.speedups.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00105928 _____ () C:\found.001\dir2113.chk\win32api.pyd
2015-12-11 17:50 - 2015-10-30 18:59 - 00392144 _____ () C:\found.001\dir2113.chk\pythoncom27.dll
2015-12-11 17:51 - 2015-12-08 15:36 - 00381752 _____ () C:\found.001\dir2113.chk\win32com.shell.shell.pyd
2015-12-11 17:51 - 2015-10-30 18:59 - 00692688 _____ () C:\found.001\dir2113.chk\unicodedata.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00020816 _____ () C:\found.001\dir2113.chk\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00109520 _____ () C:\found.001\dir2113.chk\_cffi_backend.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 01737032 _____ () C:\found.001\dir2113.chk\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00020808 _____ () C:\found.001\dir2113.chk\cryptography.hazmat.bindings._padding.pyd
2015-12-11 17:51 - 2015-12-08 15:36 - 00020800 _____ () C:\found.001\dir2113.chk\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 17:51 - 2015-12-08 15:36 - 00021840 _____ () C:\found.001\dir2113.chk\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00038696 _____ () C:\found.001\dir2113.chk\fastpath.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00024528 _____ () C:\found.001\dir2113.chk\win32event.pyd
2015-12-11 17:50 - 2015-10-30 19:00 - 00020936 _____ () C:\found.001\dir2113.chk\mmapfile.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00114640 _____ () C:\found.001\dir2113.chk\win32security.pyd
2015-12-11 17:51 - 2015-12-08 15:36 - 00021320 _____ () C:\found.001\dir2113.chk\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00124880 _____ () C:\found.001\dir2113.chk\win32file.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00030160 _____ () C:\found.001\dir2113.chk\win32pipe.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00043472 _____ () C:\found.001\dir2113.chk\win32process.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00175560 _____ () C:\found.001\dir2113.chk\win32gui.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00028616 _____ () C:\found.001\dir2113.chk\win32ts.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00024016 _____ () C:\found.001\dir2113.chk\win32clipboard.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00048592 _____ () C:\found.001\dir2113.chk\win32service.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00024392 _____ () C:\found.001\dir2113.chk\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 17:50 - 2015-10-30 19:00 - 00036296 _____ () C:\found.001\dir2113.chk\librsync.dll
2015-12-11 17:51 - 2015-10-30 19:00 - 00024016 _____ () C:\found.001\dir2113.chk\win32profile.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00117056 _____ () C:\found.001\dir2113.chk\breakpad.client.windows.handler.pyd
2015-12-11 17:51 - 2015-12-08 15:36 - 00023376 _____ () C:\found.001\dir2113.chk\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 17:51 - 2015-10-30 18:59 - 00134608 _____ () C:\found.001\dir2113.chk\_elementtree.pyd
2015-12-11 17:50 - 2015-10-30 18:59 - 00134088 _____ () C:\found.001\dir2113.chk\pyexpat.pyd
2015-12-11 17:50 - 2015-10-30 19:00 - 00240584 _____ () C:\found.001\dir2113.chk\jpegtran.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00020280 _____ () C:\found.001\dir2113.chk\cpuid.compiled._cpuid.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00052024 _____ () C:\found.001\dir2113.chk\psutil._psutil_windows.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00021304 _____ () C:\found.001\dir2113.chk\Crypto.Util.strxor.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00350152 _____ () C:\found.001\dir2113.chk\winxpgui.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00084792 _____ () C:\found.001\dir2113.chk\dropbox_sqlite_ext.DLL
2015-12-11 17:50 - 2015-12-08 15:36 - 01826608 _____ () C:\found.001\dir2113.chk\PyQt5.QtCore.pyd
2015-12-11 17:51 - 2015-10-30 19:00 - 00083912 _____ () C:\found.001\dir2113.chk\sip.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 03891504 _____ () C:\found.001\dir2113.chk\PyQt5.QtWidgets.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 01950000 _____ () C:\found.001\dir2113.chk\PyQt5.QtGui.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00519984 _____ () C:\found.001\dir2113.chk\PyQt5.QtNetwork.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00133936 _____ () C:\found.001\dir2113.chk\PyQt5.QtWebKit.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00225080 _____ () C:\found.001\dir2113.chk\PyQt5.QtWebKitWidgets.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00207672 _____ () C:\found.001\dir2113.chk\PyQt5.QtPrintSupport.pyd
2015-12-11 17:51 - 2015-12-08 15:36 - 00024904 _____ () C:\found.001\dir2113.chk\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00486704 _____ () C:\found.001\dir2113.chk\PyQt5.QtQuick.pyd
2015-12-11 17:50 - 2015-12-08 15:36 - 00357680 _____ () C:\found.001\dir2113.chk\PyQt5.QtQml.pyd
2015-12-11 17:51 - 2015-10-30 19:01 - 00019920 _____ () C:\found.001\dir2113.chk\QtQuick.2\qtquick2plugin.dll
2015-12-11 17:51 - 2015-10-30 19:00 - 00786904 _____ () C:\found.001\dir2113.chk\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-12-11 17:51 - 2015-10-30 19:00 - 00063448 _____ () C:\found.001\dir2113.chk\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-12-11 17:51 - 2015-10-30 19:00 - 00019408 _____ () C:\found.001\dir2113.chk\QtQuick\Window.2\windowplugin.dll
2014-08-26 15:47 - 2014-08-26 15:47 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-08-26 15:47 - 2014-08-26 15:47 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-12-11 18:17 - 2015-12-04 15:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-11 18:17 - 2015-12-04 15:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
2015-12-16 11:44 - 2015-12-16 11:44 - 00098816 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32api.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00110080 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\pywintypes27.dll
2015-12-16 11:44 - 2015-12-16 11:44 - 00364544 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\pythoncom27.dll
2015-12-16 11:44 - 2015-12-16 11:44 - 00046080 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\_socket.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 01208320 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\_ssl.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00320512 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32com.shell.shell.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00776704 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\_hashlib.pyd
2015-12-16 11:45 - 2015-12-16 11:45 - 01176576 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\wx._core_.pyd
2015-12-16 11:45 - 2015-12-16 11:45 - 00806400 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\wx._gdi_.pyd
2015-12-16 11:45 - 2015-12-16 11:45 - 00816128 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\wx._windows_.pyd
2015-12-16 11:45 - 2015-12-16 11:45 - 01067008 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\wx._controls_.pyd
2015-12-16 11:45 - 2015-12-16 11:45 - 00733184 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\wx._misc_.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00682496 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\pysqlite2._sqlite.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00088064 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\_ctypes.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00119808 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32file.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00108544 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32security.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00007168 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\hashobjs_ext.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00017920 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\thumbnails_ext.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00079360 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\usb_ext.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00167936 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32gui.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00018432 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32event.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00128512 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\_elementtree.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00127488 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\pyexpat.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00013824 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\common.time34.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00036864 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\_psutil_windows.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00038912 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32inet.pyd
2015-12-16 11:45 - 2015-12-16 11:45 - 00525640 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\windows._lib_cacheinvalidation.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00011264 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32crypt.pyd
2015-12-16 11:45 - 2015-12-16 11:45 - 00077312 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\wx._html2.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00027136 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\_multiprocessing.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00020480 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\_yappi.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00035840 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32process.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00686080 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\unicodedata.pyd
2015-12-16 11:45 - 2015-12-16 11:45 - 00123392 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\wx._wizard.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00024064 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32pipe.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00010240 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\select.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00025600 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32pdh.pyd
2015-12-16 11:44 - 2015-12-16 11:44 - 00017408 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32profile.pyd
2015-12-16 11:44 - 2015-12-16 11:45 - 00022528 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\win32ts.pyd
2015-12-16 11:45 - 2015-12-16 11:45 - 00078848 _____ () C:\Users\mdh\AppData\Local\Temp\_MEI39642\wx._animate.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:15024E60
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: EasyTether => "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
MSCONFIG\startupreg: EeeStorageBackup => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{166BC82E-2D97-466C-8343-6F11905ACFFC}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{EF97F144-0E9F-4858-AE2A-8DC9A8D7D101}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{571E14F6-06EE-439C-B7C2-CB83652C8D64}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F28812D1-4270-486C-927D-6569373DBB4E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{514A43F2-11E8-4230-8862-818E35E69232}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AEEAB5B8-B0ED-4DB9-911A-238FB2FB2EF2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{890E8797-97C7-4592-BD1E-313C722E46D7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{3F1A2621-0AEB-4D47-9AA5-8B35F8CB54FF}C:\users\public\games\world of warcraft\launcher.exe] => (Allow) C:\users\public\games\world of warcraft\launcher.exe
FirewallRules: [UDP Query User{16ED19B3-5C4B-4AE7-88FF-79238AD88C3C}C:\users\public\games\world of warcraft\launcher.exe] => (Allow) C:\users\public\games\world of warcraft\launcher.exe
FirewallRules: [TCP Query User{3D2F8014-8D45-49B7-9317-84D2560E0D3B}C:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe
FirewallRules: [UDP Query User{D34CDEFE-CB24-4E78-B7B6-7E701AEDEC71}C:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe
FirewallRules: [{DF040098-35B2-4392-BEE7-0DAD02F50C8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\GTAIV\LaunchGTAIV.exe
FirewallRules: [{1612F0D7-971A-4F24-A4BF-8DA817D16621}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\GTAIV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{EF6BC390-163F-4C72-8325-CD49E4255090}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{A950E1B0-3C1B-45A2-A7AE-BC79C7827967}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{6D5DEEBD-EC55-4EEC-82E0-0BAC0C03C03F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{E34DB6FB-8D38-4765-8F1D-8C0D784F56AB}C:\users\bryan hvezda\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\bryan hvezda\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe
FirewallRules: [UDP Query User{BEA25B8B-25AE-49F6-9A43-B0C6E0A5BA6C}C:\users\bryan hvezda\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\bryan hvezda\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe
FirewallRules: [{88546355-BCE3-4D83-911E-49D1A52057F9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9DED5874-062C-4D9D-8AA1-6FB48FCEBF89}] => (Allow) LPort=2869
FirewallRules: [{44B28721-FAA9-40C4-A758-A0DED67329F8}] => (Allow) LPort=1900
FirewallRules: [{1DA6E3CE-6336-4458-A080-778C88B7992F}] => (Allow) LPort=24726
FirewallRules: [{D1CC3CBD-3AD6-4E0A-B1B1-64E4FA0486E1}] => (Allow) LPort=24727
FirewallRules: [TCP Query User{04FA4CAF-77E8-4AC2-A4DA-DFED2C188F14}C:\users\bryan hvezda\downloads\championsonlinef2p.exe] => (Allow) C:\users\bryan hvezda\downloads\championsonlinef2p.exe
FirewallRules: [UDP Query User{F613E8FB-90C3-4499-A939-0A71C1B4A281}C:\users\bryan hvezda\downloads\championsonlinef2p.exe] => (Allow) C:\users\bryan hvezda\downloads\championsonlinef2p.exe
FirewallRules: [{06FEDB89-D79B-4148-922C-1CF790A39B95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\command and conquer red alert 3 uprising\RA3EP1.exe
FirewallRules: [{A04FB72A-91EF-4716-9F1C-393415579EAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\command and conquer red alert 3 uprising\RA3EP1.exe
FirewallRules: [{8A00FEF5-FC7F-4ABB-AC0D-4C75DC9DC792}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\command and conquer red alert 3 uprising\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{27A890AD-0E49-4A5A-961D-9DEC5C461D8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\command and conquer red alert 3 uprising\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{42EC7052-B539-4F04-A47C-1294A248DEFC}] => (Allow) C:\Users\mdh\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E588CE07-28B8-4114-B132-F9C1FC7E6FAC}] => (Allow) C:\Users\mdh\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{5E1297E3-2992-45D9-BCE5-868454EF519A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{1B17CA28-529C-4B68-91D1-9272F5F929FC}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{07AB3066-068E-4F94-B40F-50D627B09794}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{20D9BF73-6E8A-4ACC-A465-0771400459D4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{004BAE32-8A1F-408D-A43C-CEA495D4E2E2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{6BBD5616-5AF1-4A51-ADC3-07CB3890DBF9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{64F8F329-3CF9-44E3-9682-6D5228A6A409}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{05491031-6FA1-4BEA-9AA8-9C1C6EEF4F85}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{8164FC32-16BF-4616-B87E-CAD93294F141}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
FirewallRules: [{FB3A0FAD-0222-47FE-8EED-954FC1E2D8A5}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
FirewallRules: [{C5FF9FC0-5451-420B-A68B-5692A6E392A1}] => (Allow) C:\Users\mdh\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{4BA1F764-177F-47E2-BCA3-C7AB55CF2DCF}C:\users\mdh\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mdh\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{566C619E-C334-422E-8576-0EED2A358283}C:\users\mdh\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mdh\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{453EC6E8-9CB5-49CC-AB1B-B9436C4A71AE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{0A1A8B4B-A7CE-466B-947C-3AA260DDDF77}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{725EAAFE-2100-4655-9D99-AFD4C2938CD4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{04F2688C-587B-4DDA-B679-5FA40505B18B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{22652E4E-5BE4-40C0-9F7E-8ACD41F28DA3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{AAB6878E-C99F-423C-A179-5E23773CA812}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{77AD9D2C-629F-4C80-9267-A4D4F8F41FB6}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{58F388AC-4023-4451-B95E-C3589509904B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{DE52AAAF-B4FC-43CC-B0E9-3162FCBE94F2}C:\program files\pelco\device utility 2\deviceutility2.exe] => (Allow) C:\program files\pelco\device utility 2\deviceutility2.exe
FirewallRules: [UDP Query User{638B32AC-E1CA-47FC-8004-506D5537EC6E}C:\program files\pelco\device utility 2\deviceutility2.exe] => (Allow) C:\program files\pelco\device utility 2\deviceutility2.exe
FirewallRules: [{CA808394-4A6B-4D77-864D-3F09BF5BCAAE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{21CCE38B-F1DF-4084-AEAC-F9862EF07DD4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{042A3C3A-0DD7-4227-AD7D-BAC7B859D7FA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{D451122E-0522-4F25-BC3A-E78EE95B7BEF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{E290CEC1-42C9-4FF3-9F92-6F513AD72DF0}C:\program files (x86)\pelco\endura\endura utilities\endurautilities.exe] => (Allow) C:\program files (x86)\pelco\endura\endura utilities\endurautilities.exe
FirewallRules: [UDP Query User{BFB0E171-246D-45D8-B8F4-B6E9417CB2A8}C:\program files (x86)\pelco\endura\endura utilities\endurautilities.exe] => (Allow) C:\program files (x86)\pelco\endura\endura utilities\endurautilities.exe
FirewallRules: [{7B750F15-9DEE-40C2-8D98-C64890120E04}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [{F229A912-9E62-4751-BB6D-F80A5119BF8C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{65290F0D-7513-407B-B897-859F7AC7B64E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9F8EE6FD-6432-4022-9D5B-488EAF720826}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{29115F35-A5B1-49FB-867D-28367B832271}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{DD256615-1C94-402C-808B-35CCBBF34214}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [UDP Query User{EDA0C9B9-A6AF-4921-A4F9-FD38DCB23663}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [TCP Query User{78AA8A12-CF85-40B3-9C3F-C5F6062DB18F}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{230FA4D3-6A56-4A80-AE86-1B66DCC97CE9}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{C8ED6CE8-4AB0-459A-9565-824D8947C110}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{E420659B-9BB1-4FE1-B2E7-15F1F31F39C9}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{A0E0C037-BE6B-428A-9224-4ADE1E02EFC9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{79A2387A-E810-4BE5-8338-9F020A60FC52}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C688D870-D8CF-4708-87E6-B0E0F54E7CA8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1D14E4CB-E1B1-4264-963E-24A890A3157A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E221DCF4-258A-4925-B055-033A7310DBA3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{005205E9-8336-489C-8C17-1BD55C389B12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59D962DF-7DBB-428A-978C-310EDC932F28}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4351296-A9F9-46D7-A9C4-D207F141C362}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15F5E57A-C573-4AB0-82A1-B615C0BA2DD9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4320B9B7-708A-4636-A0ED-9809E403A3C7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC32F6FF-E980-4B5C-8F48-C537D2D37754}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B772CC51-2ACE-49A8-8B6B-FCAB3FACE764}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{61D9E789-389E-4058-842E-CB2B6B74D829}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{55E65554-C6BF-44F7-B731-13B869D76D56}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3775D2B8-934B-43F7-8BA9-C4C83C02E801}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Faulty Device Manager Devices =============
 
Name: @%SystemRoot%\system32\drivers\http.sys,-1
Description: @%SystemRoot%\system32\drivers\http.sys,-1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HTTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: JMicron PCI Express Gigabit Ethernet Adapter
Description: JMicron PCI Express Gigabit Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: JME
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/15/2015 08:22:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e5dc287a-74e4-4ddc-aa97-697e7d416461}
 
Error: (12/15/2015 05:04:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {57a16038-c520-429b-8062-a9b3a8572a83}
 
Error: (12/15/2015 04:57:25 PM) (Source: MsiInstaller) (EventID: 1024) (User: ASUS-LAPTOP)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6F00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (12/15/2015 04:53:29 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (12/15/2015 04:47:29 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (12/15/2015 04:45:23 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (12/15/2015 04:35:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ca89415f-c241-4ad6-967b-de9ba8469326}
 
Error: (12/15/2015 11:27:14 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (12/15/2015 11:21:14 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (12/15/2015 11:19:09 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
 
System errors:
=============
Error: (12/16/2015 11:58:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/16/2015 11:58:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: 
%%1068
 
Error: (12/16/2015 11:58:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: 
%%1068
 
Error: (12/16/2015 11:58:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: 
%%2
 
Error: (12/16/2015 11:58:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The srvnet service failed to start due to the following error: 
%%2
 
Error: (12/16/2015 11:58:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/16/2015 11:58:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: 
%%1068
 
Error: (12/16/2015 11:58:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: 
%%1068
 
Error: (12/16/2015 11:58:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: 
%%2
 
Error: (12/16/2015 11:58:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The srvnet service failed to start due to the following error: 
%%2
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 57%
Total physical RAM: 3949.54 MB
Available physical RAM: 1665.09 MB
Total Virtual: 7897.29 MB
Available Virtual: 5445.73 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:350.48 GB) (Free:256.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:100.63 GB) (Free:76.3 GB) NTFS
Drive f: (TOSHIBA) (Removable) (Total:14.44 GB) (Free:13.92 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=350.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100.6 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6C5E55A2)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)
 
==================== End of Addition.txt ============================


#10 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:58 AM

Posted 16 December 2015 - 04:38 PM

Hi,

I'm preparing a Fix for you... the log show some other system files missing or corrupted that we need to find good copies so I can include them on the Fix.

 

Please run FRST64 and Copy & Paste the following to the Search Box:

http.sys;srv.sys;srvnet.sys;powertracker.dll

Click the Search Files button

Please post the contents of the Search.txt log to your post


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#11 mdhvezda

mdhvezda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:02:58 AM

Posted 16 December 2015 - 08:05 PM

Here are the contents of the Search.txt log.

 

*********************************************************************************************************************

Farbar Recovery Scan Tool (x64) Version:16-12-2015 03
Ran by mdh (2015-12-16 18:27:15)
Running from F:\FRST
Boot Mode: Normal
 
================== Search Files: "http.sys;srv.sys;srvnet.sys;powertracker.dll" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_38aa0e59262e0b0c\srv.sys
[2011-06-23 05:53][2011-04-28 20:54] 0467456 ____A (Microsoft Corporation) 10586F14752ACE786AB120FF8BB6BDA4 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21666_none_3872fc8d26578043\srv.sys
[2011-04-15 00:30][2011-02-22 21:32] 0467456 ____A (Microsoft Corporation) 65784FF2D21F85A35E2590F65A6B2382 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17565_none_37e85f780d3ac722\srv.sys
[2011-04-15 00:30][2011-02-22 22:56] 0467456 ____A (Microsoft Corporation) 65BBF4920148C2EE279055DA7228FC7B [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17514_none_381d6eca0d132216\srv.sys
[2011-06-23 06:16][2010-11-20 03:28] 0468992 ____A (Microsoft Corporation) 2098B8556D1CEC2ACA9A29CD479E3692 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20956_none_369771592928f58d\srv.sys
[2011-06-23 05:53][2011-04-28 21:06] 0460800 ____A (Microsoft Corporation) CF6EFAEB9EB9823A0D27EDE6D1AF662D [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20907_none_36ce813f28ff832f\srv.sys
[2011-04-15 00:30][2011-02-22 21:49] 0460288 ____A (Microsoft Corporation) D388EBD2314A31E7BB7474F9C101CD1A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20789_none_3679fea7293e9b17\srv.sys
[2010-10-14 09:39][2010-08-26 21:39] 0462336 ____A (Microsoft Corporation) DF128B7DFA3A5E399363B8F83275399D [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20740_none_369c3bbd29264744\srv.sys
[2010-08-13 05:55][2010-06-21 20:48] 0462336 ____A (Microsoft Corporation) C4757FE6421EB3AFD9FD66592C5BFBE1 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.20591_none_3667289f294df202\srv.sys
[2010-05-05 09:49][2009-12-08 02:42] 0464896 ____A (Microsoft Corporation) E319934627647A6A93B880DDA6B06C5E [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16806_none_3643e42a0fe2ca0e\srv.sys
[2011-06-23 05:53][2011-04-28 21:13] 0461312 ____A (Microsoft Corporation) 2408C0366D96BCDF63E8F1C78E4A29C5 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16765_none_3602027210145b36\srv.sys
[2011-04-15 00:30][2011-02-22 23:16] 0461312 ____A (Microsoft Corporation) 148D50904D2A0DF29A19778715EB35BB [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16664_none_36010042101544b8\srv.sys
[2010-10-14 09:39][2010-08-26 21:38] 0463360 ____A (Microsoft Corporation) DE6F5658DA951C4BC8E498570B5B0D5F [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16619_none_363c11500fe837b6\srv.sys
[2010-08-13 05:55][2010-06-21 21:21] 0463360 ____A (Microsoft Corporation) 43067A65522EAEC33D31A12D6FA8E3F4 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16481_none_35e85bc010283647\srv.sys
[2010-05-05 09:49][2009-12-08 02:32] 0464896 ____A (Microsoft Corporation) 37C3ABC2338010E110D2A6A3930F3149 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7600.16385_none_35ec5b0210249e7c\srv.sys
[2009-07-13 17:25][2009-07-13 17:25] 0465408 ____A (Microsoft Corporation) EC8F67289105BF270498095F14963464 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.21666_none_6251c166400aff25\srvnet.sys
[2011-04-15 00:30][2011-02-22 21:31] 0167936 ____A (Microsoft Corporation) B3293EB86DE13312DF227D13C54E3B6B [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17565_none_61c7245126ee4604\srvnet.sys
[2011-04-15 00:30][2011-02-22 22:55] 0167936 ____A (Microsoft Corporation) 3F847C9DC87299516F7DC82FB6572865 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.17514_none_61fc33a326c6a0f8\srvnet.sys
[2011-06-23 06:16][2010-11-20 03:27] 0167936 ____A (Microsoft Corporation) 2BA8F3250828CCDB4204ECF2C6F40B6A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20956_none_6076363242dc746f\srvnet.sys
[2011-06-23 05:53][2011-04-28 21:06] 0000000 ____A ()  [File not signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20907_none_60ad461842b30211\srvnet.sys
[2011-04-15 00:30][2011-02-22 21:48] 0161792 ____A (Microsoft Corporation) 55BE8EE4C3EC8081E68A8C21BFF94256 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20789_none_6058c38042f219f9\srvnet.sys
[2010-10-14 09:39][2010-08-26 21:39] 0161792 ____A (Microsoft Corporation) 3EBBD18201CF162E537217D7C51047F6 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20740_none_607b009642d9c626\srvnet.sys
[2010-08-13 05:55][2010-06-21 20:47] 0162304 ____A (Microsoft Corporation) A2FF8C218D5B62D693658F91B7FBB514 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.20591_none_6045ed78430170e4\srvnet.sys
[2010-05-05 09:49][2009-12-08 02:42] 0162304 ____A (Microsoft Corporation) 47A7DCDDEA3FC3099A126EB603FEC7A3 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16765_none_5fe0c74b29c7da18\srvnet.sys
[2011-04-15 00:30][2011-02-22 23:15] 0161792 ____A (Microsoft Corporation) CB69EDEB069A49577592835659CD0E46 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16664_none_5fdfc51b29c8c39a\srvnet.sys
[2010-10-14 09:39][2010-08-26 21:37] 0161792 ____A (Microsoft Corporation) 5A663FD67049267BC5C3F3279E631FFB [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16619_none_601ad629299bb698\srvnet.sys
[2010-08-13 05:55][2010-06-21 21:20] 0162304 ____A (Microsoft Corporation) FBD09635227A8026C0F7790F604343C6 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16481_none_5fc7209929dbb529\srvnet.sys
[2010-05-05 09:49][2009-12-08 02:32] 0162304 ____A (Microsoft Corporation) CCE32BB223E9FF55D241099A858FA889 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7600.16385_none_5fcb1fdb29d81d5e\srvnet.sys
[2009-07-13 17:24][2009-07-13 17:24] 0162816 ____A (Microsoft Corporation) 26E84D3649019C3244622E654DFCD75B [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.22976_none_0b31ae7948c7028d\http.sys
[2015-04-16 15:17][2015-02-24 00:06] 0754688 ____A (Microsoft Corporation) 26647A4F267D13D67ED6B99EAE2A7F78 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_0ae701b82f7a7759\http.sys
[2011-06-23 06:16][2010-11-20 03:25] 0753664 ____A (Microsoft Corporation) 0EA7DE1ACB728DD5A369FD742D6EEE28 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7600.16385_none_08b5edf0328bf3bf\http.sys
[2009-07-13 17:22][2009-07-13 17:22] 0751616 ____A (Microsoft Corporation) CEE049CAC4EFA7F4E1E4AD014414A5D4 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-c..rmance-powertracker_31bf3856ad364e35_6.1.7601.18713_none_838b9f400b1ebc7f\powertracker.dll
[2015-03-02 16:26][2015-01-08 21:14] 0000000 ____A ()  [File not signed]
 
C:\Windows\System32\powertracker.dll
[2015-03-02 16:26][2015-01-08 21:14] 0000000 ____A ()  [File not signed]
 
C:\found.001\dir0405.chk\srvnet.sys
[2011-06-23 05:53][2011-04-28 21:06] 0161792 ____A (Microsoft Corporation) 19E0B9883EE4DB831CD5DD781CBD6498 [File is digitally signed]
 
C:\found.001\dir0046.chk\powertracker.dll
[2015-03-02 16:26][2015-01-08 21:14] 0029696 ____A (Microsoft Corporation) AA7079AD52B8BFBAE94167D54C32F84F [File is digitally signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_10.0.10240.16384_none_e1f7db099120e279\srv.sys
[2015-07-10 04:30][2015-07-10 04:30] 0410624 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_10.0.10240.16384_none_0bd69fe2aad4615b\srvnet.sys
[2015-07-10 04:30][2015-07-10 04:30] 0239616 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\drivers\srv.sys
[2015-07-10 04:30][2015-07-10 04:30] 0410624 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\drivers\srvnet.sys
[2015-07-10 04:30][2015-07-10 04:30] 0239616 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
====== End of Search ======


#12 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:58 AM

Posted 17 December 2015 - 10:06 AM

Hi,

Let's start working on this...

Multiple Antivirus

Your log show that you have several Antivirus and Security programs installed, Avast Free Antivirus and Microsoft Security Essentials!

Contrary to what some people think, having more than one antivirus program doesn't give you more protection. With several Real-Time protections active the computer becomes slower accessing files and could crash due to resource conflicting, also you could get False Alarms when one AV starts identifying as virus the files from the other antivirus program. On next steps I will ask you to remove some of those programs.

Step 1 - Uninstall Programs

You have some programs installed that are dubious or Adware related and others Outdated that are a security risk! that I would like you to uninstall...

Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate these programs on the list and uninstall them:
 

  • Pop-up Bold
  • Printing Press Game
  • JavaFX 2.1.1 v.2.1.1 (Outdated and vulnerable)
  • Java 8 Update 66 (Outdated and vulnerable)
  • Microsoft Security Essentials

Notes:

  • After the programs have been uninstalled Restart the computer. If requested by the uninstallers restart the computer between uninstalls.
  • If you can't uninstall any of the programs on the list don't worry, let me know and we will remove it latter just move to the next item.

Step 2 - FRST Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Attached File  FixList.txt   5.53KB   4 downloads
  • Download the file above and save it as fixlist.txt to the same folder where you have FRST64
    (It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work!)
  • Execute FRST/FRST64 right click on the icon FRST.gif and choose Run as Administrator. Make sure all other windows are closed.
    FRST_Fix.png
  • Press the Fix button just once and Wait. After the fix the system needs to restart if the tool does not request it please Restart the computer.
  • The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please copy & past the log into your next reply.

Step 3 - Reinstall Software

- Reinstall Dropbox

The Dropbox software was affected by the disk errors and is running from the wrong place! Please install the latest version of the Dropbox program by visiting the following link: https://www.dropbox.com/downloading

- Update Java

Your version of Java Runtime was outdated! In light of the recent events surrounding Java that is constantly target by malware, users must seriously consider their use of Java.
Do you really need it? If yes, go to the Java download page and click from the link Windows Offline this file will not include any unneeded extras like the ASK Toolbar. When java is installed its extremely important to update immediately when you get a notification pop-up from the Java Updater.

For extra safety you can have Java installed but disabled in your browsers and only enable it when you need it. You can Enable/Disable Java by executing the following steps:

Click the Start> Settings > Control Panel > Java, click the Security tab and uncheck the box Enable Java content in the browser and click OK
javapanel.jpeg

Another extra step you should do is to check the last option Suppress sponsor offers when installing or updating Java inside the Advanced tab
DisableJavaSponsors.png


Step 4 - AdwCleaner Scan and Remove

Download AdwCleaner from here to the Desktop

  • Close all open windows and browsers
  • Right click on the AdwCleaner_Icon.gif icon and choose Run as Administrator to execute the program
    (When the Tool opens for the first time you have to accept the Terms of use - click J'accepte/I Agree )
    AdwCleaner_Clean.png
  • The tool will start to update the database, please wait a bit
  • Click the Scan button and wait for the scan to finish, only then the Cleaning button becomes active
  • Click the Cleaning button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S0].txt


Things I would like to see in your next reply:

  • The Fixlog.txt log
  • AdwCleaner log AdwCleaner[S0].txt
  • Let me know if you have problems doing the other tasks

 

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#13 mdhvezda

mdhvezda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:02:58 AM

Posted 17 December 2015 - 02:21 PM

Here is the feedback to the latest tasks:

 

Step 1 - Uninstall Programs

         

           Pop-up Bold   -  This item I could not find, it was not in the Control Panels list of programs.

Printing Press Game -  This item produced a pop-up window with this alert :

 

                                      " An error occurred while trying to uninstall Printing Press Game.  It may have already

                                       been uninstalled.  Would you like to remove Printing Press Game from the Programs

                                       and Features list ? "

 

                                   I clicked yes to the above alert.

 

 

            JavaFX 2.1.1 v.2.1.1 -  Successfully removed.

                 Java 8 Update 66 -  Successfully removed.

Microsoft Security Essentials -  Successfully removed.

 

 

Step 2 - FRST Fix -  The Fixlog.txt log is shown at the bottom of this post.

 

 

Step 3 - Reinstall Software

 

             Reinstall Dropbox -  Completed successfully.

                     Update Java -  Completed successfully, also the two extra steps (disable Java in browser and suppress sponsor offers).

 

 

Step 4 - AdwCeaner Scan and Remove

 

             Completed successfully.  Here are the contents of the AdwCleaner log:

 

**************************************************************************************************************************

# AdwCleaner v5.025 - Logfile created 17/12/2015 at 11:45:15
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : mdh - ASUS-LAPTOP
# Running from : F:\FRST\adwcleaner_5.025.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\mdh\AppData\Local\DF813CFC-1431069257-888C-2A00-485B391180D7
Folder Found : C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
Folder Found : C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
 
***** [ Files ] *****
 
File Found : C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage
File Found : C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Cr_Installer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Found : HKU\.DEFAULT\Software\VNT
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{028EE977-0F60-4541-B78F-BA56563F1E64}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {028EE977-0F60-4541-B78F-BA56563F1E64}
 
***** [ Web browsers ] *****
 
[C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bmnlcjabgnpnenekpadlanbbkooimhnj
[C:\Users\mdh\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : mcbkbpnkkkipelfledbfocopglifcfmi
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3074 bytes] ##########
 
 
 
 
 
 
 
 
 
****************************************************************************************************************
*                              Hear is the contents of the FRST Fixlog.txt                                   *
****************************************************************************************************************
Fix result of Farbar Recovery Scan Tool (x64) Version:16-12-2015 03
Ran by mdh (2015-12-17 10:12:42) Run:2
Running from F:\FRST
Loaded Profiles: mdh (Available Profiles: Bryan Hvezda & mdh & Ramona)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mdh\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mdh\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mdh\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
Startup: C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-15]
ShortcutTarget: Dropbox.lnk -> C:\found.001\dir2113.chk\Dropbox.exe (Dropbox, Inc.)
Toolbar: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-1527920751-4294408137-3259649097-1004: @talk.google.com/GoogleTalkPlugin -> C:\Users\mdh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [No File]
FF Plugin HKU\S-1-5-21-1527920751-4294408137-3259649097-1004: @talk.google.com/O1DPlugin -> C:\Users\mdh\AppData\Roaming\Mozilla\plugins\npo1d.dll [No File]
FF Plugin HKU\S-1-5-21-1527920751-4294408137-3259649097-1004: @tools.google.com/Google Update;version=3 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1527920751-4294408137-3259649097-1004: @tools.google.com/Google Update;version=9 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
S0 lhldjq; no ImagePath
U3 tmlwf; no ImagePath
U3 tmwfp; no ImagePath
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mdh\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mdh\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {E930E375-40B1-4C3C-9254-4ACE2AB76980} - \avastBCLRestartS-1-5-21-1527920751-4294408137-3259649097-1004 -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:15024E60
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
Replace: C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_38aa0e59262e0b0c\srv.sys c:\windows\System32\DRIVERS\srv.sys
Replace: C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.21666_none_6251c166400aff25\srvnet.sys c:\windows\System32\DRIVERS\srvnet.sys
Replace: C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.22976_none_0b31ae7948c7028d\http.sys c:\windows\system32\drivers\HTTP.sys
Replace: C:\found.001\dir0046.chk\powertracker.dll C:\Windows\System32\powertracker.dll
EmptyTemp:
Reboot:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
C:\Users\mdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk => moved successfully
C:\found.001\dir2113.chk\Dropbox.exe => moved successfully
HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin" => key removed successfully
C:\Users\mdh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll => not found.
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\Software\MozillaPlugins\@talk.google.com/O1DPlugin" => key removed successfully
C:\Users\mdh\AppData\Roaming\Mozilla\plugins\npo1d.dll => not found.
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Users\mdh\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll => not found.
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Users\mdh\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll => not found.
lhldjq => service removed successfully
tmlwf => service removed successfully
tmwfp => service removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => key removed successfully
"HKU\S-1-5-21-1527920751-4294408137-3259649097-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E930E375-40B1-4C3C-9254-4ACE2AB76980}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E930E375-40B1-4C3C-9254-4ACE2AB76980}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-1527920751-4294408137-3259649097-1004" => key removed successfully
C:\ProgramData\Temp => ":15024E60" ADS removed successfully.
C:\ProgramData\Temp => ":4CF61E54" ADS removed successfully.
"c:\windows\System32\DRIVERS\srv.sys" => not found
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_38aa0e59262e0b0c\srv.sys copied successfully to c:\windows\System32\DRIVERS\srv.sys
"c:\windows\System32\DRIVERS\srvnet.sys" => not found
C:\Windows\winsxs\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.1.7601.21666_none_6251c166400aff25\srvnet.sys copied successfully to c:\windows\System32\DRIVERS\srvnet.sys
"c:\windows\system32\drivers\HTTP.sys" => not found
C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.22976_none_0b31ae7948c7028d\http.sys copied successfully to c:\windows\system32\drivers\HTTP.sys
C:\Windows\System32\powertracker.dll => moved successfully
C:\found.001\dir0046.chk\powertracker.dll copied successfully to C:\Windows\System32\powertracker.dll
EmptyTemp: => 9.5 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:22:26 ====


#14 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:58 AM

Posted 18 December 2015 - 05:24 AM

Hi,
 
The logs are looking good, but to be safe I would like to run an Antivirus Scan.
 
Step 1 - Scan with ESET On-line Scanner
  • Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
    ESET_Scan.png
  • Select the option Enable detection of potential unwanted applications
  • Click on Advanced Settings, an check the following options:
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
    (If you have difficulty properly disabling your security programs, refer to this link)
  • Click Start and then wait for the scan to finish (it can take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications
.
Step 2 - Check Windows System files integrity
  • open the Command Prompt as Administrator (Tutorial)
  • type the following command and press Enter:
    sfc /scannow
    
    Note: This may take some time to finish.
  • if it doesn't say "No integrity violations found" them do this:
  • open the folder c:\windows\Logs\CBS and copy the file CBS.log to the Desktop
  • Zip the file cbs.log and try to attach the ZIP to your post, if the Forum doesn't accept because of the file size upload it to www.datafilehost.com and post the sharing link generated by the site or use OneDrive to share the file with me.
.
Things I would like to see in your next reply:
  • The ESET log
  • The cbs.zip in case of errors
  • How is the computer running? Any errors?

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#15 mdhvezda

mdhvezda
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:02:58 AM

Posted 18 December 2015 - 07:07 PM

Here is the feedback to the latest tasks:

 

The contents of the ESET log are shown at the bottom of this post. (There were 16 items found.)

 

I was unable to attach the CBS.zip file.  I cannot find the "upload attachment button", nor could I find in my settings menu where to enable the "Flash Uploader".  So I uploaded the file to the data file host link that you provided.  Here is the link I got from that site for the CBS.zip file:    http://www.datafilehost.com/d/229467af

 

Shown below is an image of the response I received from running the "SFC /scannow" command.  I wanted to see if I could insert an image into my post.

It is much larger than I expected or wanted, sorry about that.

 

SFC_Capture.JPG

 

 

And lastly, the laptop is bootable, usable, running very well, and I am not aware of any errors.

 

 

*****************************************************************************************************************************************************

*                                                                                                                                                                                        *

*                                                       Contents of ESET log                                                                                            *

*                                                                                                                                                                                        *

***************************************************************************************************************************************************** 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=eabe1be15da8424db0b64a0510e87d36
# end=init
# utc_time=2015-12-18 08:42:04
# local_time=2015-12-18 02:42:04 (-0600, Central Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27266
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=eabe1be15da8424db0b64a0510e87d36
# end=updated
# utc_time=2015-12-18 08:44:51
# local_time=2015-12-18 02:44:51 (-0600, Central Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=eabe1be15da8424db0b64a0510e87d36
# engine=27266
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-12-18 10:31:40
# local_time=2015-12-18 04:31:40 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 202021350 0 0
# scanned=327090
# found=16
# cleaned=0
# scan_time=6409
sh=61DE6FBE9B7CA0B40E2538E38CC9209EAFC64390 ft=1 fh=627c4ddd0a8d24a4 vn="a variant of Win32/Adware.ConvertAd.QH application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mdh\AppData\Local\DF813CFC-1431069257-888C-2A00-485B391180D7\nsb11EC.tmp.vir"
sh=7747B9428B1BA8B2996718DBE0819697417D68F2 ft=1 fh=45555906ada47561 vn="a variant of Win32/Adware.ConvertAd.QH application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mdh\AppData\Local\DF813CFC-1431069257-888C-2A00-485B391180D7\pnsw6BF1.exe.vir"
sh=01D1DEFC16D76A4E7D9280F08552E2BE0FF4C548 ft=1 fh=71d6030e8b09bfbd vn="a variant of Win32/Adware.ConvertAd.MM application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mdh\AppData\Local\DF813CFC-1431069257-888C-2A00-485B391180D7\rnsb6950.exe.vir"
sh=F063E55D85DFEA41127DFEB76171BE8454FB68B8 ft=1 fh=627de822ce5e1a09 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Users\mdh\AppData\LocalLow\Sun\Java\jre1.7.0_65\java_sp.dll"
sh=01D1DEFC16D76A4E7D9280F08552E2BE0FF4C548 ft=1 fh=71d6030e8b09bfbd vn="a variant of Win32/Adware.ConvertAd.MM application" ac=I fn="C:\Users\mdh\AppData\Roaming\DF813CFC-1431086941-888C-2A00-485B391180D7\rnsz87D0.exe"
sh=A301383FF68CCFA9871D7D562D15D3DFE28F64AD ft=1 fh=10c3bed093b9febc vn="Win32/Adware.ConvertAd.YY application" ac=I fn="C:\Users\mdh\AppData\Roaming\DF813CFC-1431086941-888C-2A00-485B391180D7\Uninstall.exe"
sh=B506B2465FD10608020D30ED9047B5E11DE63FA0 ft=1 fh=10102a51b62618f2 vn="Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\mdh\Documents\APNSetup.exe"
sh=C70872D7B4F48D529A179C0FA54AB65FB1B982F4 ft=1 fh=f2e2b15faf5e28f3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI171F.tmp"
sh=1F73AF369BA455F1470CDA1611AA2DB99E4530BA ft=1 fh=65cb34c28fa7cc32 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI567B.tmp"
sh=1F73AF369BA455F1470CDA1611AA2DB99E4530BA ft=1 fh=65cb34c28fa7cc32 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI6669.tmp"
sh=1F73AF369BA455F1470CDA1611AA2DB99E4530BA ft=1 fh=65cb34c28fa7cc32 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI832E.tmp"
sh=C70872D7B4F48D529A179C0FA54AB65FB1B982F4 ft=1 fh=f2e2b15faf5e28f3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIC139.tmp"
sh=1F73AF369BA455F1470CDA1611AA2DB99E4530BA ft=1 fh=65cb34c28fa7cc32 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSID6D3.tmp"
sh=1F73AF369BA455F1470CDA1611AA2DB99E4530BA ft=1 fh=65cb34c28fa7cc32 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIE879.tmp"
sh=4019625965AFDD5D41328B75EDB39D9588CD6F63 ft=1 fh=1c02365d595d3f90 vn="MSIL/Solimba potentially unwanted application" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-1527920751-4294408137-3259649097-1004\$R2VJIEE.exe"
sh=8B3AC3FA02821892D1E68CD30E6687409985B41B ft=1 fh=557391adc7c5ea0b vn="a variant of Win32/TrojanDropper.Addrop.F trojan" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-1527920751-4294408137-3259649097-1004\$RFMAWPP.exe"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users