Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

im losing control of my computer. need help with FRST logs


  • This topic is locked This topic is locked
85 replies to this topic

#1 Cyco72us

Cyco72us

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:michigan usa
  • Local time:03:32 PM

Posted 22 December 2015 - 09:27 PM

something or someone is controlling this on mp pc. not letting not download programs or visit certain web sites. hiding files like hp support assistant, i start this in another post.   http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/   but didnt know that the program i ran( frst ) was not allowed there i done a little work like malewarebytes and rkill , but still having issues with this . would like help with FRST logs please... thank you             Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-12-2015

Ran by Patrick (administrator) on PATRICK-PC (22-12-2015 09:44:29)
Running from C:\Users\Patrick\Downloads
Loaded Profiles: Patrick (Available Profiles: Patrick & 111872)
Platform: Microsoft Windows 7 Home Premium  (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Security with Backup\Norton Security with Backup\Engine\22.5.2.15\NSBU.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files\Norton Security with Backup\Norton Security with Backup\Engine\22.5.2.15\NSBU.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKU\S-1-5-21-1427679835-2329525423-855090277-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1427679835-2329525423-855090277-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1427679835-2329525423-855090277-1000\...\MountPoints2: {a00527f4-8974-11e5-bd67-6431508c60e7} - D:\LaunchU3.exe -a
ShellExecuteHooks:  - {2FE8BE27-87FE-4DA8-ABBA-E6745D6E8712} - C:\Program Files\SurDoc\SurDocShellv3.dll No File [ ]
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security with Backup\Norton Security with Backup\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security with Backup\Norton Security with Backup\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security with Backup\Norton Security with Backup\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [.1SurDocSuccess] -> {72308719-579C-4659-BF50-FDF8CD781952} => C:\Program Files\SurDoc\SurDocShellv3.dll No File
ShellIconOverlayIdentifiers: [.2SurDocWorking] -> {E5F463A3-2717-4B4F-8136-8328FF6CFC08} => C:\Program Files\SurDoc\SurDocShellv3.dll No File
GroupPolicyUsers\S-1-5-21-1427679835-2329525423-855090277-1001\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyEnable: [S-1-5-20] => Proxy is enabled.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{63827B94-7B61-4535-9E7A-19BE6B9A4FC4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-1427679835-2329525423-855090277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NSBU&pvid=22.5.2.15
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NSBU&pvid=22.5.2.15
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NSBU&pvid=22.5.2.15
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NSBU&pvid=22.5.2.15
HKU\S-1-5-21-1427679835-2329525423-855090277-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NSBU&pvid=22.5.2.15
SearchScopes: HKU\S-1-5-21-1427679835-2329525423-855090277-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security with Backup\Norton Security with Backup\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ppjcynbk.default
FF DefaultSearchEngine: MyStart
FF DefaultSearchEngine.US: MyStart
FF SelectedSearchEngine: MyStart
FF Homepage: about:home
FF NetworkProxy: "autoconfig_url", "http://127.0.0.1:5050/pac"
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ppjcynbk.default\user.js [2015-12-22]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ppjcynbk.default\searchplugins\facebook.xml [2015-12-10]
FF Extension: New Tab Wallpapers - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ppjcynbk.default\extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi [2015-12-10]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ppjcynbk.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-12-12]
FF Extension: Strict Pop-up Blocker - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ppjcynbk.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-12-11]
FF Extension: Discover Treasure - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ppjcynbk.default\Extensions\{7a7bca54-96ed-4df4-a9ce-76091cfaaee6}.xpi [2015-12-11] [not signed]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\coFFPlgn [2015-12-22] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kate Upton 1.0) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmmdodicpdhoennlfdlpbaahpnkoanp [2015-12-17]
CHR Extension: (Google Docs) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-12]
CHR Extension: (Google Drive) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
CHR Extension: (YouTube) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-12]
CHR Extension: (Norton Security Toolbar) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-12-12]
CHR Extension: (Google Search) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2015-12-13]
CHR Extension: (Songive - lightweight YouTube playlist player) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnpmgndpambijpadoflcjonkakfdnca [2015-12-12]
CHR Extension: (Add Email Signature - WiseStamp) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjjniaenghhbffhplhdcipdgidbajdp [2015-12-13]
CHR Extension: (Google Docs Offline) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-12]
CHR Extension: (Unlimited Free VPN - betternet) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2015-12-16]
CHR Extension: (Hola VPN) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmolfjcfkljcegibacpmhnanbfkbmcnh [2015-12-12]
CHR Extension: (Music Player for Google Drive) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2015-12-12]
CHR Extension: (Norton Identity Safe) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-12-12]
CHR Extension: (Voice Recognition) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2015-12-12]
CHR Extension: (Streaming Media Player) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggnklnmaecfofafepejcjcjkcohgcfb [2015-12-12]
CHR Extension: (YouTube™ Playlist Maker) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkjojokbejbbcghmiihgpfkcjhdodhng [2015-12-12]
CHR Extension: (Popup Blocker Pro) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2015-12-12]
CHR Extension: (ZenMate) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmljpnhopfgalnfjbldiglcpkjkegedj [2015-12-13]
CHR Extension: (Google Play) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-12-12]
CHR Extension: (Yahoo Mail Signature app) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhabgmklfpnegjcfaopmkdgijpdjlgol [2015-12-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-12]
CHR Extension: (Gmail) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security with Backup\Norton Security with Backup\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 chromoting; C:\Program Files\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-10] (Dropbox, Inc.)
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-07-21] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 iprip; C:\Windows\System32\iprip.dll [29696 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NSBU; C:\Program Files\Norton Security with Backup\Norton Security with Backup\Engine\22.5.2.15\NSBU.exe [282016 2015-07-16] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [29184 2013-10-12] (Validity Sensors, Inc.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx86; C:\Program Files\Norton Security with Backup\Norton Security with Backup\NortonData\22.5.2.15\Definitions\BASHDefs\20151218.001_3ef\BHDrvx86.sys [1193032 2015-12-18] (Symantec Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBU\1605020.00F\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [125264 2015-12-11] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security with Backup\Norton Security with Backup\NortonData\22.5.2.15\Definitions\IPSDefs\20151221.001\IDSvix86.sys [580344 2015-12-18] (Symantec Corporation)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-12-21] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton Security with Backup\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20151222.003\NAVENG.SYS [104440 2015-12-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security with Backup\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20151222.003\NAVEX15.SYS [1647216 2015-12-20] (Symantec Corporation)
R1 SRTSP; C:\Windows\system32\drivers\NSBU\1605020.00F\SRTSP.SYS [711408 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBU\1605020.00F\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBU\1605020.00F\SYMEFASI.SYS [1286896 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [103152 2015-12-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBU\1605020.00F\Ironx86.SYS [234744 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSBU\1605020.00F\SYMNETS.SYS [429816 2015-07-10] (Symantec Corporation)
S3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2015-01-28] (RealVNC Ltd.)
S3 EraserUtilDrv11520; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11520.sys [X]
S3 STHDA; system32\DRIVERS\stwrt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-28 08:40 - 2015-12-28 08:40 - 00000000 __RSH C:\MSDOS.SYS
2015-12-28 08:40 - 2015-12-28 08:40 - 00000000 __RSH C:\IO.SYS
2015-12-28 08:18 - 2015-12-28 08:19 - 00000000 _____ C:\Users\Patrick\Get-ComputerRestorePoint
2015-12-28 08:18 - 2015-12-28 08:18 - 00000000 ____D C:\Users\Patrick\AppData\Local\Microsoft_Corporation
2015-12-28 07:23 - 2015-12-28 07:31 - 00000000 ____D C:\Users\111872.Patrick-PC\AppData\Local\Mozilla
2015-12-28 07:23 - 2015-12-28 07:25 - 00000000 ____D C:\Users\111872.Patrick-PC\AppData\Roaming\Mozilla
2015-12-28 07:03 - 2015-12-28 07:03 - 00000000 ____H C:\Users\Patrick\AppData\Local\BIT8EF8.tmp
2015-12-28 06:58 - 2015-12-28 06:58 - 00000000 ____H C:\Users\Patrick\AppData\Local\BITEEB4.tmp
2015-12-28 05:30 - 2015-12-28 08:34 - 00000000 ____D C:\Program Files\Free Window Registry Repair
2015-12-28 05:30 - 2015-12-28 08:30 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2015-12-28 04:38 - 2015-12-28 04:38 - 00000000 ____D C:\Users\Patrick\Downloads\testdisk-7.0.win
2015-12-28 04:35 - 2015-12-28 04:36 - 12444088 _____ C:\Users\Patrick\Downloads\testdisk-7.0.win.zip
2015-12-28 03:34 - 2015-12-22 06:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-28 03:33 - 2015-12-22 06:07 - 00000000 ____D C:\Users\Patrick\Desktop\mbar
2015-12-28 02:22 - 2015-12-28 02:22 - 00525095 _____ C:\my log.txt
2015-12-28 01:52 - 2015-12-21 20:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-28 01:52 - 2015-12-21 10:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-28 01:44 - 2015-12-21 20:18 - 00024077 _____ C:\Users\Patrick\Downloads\MTB.txt
2015-12-28 01:36 - 2015-12-21 20:13 - 00002812 _____ C:\Users\Patrick\Downloads\FSS.txt
2015-12-28 00:46 - 2015-12-28 00:46 - 00000000 ____H C:\Users\Patrick\AppData\Local\BITCFA.tmp
2015-12-28 00:39 - 2015-12-28 00:39 - 00059144 _____ C:\Users\111872.Patrick-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-28 00:38 - 2015-12-28 00:38 - 00000000 ____D C:\Users\111872.Patrick-PC\AppData\Local\VirtualStore
2015-12-22 08:49 - 2015-12-22 08:59 - 00028089 _____ C:\Users\Patrick\Downloads\Addition.txt
2015-12-22 08:47 - 2015-12-22 09:45 - 00018554 _____ C:\Users\Patrick\Downloads\FRST.txt
2015-12-22 08:43 - 2015-12-22 09:42 - 00000000 ____D C:\FRST
2015-12-22 08:41 - 2015-12-22 08:41 - 01721344 _____ (Farbar) C:\Users\Patrick\Downloads\frst.exe
2015-12-22 08:07 - 2015-12-22 08:07 - 01599336 _____ (Malwarebytes) C:\Users\Patrick\Desktop\cool.exe
2015-12-22 08:03 - 2015-12-22 08:03 - 01599336 _____ (Malwarebytes) C:\Users\Patrick\Downloads\JRT (5).exe
2015-12-22 06:26 - 2015-12-22 09:40 - 01909060 _____ C:\Windows\ntbtlog.txt
2015-12-22 04:57 - 2015-12-22 04:57 - 00000000 ____D C:\Windows\system32\BestPractices
2015-12-22 04:57 - 2015-12-22 04:56 - 00000862 _____ C:\Windows\system32\termcap
2015-12-22 04:52 - 2015-12-22 04:52 - 01599336 _____ (Malwarebytes) C:\Users\Patrick\Downloads\JRT (4).exe
2015-12-22 04:51 - 2015-12-22 04:51 - 00448512 _____ (OldTimer Tools) C:\Users\Patrick\Downloads\TFC (2).exe
2015-12-22 04:49 - 2015-12-22 04:49 - 00102912 _____ (bartblaze) C:\Users\Patrick\Downloads\Rem-VBSworm (1).exe
2015-12-22 04:45 - 2015-12-22 04:45 - 00000000 ____D C:\Rem-VBSqt
2015-12-22 04:44 - 2015-12-22 04:44 - 00102912 _____ (bartblaze) C:\Users\Patrick\Downloads\Rem-VBSworm.exe
2015-12-22 04:15 - 2015-12-22 04:16 - 40538576 _____ (Hewlett-Packard ) C:\Users\Patrick\Downloads\sp72974.exe
2015-12-22 04:12 - 2015-12-22 04:12 - 00448512 _____ (OldTimer Tools) C:\Users\Patrick\Desktop\TFC.exe
2015-12-22 04:04 - 2015-12-22 04:04 - 01599336 _____ (Malwarebytes) C:\Users\Patrick\Downloads\JRT (3).exe
2015-12-22 03:58 - 2015-12-22 03:58 - 01599336 _____ (Malwarebytes) C:\Users\Patrick\Downloads\JRT (2).exe
2015-12-22 03:36 - 2015-12-22 03:36 - 00000000 ____D C:\Users\Patrick\Desktop\New folder
2015-12-22 02:01 - 2015-12-22 02:01 - 01599336 ___RH (Malwarebytes) C:\Users\Patrick\Downloads\JRT (1).exe
2015-12-22 00:47 - 2015-12-22 00:48 - 00000000 ____D C:\ProgramData\Sophos
2015-12-22 00:46 - 2015-12-22 00:46 - 00002747 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-12-22 00:46 - 2015-12-22 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-12-22 00:46 - 2015-12-22 00:46 - 00000000 ____D C:\Program Files\Sophos
2015-12-22 00:42 - 2015-12-22 00:43 - 141360032 _____ (Sophos Limited) C:\Users\Patrick\Downloads\Sophos Virus Removal Tool.exe
2015-12-22 00:37 - 2015-12-22 00:37 - 01599336 _____ (Malwarebytes) C:\Users\Patrick\Downloads\JRT.exe
2015-12-22 00:28 - 2015-12-22 00:28 - 01019868 _____ (Malwarebytes) C:\Users\Patrick\Downloads\Unconfirmed 458047.crdownload
2015-12-22 00:03 - 2015-12-22 00:21 - 00000000 ____D C:\AdwCleaner
2015-12-22 00:02 - 2015-12-22 00:02 - 01743360 _____ C:\Users\Patrick\Downloads\adwcleaner_5.026.exe
2015-12-21 23:56 - 2015-12-21 23:56 - 00448512 _____ (OldTimer Tools) C:\Users\Patrick\Downloads\TFC (1).exe
2015-12-21 23:43 - 2015-09-28 09:34 - 00052752 _____ C:\Users\Patrick\Documents\Extract.exe
2015-12-21 23:41 - 2015-09-28 09:34 - 00457744 _____ (Hewlett-Packard Company) C:\Users\Patrick\Documents\HPSF.exe
2015-12-21 22:41 - 2015-12-21 22:41 - 00448512 _____ (OldTimer Tools) C:\Users\Patrick\Downloads\TFC.exe
2015-12-21 22:07 - 2015-12-21 22:07 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Patrick\Downloads\rkill.exe
2015-12-21 21:15 - 2015-12-21 21:15 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Patrick\Downloads\mbar-1.09.3.1001 (3).exe
2015-12-21 20:24 - 2015-12-21 21:07 - 00001054 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-21 20:24 - 2015-12-21 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-21 20:24 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-21 20:24 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-21 20:19 - 2015-12-21 20:20 - 22908888 _____ (Malwarebytes ) C:\Users\Patrick\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-21 20:16 - 2015-12-21 20:16 - 00891392 _____ (Farbar) C:\Users\Patrick\Downloads\MiniToolBox.exe
2015-12-21 20:11 - 2015-12-21 20:11 - 00415744 _____ (Farbar) C:\Users\Patrick\Downloads\fss.exe
2015-12-21 20:11 - 2015-12-21 20:11 - 00415744 _____ (Farbar) C:\Users\Patrick\Downloads\FSS (1).exe
2015-12-21 16:37 - 2015-12-21 16:37 - 00002152 _____ C:\Windows\epplauncher.mif
2015-12-21 16:36 - 2015-12-21 16:37 - 11588952 _____ (Microsoft Corporation) C:\Users\Patrick\Downloads\mseinstall.exe
2015-12-21 13:25 - 2015-12-21 13:25 - 00000194 _____ C:\Users\Patrick\Downloads\hosts-perm (4).bat
2015-12-21 13:25 - 2015-12-21 13:25 - 00000194 _____ C:\Users\Patrick\Downloads\hosts-perm (3).bat
2015-12-21 13:25 - 2015-12-21 13:25 - 00000194 _____ C:\Users\Patrick\Downloads\gggf.bat
2015-12-21 13:19 - 2015-12-21 13:19 - 00000194 _____ C:\Users\Patrick\Downloads\hosts-perm (1).bat
2015-12-21 13:17 - 2015-12-21 13:17 - 00000194 _____ C:\Users\Patrick\Downloads\hosts-perm.bat
2015-12-21 13:04 - 2015-12-21 13:04 - 00852771 _____ C:\Users\Patrick\Downloads\SecurityCheck (3).exe
2015-12-21 12:39 - 2015-12-21 12:39 - 00852771 _____ C:\Users\Patrick\Downloads\SecurityCheck (2).exe
2015-12-21 12:38 - 2015-12-21 12:38 - 00852771 _____ C:\Users\Patrick\Downloads\SecurityCheck (1).exe
2015-12-21 12:37 - 2015-12-21 12:37 - 00852720 _____ C:\Users\Patrick\Downloads\SecurityCheck.exe
2015-12-21 10:41 - 2015-12-22 05:22 - 00002446 _____ C:\Users\Patrick\Desktop\Rkill.txt
2015-12-21 10:40 - 2015-12-21 10:40 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Patrick\Downloads\eXplorer.exe
2015-12-21 10:36 - 2015-12-21 10:36 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\Patrick\Downloads\ListCWall.exe
2015-12-21 10:34 - 2015-12-22 09:40 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-21 10:33 - 2015-12-21 21:24 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-21 10:31 - 2015-12-21 10:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Patrick\Downloads\mbar-1.09.3.1001 (2).exe
2015-12-21 10:31 - 2015-12-21 10:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Patrick\Downloads\mbar-1.09.3.1001 (1).exe
2015-12-21 10:30 - 2015-12-21 10:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Patrick\Downloads\mbar-1.09.3.1001.exe
2015-12-16 23:15 - 2015-12-28 08:30 - 00000000 ____D C:\Users\Patrick\NICDRV_8169
2015-12-16 21:00 - 2015-12-28 08:30 - 00000000 ____D C:\Users\Patrick\Install_Win7_7097_10162015
2015-12-16 20:55 - 2015-12-16 20:56 - 09860982 _____ C:\Users\Patrick\Downloads\0011-Install_Win7_7097_10162015 (1).zip
2015-12-16 19:49 - 2015-12-16 19:50 - 05305743 _____ C:\Users\Patrick\Downloads\RealtekRTL8110SC_Lan_V566312122006.zip
2015-12-16 19:43 - 2015-12-16 19:43 - 09860982 _____ C:\Users\Patrick\Downloads\0011-Install_Win7_7097_10162015.zip
2015-12-16 19:10 - 2015-12-16 19:10 - 00036657 _____ C:\Users\Patrick\Desktop\DxDiag.txt
2015-12-16 15:48 - 2015-12-16 15:48 - 00901138 _____ C:\Users\Patrick\Downloads\HAV Detection Tool - User Guide.mht
2015-12-16 15:45 - 2015-12-16 15:47 - 239126136 _____ C:\Users\Patrick\Downloads\Windows6.1-KB947821-v34-x86.msu
2015-12-16 15:42 - 2015-12-16 15:42 - 00703811 _____ C:\Users\Patrick\Downloads\Windows6.1-KB917607-x86.msu
2015-12-16 15:15 - 2015-12-16 15:16 - 04656146 _____ C:\Users\Patrick\Downloads\Windows6.1-KB2286198-x86.msu
2015-12-16 14:23 - 2015-12-28 08:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-12-16 13:36 - 2015-12-16 13:36 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-12-16 13:33 - 2015-12-28 08:33 - 00000000 ____D C:\Program Files\Windows Live
2015-12-16 13:33 - 2015-12-16 13:33 - 00000000 ____D C:\Windows\PCHEALTH
2015-12-16 13:28 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-12-16 13:27 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-12-16 13:24 - 2015-12-16 13:29 - 291852366 _____ C:\Users\Patrick\Downloads\Windows6.1-KB968211-x86-RefreshPkg.msu
2015-12-16 13:21 - 2015-12-16 13:21 - 05911327 _____ C:\Users\Patrick\Downloads\Windows6.1-KB2670838-x86.msu
2015-12-16 13:16 - 2015-12-16 13:16 - 00400763 _____ C:\Users\Patrick\Downloads\Windows6.1-KB2741355-x86 (1).msu
2015-12-16 13:06 - 2015-12-16 13:06 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-12-16 13:05 - 2015-12-16 13:05 - 00000000 ____D C:\Users\Patrick\AppData\Local\Windows Live
2015-12-16 13:05 - 2015-12-16 13:05 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2015-12-16 13:04 - 2015-12-16 13:04 - 01239752 _____ (Microsoft Corporation) C:\Users\Patrick\Downloads\wlsetup-web (1).exe
2015-12-16 13:02 - 2015-12-16 13:02 - 00607711 _____ C:\Users\Patrick\Downloads\Windows6.1-KB2741355-x64 (1).msu
2015-12-16 12:57 - 2015-12-16 12:57 - 00607711 _____ C:\Users\Patrick\Downloads\Windows6.1-KB2741355-x64.msu
2015-12-16 12:56 - 2015-12-16 12:56 - 00400763 _____ C:\Users\Patrick\Downloads\Windows6.1-KB2741355-x86.msu
2015-12-14 21:33 - 2015-12-14 21:33 - 00000000 ____D C:\ProgramData\NortonRnR
2015-12-14 07:20 - 2015-12-14 07:20 - 00000000 ____D C:\Users\Patrick\AppData\Local\Betternet Updater
2015-12-14 07:17 - 2015-12-16 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-12-14 07:17 - 2015-12-16 11:25 - 00000000 ____D C:\Program Files\TAP-Windows
2015-12-14 07:17 - 2015-12-16 11:25 - 00000000 ____D C:\Program Files\OpenVPN
2015-12-14 07:17 - 2015-12-16 11:24 - 00000000 ____D C:\Program Files\betternet
2015-12-14 07:15 - 2015-12-14 07:15 - 17242740 _____ C:\Users\Patrick\Downloads\betternetInstaller.exe
2015-12-14 05:41 - 2015-12-14 05:41 - 00000000 ____D C:\Windows\system32\N360_BACKUP
2015-12-14 05:24 - 2015-12-14 05:24 - 00000906 __RSH C:\Users\111872.Patrick-PC\ntuser.pol
2015-12-13 11:20 - 2015-12-13 19:01 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2015-12-13 11:00 - 2015-12-13 11:11 - 08669472 _____ (Microsoft Corporation) C:\Users\Patrick\Downloads\Windows7UpgradeAdvisorSetup (1).exe
2015-12-13 10:27 - 2015-12-13 10:29 - 01239752 _____ (Microsoft Corporation) C:\Users\Patrick\Downloads\wlsetup-web.exe
2015-12-13 09:36 - 2015-12-13 09:45 - 07022816 _____ (Microsoft Corporation) C:\Users\Patrick\Downloads\Silverlight (1).exe
2015-12-13 08:42 - 2015-12-22 05:58 - 00000000 ____D C:\Users\Patrick\AppData\Local\CrashDumps
2015-12-13 06:19 - 2015-12-13 06:19 - 00147408 _____ C:\Windows\Minidump\121315-53960-01.dmp
2015-12-12 12:09 - 2015-12-12 12:09 - 08400896 _____ C:\Users\Patrick\Downloads\chromeremotedesktophost.msi
2015-12-12 12:01 - 2015-12-21 21:12 - 00002286 _____ C:\Users\Patrick\Desktop\Chrome App Launcher.lnk
2015-12-12 12:01 - 2015-12-21 20:58 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-12-12 12:01 - 2015-12-16 11:25 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-12 08:29 - 2015-12-21 21:07 - 00002280 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-12 08:29 - 2015-12-16 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-12 08:27 - 2015-12-22 09:39 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-12 08:27 - 2015-12-12 08:27 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d134e0d39f4f1b.job
2015-12-12 08:25 - 2015-12-21 21:07 - 00002768 _____ C:\Users\Public\Desktop\Norton Security with Backup.LNK
2015-12-12 08:25 - 2015-12-12 08:25 - 00103152 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2015-12-12 08:25 - 2015-12-12 08:25 - 00008178 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2015-12-12 08:12 - 2015-12-28 08:36 - 00000000 ____D C:\Users\111872.Patrick-PC
2015-12-12 08:12 - 2015-12-12 08:12 - 00000020 ___SH C:\Users\111872.Patrick-PC\ntuser.ini
2015-12-12 08:12 - 2015-12-12 08:12 - 00000000 _SHDL C:\Users\111872.Patrick-PC\My Documents
2015-12-12 08:12 - 2015-12-12 08:12 - 00000000 _SHDL C:\Users\111872.Patrick-PC\Documents\My Videos
2015-12-12 08:12 - 2015-12-12 08:12 - 00000000 _SHDL C:\Users\111872.Patrick-PC\Documents\My Pictures
2015-12-12 08:12 - 2015-12-12 08:12 - 00000000 _SHDL C:\Users\111872.Patrick-PC\Documents\My Music
2015-12-12 08:11 - 2015-12-12 08:20 - 144954160 _____ (Symantec Corporation) C:\Users\Patrick\Downloads\NSP_10D_22.5.2_SYMTB_PROMO_4_MRFTT_13684.exe
2015-12-12 08:11 - 2015-12-12 08:20 - 144897312 _____ (Symantec Corporation) C:\Users\Patrick\Downloads\NSD_22.5.2_SYMTB_PROMO_4_MRFTT_13376-EN-US.exe
2015-12-12 07:45 - 2015-12-12 07:45 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\Patrick\Downloads\HPSupportSolutionsFramework-12.0.30.219(1).exe
2015-12-12 07:29 - 2015-12-12 07:30 - 00974184 _____ C:\Users\Patrick\Downloads\setup.exe
2015-12-12 07:13 - 2015-12-12 07:13 - 00147360 _____ C:\Windows\Minidump\121215-70294-01.dmp
2015-12-12 07:08 - 2015-12-12 07:08 - 00000020 ___SH C:\Users\111872\ntuser.ini
2015-12-12 07:08 - 2015-12-12 07:08 - 00000000 _SHDL C:\Users\111872\My Documents
2015-12-12 07:08 - 2015-12-12 07:08 - 00000000 _SHDL C:\Users\111872\Documents\My Videos
2015-12-12 07:08 - 2015-12-12 07:08 - 00000000 _SHDL C:\Users\111872\Documents\My Pictures
2015-12-12 07:08 - 2015-12-12 07:08 - 00000000 _SHDL C:\Users\111872\Documents\My Music
2015-12-12 07:08 - 2015-12-12 07:08 - 00000000 ____D C:\Users\111872
2015-12-12 07:08 - 2011-04-11 21:24 - 00000000 ____D C:\Users\111872\AppData\Roaming\Media Center Programs
2015-12-12 06:42 - 2015-12-12 06:43 - 00001364 _____ C:\ProgramData\tempimage.bmp
2015-12-12 05:41 - 2015-12-16 08:20 - 00007604 _____ C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg
2015-12-12 05:40 - 2014-11-24 16:09 - 00030504 _____ (Phoenix Technologies) C:\Windows\system32\Drivers\DrvAgent32.sys
2015-12-12 05:39 - 2015-12-12 08:55 - 00000000 ____D C:\Users\Patrick\AppData\Local\Rush Plugin
2015-12-12 05:37 - 2015-12-21 21:06 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-12-12 04:57 - 2015-12-21 21:06 - 00000258 __RSH C:\Users\Patrick\ntuser.pol
2015-12-12 03:55 - 2015-12-12 03:55 - 00000000 ____D C:\Windows\system32\msmq
2015-12-11 22:53 - 2015-12-11 22:53 - 00004712 _____ C:\Windows\system32\Araewkahk.ini
2015-12-11 22:53 - 2015-12-11 22:53 - 00002424 _____ C:\Windows\system32\AraewkahkOff.ini
2015-12-11 22:52 - 2015-12-28 08:30 - 00000000 ____D C:\Windows\system32\baob
2015-12-11 22:52 - 2015-12-22 00:21 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Common
2015-12-11 22:52 - 2015-12-13 08:00 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\IaryVixhai
2015-12-11 22:48 - 2015-12-13 08:00 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\DonuJiajez
2015-12-11 22:48 - 2015-12-12 04:15 - 00000000 ____D C:\Windows\system32\emad
2015-12-11 22:48 - 2015-12-11 22:48 - 00004712 _____ C:\Windows\system32\Enembhgi.ini
2015-12-11 22:48 - 2015-12-11 22:48 - 00002424 _____ C:\Windows\system32\EnembhgiOff.ini
2015-12-11 22:12 - 2015-12-11 22:12 - 00147360 _____ C:\Windows\Minidump\121115-35552-01.dmp
2015-12-11 20:44 - 2015-12-16 11:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2015-12-11 20:44 - 2015-12-13 09:10 - 00000000 ____D C:\Windows\system32\Drivers\NSBU
2015-12-11 20:44 - 2015-12-12 08:22 - 00000000 ____D C:\Program Files\Norton Security with Backup
2015-12-11 19:06 - 2015-12-12 02:19 - 00004712 _____ C:\Windows\system32\Pipadhtuav.ini
2015-12-11 19:06 - 2015-12-12 02:19 - 00002424 _____ C:\Windows\system32\PipadhtuavOff.ini
2015-12-11 19:05 - 2015-12-28 08:30 - 00000000 ____D C:\Windows\system32\kio
2015-12-11 19:05 - 2015-12-13 08:00 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\EmonseKecbi
2015-12-11 19:04 - 2015-12-12 03:47 - 00000000 ____D C:\Users\Patrick\AppData\Local\Style Ball
2015-12-11 18:58 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-11 17:25 - 2015-12-11 17:25 - 00147360 _____ C:\Windows\Minidump\121115-54428-01.dmp
2015-12-11 15:44 - 2015-12-11 15:44 - 00000000 ____H C:\Users\Patrick\Documents\Default.rdp
2015-12-11 15:26 - 2015-12-11 15:26 - 00000000 ____D C:\Users\Patrick\AppData\Local\Apps\2.0
2015-12-11 15:23 - 2015-12-11 16:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\Logo Plugin
2015-12-11 15:21 - 2015-12-11 15:22 - 00961952 _____ (Slimware Utilities, Inc.) C:\Users\Patrick\Downloads\DriverUpdate-setup (1).exe
2015-12-11 15:18 - 2015-12-12 04:15 - 00000000 ____D C:\Users\Patrick\AppData\Local\SecurityApps
2015-12-11 13:27 - 2015-12-28 02:27 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\ContentCleaner
2015-12-11 13:27 - 2015-12-11 13:27 - 00000000 _____ C:\Windows\system32\${FILE_SN_DLL}
2015-12-11 13:26 - 2015-12-13 09:08 - 00000000 ____D C:\Program Files\Common Files\Content Cleaner
2015-12-11 13:21 - 2015-12-11 13:21 - 19452096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-12-11 13:19 - 2015-12-11 21:34 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\updates
2015-12-11 13:19 - 2015-12-11 13:19 - 00004712 _____ C:\Windows\system32\Uhabda.ini
2015-12-11 13:19 - 2015-12-11 13:19 - 00002424 _____ C:\Windows\system32\UhabdaOff.ini
2015-12-11 13:18 - 2015-12-28 02:27 - 00000000 ____D C:\Users\Patrick\Documents\ProfessionalCleaningSoftware
2015-12-11 13:18 - 2015-12-13 08:00 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\SohniCudgi
2015-12-11 13:18 - 2015-12-12 04:15 - 00000000 ____D C:\Windows\system32\huq
2015-12-11 13:18 - 2015-12-11 22:53 - 00000000 ____D C:\Users\Patrick\AppData\Local\Tempfolder
2015-12-11 13:16 - 2015-12-28 02:27 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Company
2015-12-11 13:16 - 2015-12-28 02:27 - 00000000 ____D C:\uninst
2015-12-11 13:15 - 2015-12-11 13:15 - 00000000 _____ C:\Windows\system32\Number of results
2015-12-11 12:21 - 2015-12-11 12:20 - 00000895 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-11 12:20 - 2015-12-11 12:21 - 00000954 _____ C:\Windows\system32\${LOGFILE}
2015-12-11 11:33 - 2015-12-12 00:58 - 00000000 ____D C:\Users\Patrick\AppData\Local\Chromium
2015-12-11 11:31 - 2015-12-12 01:01 - 00000000 ____D C:\Users\Patrick\AppData\Local\{A7B391EF-831B-FD57-EE83-D8BFCAEB2427}
2015-12-11 11:31 - 2015-12-11 11:31 - 00772016 _____ (Reimage®) C:\Users\Patrick\Downloads\ReimageRepair.exe
2015-12-11 11:31 - 2015-12-11 11:31 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Opera Software
2015-12-11 11:31 - 2015-12-11 11:31 - 00000000 ____D C:\Users\Patrick\AppData\Local\Opera Software
2015-12-11 11:29 - 2015-12-11 11:33 - 00000000 ____D C:\Program Files\Opera
2015-12-11 11:29 - 2015-12-11 11:29 - 00000000 ____D C:\Users\Patrick\AppData\Local\IsolatedStorage
2015-12-11 11:26 - 2015-12-28 08:33 - 00000000 ____D C:\ProgramData\50d629fa-7741-0
2015-12-11 11:26 - 2015-12-28 08:33 - 00000000 ____D C:\ProgramData\50d629fa-2767-1
2015-12-11 10:29 - 2015-12-11 10:29 - 35309768 _____ (Totem Entertainment ) C:\Users\Patrick\Downloads\setup-dbabes_1CAylRQlKPUGoi.exe
2015-12-11 10:29 - 2015-12-11 10:29 - 35309768 _____ (Totem Entertainment ) C:\Users\Patrick\Downloads\setup-dbabes_1CAylRQlKPUGoi (1).exe
2015-12-11 10:16 - 2015-12-11 10:16 - 00000000 ____D C:\Users\Patrick\AppData\Local\Macromedia
2015-12-11 09:44 - 2015-12-11 09:44 - 09822199 _____ C:\Users\Patrick\Downloads\meganfox.themepack
2015-12-11 09:44 - 2015-12-11 09:44 - 09822199 _____ C:\Users\Patrick\Downloads\meganfox (1).themepack
2015-12-11 09:12 - 2015-12-11 09:12 - 23561856 _____ (Hola Networks Ltd.) C:\Users\Patrick\Downloads\Hola-Setup-1.10.764 (3).exe
2015-12-11 07:24 - 2015-12-11 07:25 - 14365056 _____ (RealVNC Ltd ) C:\Users\Patrick\Downloads\vnc-tool-5.2.3-x86_win32.exe
2015-12-11 06:31 - 2015-12-11 06:33 - 13367171 _____ C:\Users\Patrick\Downloads\VNC-5.2.3-Windows-msi (1).zip
2015-12-11 06:14 - 2015-12-11 06:14 - 00000000 ____D C:\ProgramData\RealVNC-Service
2015-12-11 06:13 - 2015-12-11 11:36 - 00000000 ____D C:\Users\Patrick\AppData\Local\RealVNC
2015-12-11 06:06 - 2015-12-11 06:08 - 12702888 _____ (RealVNC Ltd ) C:\Users\Patrick\Downloads\VNC-5.2.3-Windows.exe
2015-12-11 04:22 - 2015-12-11 04:23 - 23561856 _____ (Hola Networks Ltd.) C:\Users\Patrick\Downloads\Hola-Setup-1.10.764 (2).exe
2015-12-11 04:19 - 2015-12-11 04:20 - 23561856 _____ (Hola Networks Ltd.) C:\Users\Patrick\Downloads\Hola-Setup-1.10.764 (1).exe
2015-12-11 01:35 - 2015-12-11 01:35 - 00008528 _____ C:\Users\Patrick\Downloads\2WrLv.htm
2015-12-10 21:48 - 2015-12-10 21:48 - 23561856 _____ (Hola Networks Ltd.) C:\Users\Patrick\Downloads\Hola-Setup-1.10.764.exe
2015-12-10 17:07 - 2015-12-12 01:01 - 00000000 ____D C:\Users\DefaultAppPool
2015-12-10 16:27 - 2015-12-21 21:07 - 00001172 _____ C:\Users\Patrick\Desktop\Dropbox.lnk
2015-12-10 16:27 - 2015-12-12 04:15 - 00000000 ___RD C:\Users\Patrick\Dropbox
2015-12-10 16:26 - 2015-12-28 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 16:23 - 2015-12-10 16:23 - 00690072 _____ (Dropbox, Inc.) C:\Users\Patrick\Downloads\DropboxInstaller (1).exe
2015-12-10 16:21 - 2015-12-22 09:39 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-10 16:21 - 2015-12-22 09:26 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-10 16:21 - 2015-12-10 16:21 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Dropbox
2015-12-10 16:20 - 2015-12-28 08:35 - 00000000 ____D C:\Program Files\Dropbox
2015-12-10 16:20 - 2015-12-12 15:48 - 00000000 ____D C:\Users\Patrick\AppData\Local\Dropbox
2015-12-10 16:20 - 2015-12-10 16:20 - 00690072 _____ (Dropbox, Inc.) C:\Users\Patrick\Downloads\DropboxInstaller.exe
2015-12-10 16:20 - 2015-12-10 16:20 - 00000000 ____D C:\ProgramData\Dropbox
2015-12-10 14:03 - 2015-12-10 14:03 - 00056060 _____ C:\Users\Patrick\Downloads\3len6LTD.jpeg
2015-12-10 12:24 - 2015-12-21 21:09 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-10 12:24 - 2015-12-21 21:07 - 00001099 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-10 12:24 - 2015-12-12 08:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-10 12:24 - 2015-12-10 12:31 - 00000000 ____D C:\Users\Patrick\AppData\Local\Mozilla
2015-12-10 12:24 - 2015-12-10 12:25 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Mozilla
2015-12-10 12:24 - 2015-12-10 12:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-12-10 12:23 - 2015-12-10 12:23 - 00243656 _____ C:\Users\Patrick\Downloads\Firefox Setup Stub 42.0.exe
2015-12-10 10:10 - 2015-12-10 10:10 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-12-10 10:00 - 2015-12-12 04:15 - 00000000 ____D C:\Users\Patrick\Documents\SyncDroid
2015-12-10 10:00 - 2015-12-12 04:15 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\SyncDroid
2015-12-10 09:53 - 2015-12-10 09:59 - 24931000 _____ (JunTu Software, Inc. ) C:\Users\Patrick\Downloads\syncdroid.exe
2015-12-10 09:40 - 2015-12-11 10:16 - 00000030 _____ C:\AVScanner.ini
2015-12-10 09:13 - 2015-12-10 09:13 - 00000000 ____D C:\ProgramData\Sursen
2015-12-10 09:07 - 2015-12-10 09:07 - 00000000 ____D C:\Users\Patrick\Documents\SurDoc Universal Sync
2015-12-10 09:01 - 2015-12-10 09:01 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\SurDoc
2015-12-10 08:57 - 2015-12-10 08:58 - 02098288 _____ (SurDoc Corp.) C:\Users\Patrick\Downloads\SurDoc-20977.exe
2015-12-10 08:36 - 2015-12-10 08:36 - 00000060 __RSH C:\.Zoolz_DONotDelete.GUID
2015-12-10 08:33 - 2015-12-10 08:33 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Genie9
2015-12-10 08:32 - 2015-12-10 08:32 - 00000000 ____D C:\Program Files\Genie9
2015-12-10 07:44 - 2015-12-10 07:44 - 00000018 _____ C:\Users\Patrick\Documents\safe link.txt
2015-12-10 04:24 - 2015-12-10 04:24 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Temp
2015-12-10 03:25 - 2015-12-10 03:25 - 00001528 _____ C:\Users\Patrick\Documents\cw.txt
2015-12-10 03:15 - 2015-12-22 08:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-10 03:11 - 2015-12-10 03:11 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Adobe
2015-12-10 03:11 - 2015-12-10 03:11 - 00000000 ____D C:\Users\Patrick\AppData\Local\CEF
2015-12-10 02:44 - 2015-12-10 02:44 - 00000000 ____D C:\ProgramData\McAfee
2015-12-08 18:16 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 18:16 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 18:16 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 18:16 - 2015-11-10 13:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 18:16 - 2015-11-10 13:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 18:16 - 2015-11-10 12:40 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 18:15 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 18:15 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 18:15 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 18:15 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 18:15 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 18:15 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 18:15 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 18:15 - 2015-11-09 19:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 18:15 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 18:15 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 18:15 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 18:15 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 18:15 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 18:15 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 18:15 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 18:15 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 18:15 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 18:15 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 18:15 - 2015-11-09 19:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 18:15 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 18:15 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 18:15 - 2015-11-09 18:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 18:15 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 18:15 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 18:15 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 18:15 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 18:15 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 18:15 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 18:15 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 18:15 - 2015-11-09 18:36 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 18:15 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 18:15 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 18:15 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 18:15 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 18:14 - 2015-11-20 13:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 18:14 - 2015-11-20 13:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 18:14 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 18:14 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 18:14 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 18:14 - 2015-11-20 13:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 18:14 - 2015-11-20 13:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 18:14 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 18:14 - 2015-11-20 13:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 18:14 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 18:14 - 2015-11-20 13:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 18:14 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 18:14 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 18:10 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 18:10 - 2015-11-05 04:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 18:10 - 2012-05-31 23:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-12-08 18:10 - 2012-05-31 23:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-12-08 18:10 - 2012-05-31 23:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-12-08 18:10 - 2012-05-31 23:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-12-08 18:10 - 2012-05-31 23:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-12-08 18:10 - 2012-05-31 23:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-12-06 10:57 - 2015-12-06 10:57 - 00000133 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-12-06 10:57 - 2015-12-06 10:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\Caphyon
2015-12-06 10:53 - 2015-12-06 10:57 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\TriPlay
2015-12-06 09:41 - 2015-12-06 09:41 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Kodi
2015-12-06 09:41 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-12-06 09:41 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-12-06 09:35 - 2015-12-06 09:36 - 66591701 _____ C:\Users\Patrick\Downloads\kodi-15.2-Isengard.exe
2015-12-06 08:26 - 2015-12-06 08:26 - 00927824 _____ (Google Inc.) C:\Users\Patrick\Downloads\ChromeSetup.exe
2015-12-06 05:13 - 2015-12-06 05:13 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Skype
2015-12-06 05:10 - 2015-12-06 05:13 - 00000000 ____D C:\Users\Patrick\AppData\Local\SkypePlugin
2015-12-05 17:48 - 2015-12-22 04:57 - 00000000 ____D C:\inetpub
2015-12-05 08:02 - 2015-12-05 08:03 - 01243362 _____ C:\Users\Patrick\Downloads\bp_sitemap49 (1).xml.gz
2015-12-05 08:02 - 2015-12-05 08:02 - 01243362 _____ C:\Users\Patrick\Downloads\bp_sitemap49.xml.gz
2015-12-02 08:44 - 2015-12-02 08:44 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\CHARTER
2015-12-02 08:44 - 2015-12-02 08:44 - 00000000 ____D C:\Users\Patrick\AppData\Local\Charter
2015-12-01 20:31 - 2015-12-22 06:28 - 00000000 ____D C:\NPE
2015-12-01 20:27 - 2015-12-22 07:08 - 00000000 ____D C:\Users\Patrick\AppData\Local\NPE
2015-12-01 19:35 - 2015-12-12 08:25 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-12-01 19:34 - 2015-12-28 08:35 - 00000000 ____D C:\ProgramData\Norton
2015-12-01 19:34 - 2015-12-05 14:57 - 00000000 ____D C:\Program Files\Norton Security
2015-12-01 19:34 - 2015-12-05 14:56 - 00000000 ____D C:\Windows\system32\Drivers\NS
2015-12-01 19:33 - 2015-12-16 11:23 - 00000000 ____D C:\Program Files\NortonInstaller
2015-12-01 19:33 - 2015-12-13 04:04 - 00000000 ____D C:\ProgramData\NortonInstaller
2015-11-24 15:16 - 2015-12-28 08:35 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2015-11-24 06:56 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-11-24 06:56 - 2015-10-08 18:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-11-24 06:56 - 2015-10-08 18:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-11-24 06:56 - 2015-10-08 18:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-11-24 06:56 - 2015-10-08 14:13 - 00419928 _____ C:\Windows\system32\locale.nls
2015-11-24 05:32 - 2015-11-24 05:32 - 00000000 ____D C:\Users\Patrick\AppData\Local\Microsoft Corporation
2015-11-24 05:30 - 2015-11-24 05:30 - 08669472 _____ (Microsoft Corporation) C:\Users\Patrick\Downloads\Windows7UpgradeAdvisorSetup.exe
2015-11-24 04:52 - 2015-12-21 21:08 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
2015-11-24 04:49 - 2015-12-12 04:15 - 00000000 ____D C:\Windows\WindowsMobile
2015-11-24 04:32 - 2015-11-24 04:32 - 12644232 _____ (Microsoft Corporation) C:\Users\Patrick\Downloads\drvupdate-x86.exe
2015-11-24 03:19 - 2015-11-24 04:20 - 00000000 ____D C:\Users\Patrick\Downloads\bth.inf_amd64_neutral_a1e8f56d586ec10b
2015-11-24 03:18 - 2015-11-24 03:18 - 00453574 _____ C:\Users\Patrick\Downloads\bth.inf_amd64_neutral_a1e8f56d586ec10b.zip
2015-11-24 03:12 - 2015-12-12 04:15 - 00000000 ___RD C:\Users\Patrick\Documents\Scanned Documents
2015-11-24 03:12 - 2015-11-24 03:12 - 00000000 ____D C:\Users\Patrick\Documents\Fax
2015-11-24 03:02 - 2015-05-25 13:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-11-24 03:01 - 2015-05-25 13:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-11-24 03:01 - 2015-05-25 13:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-11-24 03:01 - 2015-05-25 13:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-11-24 03:01 - 2015-05-25 13:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-11-24 03:01 - 2015-05-25 13:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-11-24 02:59 - 2015-11-24 02:59 - 00000188 _____ C:\Windows\system32\HPWA.ini
2015-11-24 02:59 - 2015-11-24 02:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-11-24 02:57 - 2015-11-24 02:58 - 18561704 _____ (Hewlett-Packard Company ) C:\Users\Patrick\Downloads\sp49408.exe
2015-11-24 02:57 - 2015-11-24 02:58 - 18561704 _____ (Hewlett-Packard Company ) C:\Users\Patrick\Downloads\sp49408 (1).exe
2015-11-23 15:34 - 2015-12-12 04:15 - 00000000 ____D C:\Users\Patrick\Downloads\HP Downloads
2015-11-23 15:22 - 2015-12-28 08:29 - 00000000 ____D C:\Program Files\Realtek
2015-11-23 15:22 - 2015-11-23 15:21 - 00279656 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2015-11-23 15:22 - 2015-11-23 15:21 - 00080416 _____ C:\Windows\system32\RtNicProp32.dll
2015-11-23 15:14 - 2015-12-22 00:25 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForPatrick.job
2015-11-23 15:10 - 2015-11-23 15:10 - 00002173 _____ C:\Users\Patrick\Desktop\HP Support Assistant.lnk
2015-11-23 15:10 - 2015-11-23 15:10 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Hewlett-Packard
2015-11-23 15:10 - 2015-11-23 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-23 15:07 - 2015-11-23 15:24 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-23 15:07 - 2015-11-23 15:07 - 00000000 ____D C:\System.sav
2015-11-23 15:06 - 2015-11-23 15:06 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\hpqLog
2015-11-23 14:53 - 2015-12-13 09:12 - 00000000 ____D C:\Users\Patrick\Downloads\Intel Components
2015-11-23 14:53 - 2015-11-23 14:53 - 00000000 ____D C:\ProgramData\IntelDLM
2015-11-23 14:43 - 2015-11-23 14:43 - 00000000 ____D C:\ProgramData\Intel
2015-11-23 14:42 - 2015-12-12 04:16 - 00000000 ____D C:\Users\Patrick\AppData\Local\Intel
2015-11-23 14:41 - 2015-12-28 08:35 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2015-11-23 14:41 - 2015-12-21 21:07 - 00001122 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility.lnk
2015-11-23 14:41 - 2015-12-06 10:54 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-23 14:41 - 2015-11-23 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-11-23 14:39 - 2015-11-23 14:39 - 05061464 _____ (Intel) C:\Users\Patrick\Downloads\Intel Driver Update Utility Installer.exe
2015-11-23 14:06 - 2015-11-23 14:06 - 02928600 _____ (Hewlett-Packard ) C:\Users\Patrick\Downloads\sp45602.exe
2015-11-23 10:29 - 2015-12-28 08:29 - 00000000 ____D C:\Users\Patrick\AppData\Local\ElevatedDiagnostics
2015-11-23 09:51 - 2015-11-23 09:51 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\DriverDR.com
2015-11-22 18:08 - 2015-12-10 09:39 - 00000000 ____D C:\Program Files\TrackView
2015-11-22 18:07 - 2015-11-22 18:07 - 13638732 _____ (Cybrook, Inc. ) C:\Users\Patrick\Downloads\trackview_setup_en (1).exe
2015-11-22 18:04 - 2015-11-22 18:04 - 13638732 _____ (Cybrook, Inc. ) C:\Users\Patrick\Downloads\trackview_setup_en.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-28 08:36 - 2015-11-13 11:31 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-28 08:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-28 08:30 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-12-28 08:29 - 2015-11-13 08:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-12-28 08:27 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-22 09:38 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-22 09:21 - 2015-11-12 18:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-22 08:44 - 2009-07-13 21:37 - 00000000 ____D C:\Windows
2015-12-22 08:26 - 2009-07-13 23:34 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-22 08:26 - 2009-07-13 23:34 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-22 04:57 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\inetsrv
2015-12-22 04:57 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2015-12-22 04:16 - 2015-11-12 14:33 - 00000000 ____D C:\swsetup
2015-12-21 21:09 - 2015-11-12 14:34 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-12-21 21:09 - 2009-07-13 23:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-12-21 21:09 - 2009-07-13 23:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-12-21 21:09 - 2009-07-13 23:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-12-21 21:08 - 2009-07-13 23:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-12-21 21:07 - 2015-11-12 11:39 - 00001413 _____ C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-21 21:07 - 2009-07-13 23:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-12-21 21:07 - 2009-07-13 23:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-12-21 21:06 - 2015-11-12 11:38 - 00000000 ____D C:\Users\Patrick
2015-12-21 21:02 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Web
2015-12-21 20:58 - 2009-07-13 21:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-21 12:48 - 2015-11-16 19:09 - 00000000 ____D C:\Windows\Minidump
2015-12-21 12:47 - 2015-11-16 19:08 - 268398263 _____ C:\Windows\MEMORY.DMP
2015-12-21 11:26 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Help
2015-12-16 11:25 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\Msdtc
2015-12-16 11:25 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-12-14 03:44 - 2010-11-20 16:01 - 00785756 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-12 12:10 - 2015-11-12 18:23 - 00000000 ____D C:\Program Files\Google
2015-12-12 10:15 - 2015-11-12 16:15 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-12-12 07:13 - 2009-07-13 23:34 - 00012288 _____ C:\Windows\system32\umstartup.etl
2015-12-12 04:57 - 2009-07-13 21:37 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2015-12-12 04:16 - 2015-11-13 08:15 - 00000000 ____D C:\25918a71df0e14831f8408cf3a97
2015-12-12 04:16 - 2015-11-13 08:00 - 00000000 ____D C:\Users\Patrick\AppData\Local\Hewlett-Packard
2015-12-12 04:15 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-12 04:15 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\servicing
2015-12-12 03:55 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-11 19:16 - 2009-07-13 23:41 - 00001278 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop(41).ini
2015-12-11 19:03 - 2009-07-13 23:52 - 00000000 ___RD C:\Program Files\Windows Defender
2015-12-11 13:21 - 2015-11-12 18:23 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-11 13:21 - 2015-11-12 18:23 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-11 12:30 - 2009-07-13 21:04 - 00000505 _____ C:\Windows\win.ini
2015-12-11 10:16 - 2015-11-12 18:22 - 00000000 ____D C:\Users\Patrick\AppData\Local\Adobe
2015-12-10 09:14 - 2015-11-12 11:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\VirtualStore
2015-12-10 03:11 - 2015-11-12 18:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Adobe
2015-12-10 02:41 - 2015-11-16 14:12 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-09 12:24 - 2009-07-13 23:33 - 00272144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 01:09 - 2015-11-13 11:04 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 01:04 - 2015-11-13 11:04 - 137798368 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 20:08 - 2015-11-12 18:24 - 00000000 ____D C:\Users\Patrick\AppData\Local\Google
2015-12-05 17:49 - 2009-07-13 23:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-26 13:39 - 2011-04-11 21:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-24 02:59 - 2015-11-13 07:58 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-11-23 15:21 - 2011-06-10 06:34 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2015-11-23 14:55 - 2015-11-12 14:41 - 00000000 ____D C:\Program Files\Intel
 
==================== Files in the root of some directories =======
 
2015-12-28 07:03 - 2015-12-28 07:03 - 0000000 ____H () C:\Users\Patrick\AppData\Local\BIT8EF8.tmp
2015-11-18 19:29 - 2015-11-18 19:29 - 0000000 ____H () C:\Users\Patrick\AppData\Local\BITC37E.tmp
2015-12-28 00:46 - 2015-12-28 00:46 - 0000000 ____H () C:\Users\Patrick\AppData\Local\BITCFA.tmp
2015-12-28 06:58 - 2015-12-28 06:58 - 0000000 ____H () C:\Users\Patrick\AppData\Local\BITEEB4.tmp
2015-12-12 05:41 - 2015-12-16 08:20 - 0007604 _____ () C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg
2015-11-18 19:29 - 2015-11-18 19:29 - 0000000 _____ () C:\Users\Patrick\AppData\Local\{ECC8D4F5-FA06-40CF-BC8A-DE7F43CF06B2}
2015-12-06 10:57 - 2015-12-06 10:57 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-12-12 06:42 - 2015-12-12 06:43 - 0001364 _____ () C:\ProgramData\tempimage.bmp
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-12 05:35
 
==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   65.52KB   1 downloads

Edited by Cyco72us, 22 December 2015 - 10:52 PM.


BC AdBot (Login to Remove)

 


#2 Cyco72us

Cyco72us
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:michigan usa
  • Local time:03:32 PM

Posted 22 December 2015 - 09:36 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-12-2015
Ran by Patrick (2015-12-22 08:57:13)
Running from C:\Users\Patrick\Downloads
Microsoft Windows 7 Home Premium  (X86) (2015-11-12 16:38:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
111872 (S-1-5-21-1427679835-2329525423-855090277-1001 - Limited - Enabled) => C:\Users\111872.Patrick-PC
Administrator (S-1-5-21-1427679835-2329525423-855090277-500 - Administrator - Disabled)
Guest (S-1-5-21-1427679835-2329525423-855090277-501 - Limited - Disabled)
Patrick (S-1-5-21-1427679835-2329525423-855090277-1000 - Administrator - Enabled) => C:\Users\Patrick
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security with Backup (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security with Backup (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security with Backup (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{4B2BE1EE-25B0-3348-3266-2904A8880D32}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
AVG 2016 (Version: 16.0.4460 - AVG Technologies) Hidden
Chrome Remote Desktop Host (HKLM\...\{CDF9E1C8-4B97-4F8B-A848-7DD0E8BEB89F}) (Version: 47.0.2526.18 - Google Inc.)
Dropbox (HKLM\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
HP Support Assistant (HKLM\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
Intel Driver Update Utility (HKLM\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Norton Security with Backup (HKLM\...\NSBU) (Version: 22.5.2.15 - Symantec Corporation)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.25.824.2010 - Realtek)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SpaceSoundPro Service (HKLM\...\zz.10788.ssp) (Version: 1.0.0 - CSDI) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
21-12-2015 11:23:11 Malwarebytes Anti-Rootkit Restore Point
21-12-2015 17:03:33 Norton_Power_Eraser_20151221170332009
21-12-2015 17:36:33 Windows Update
22-12-2015 00:45:18 Installed Sophos Virus Removal Tool.
22-12-2015 04:55:57 Windows Modules Installer
28-12-2015 09:37:39 Norton_Power_Eraser_20151228093736034
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2015-12-11 12:20 - 00000895 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B1C37B5-5E1E-46DB-9183-0BBD7E326C4E} - System32\Tasks\{4D4C2D66-4234-4B09-A794-FCC7811105EB} => Chrome.exe 
Task: {12823527-F546-4461-B3C6-B9636D39699D} - System32\Tasks\HPCeeScheduleForPatrick => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {1680E583-C0A7-4D78-9AAD-DD484892CA16} - \ProfessionalCleaningSoftware_Popup -> No File <==== ATTENTION
Task: {1FAE7A74-121F-4280-A001-DC2E4C202DEC} - System32\Tasks\{DFA8DBD7-A9C1-4EBE-84BD-E47C9F60FB01} => Firefox.exe 
Task: {210F7C0C-BBB4-428A-9FD4-1AF442A4FC2F} - System32\Tasks\{E6AD8146-7E1E-41BB-8015-3505C01B586D} => Chrome.exe 
Task: {23AA6471-2F6F-4096-9A0B-57E4F5C0877F} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files\Norton Security with Backup\Norton Security with Backup\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {289B1225-0EC8-4AFC-8144-BC10458FC353} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {29A48AD3-768F-4731-82F6-1C9AC07B6BD1} - System32\Tasks\Aamibvu => C:\PROGRA~1\SHOPPE~1\Sofsik.bat
Task: {2DB3CA1F-CCF4-46CC-968F-A4BB31A6113B} - System32\Tasks\Klojleglih => C:\ProgramData\Klojleglih\1.0.7.1\isrufsea.exe
Task: {2EBCC7CD-0B75-4313-9C91-6593E11CE899} - System32\Tasks\Myrfewuf => C:\PROGRA~1\GROOVE~2\Fakfu.bat
Task: {2EC2ECE5-6B05-4598-98BE-D946839BE5A4} - System32\Tasks\SecurityApps2 => C:\Program Files\PC Optimizer\PC Optimizer\SecurityApps.exe
Task: {3FCCB10B-ED87-42AF-B527-BA59939FFBAA} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files\Norton Security with Backup\Norton Security with Backup\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {44F2151E-212E-45B5-8E5F-7619A3C87246} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {64F6429E-F743-4212-BE84-23B56553F9EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {7035F09C-B523-4B43-B8FA-DBD563DF3236} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {7D9DC494-3B12-4FC0-9566-DA9BB0163020} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {843BBB59-4DFF-46B6-9231-8C51D8420E51} - \Seventh -> No File <==== ATTENTION
Task: {895F7CAE-E55A-46FB-B67F-A824F5F77CFD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-12-10] (Dropbox, Inc.)
Task: {9B847B51-563C-4216-87F8-FDDF6CA1BFD4} - System32\Tasks\Nuvmukby => C:\PROGRA~1\SHOPPE~3\Ugawy.bat
Task: {9CFCA580-0035-4AE7-9CCE-2E2A3219B109} - \Sixth -> No File <==== ATTENTION
Task: {9FF3500B-D1CC-45D7-B898-3AB2FBCFC835} - System32\Tasks\{7241B22B-C890-4965-81AA-E3314274E6EE} => Chrome.exe 
Task: {AF81C712-21E6-4D1D-B616-5C3D9592B49C} - System32\Tasks\Jowpiod => C:\PROGRA~1\GROOVE~2\Etemlen.bat
Task: {B1B7AE92-6D5B-45DE-8CF5-FF917852E022} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {B4D4FB0D-4723-4F20-943E-7B3E9F0695BA} - \SushiLeads -> No File <==== ATTENTION
Task: {B58B61AE-0F00-457F-B62C-1B22B17F9991} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {BC0C990E-ACB9-48CB-B4FC-158B6445A1AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-12] (Google Inc.)
Task: {C542B05A-BF85-444F-920B-6D1205AAC976} - System32\Tasks\Noglo => C:\PROGRA~1\GROOVE~1\Iseii.bat
Task: {CD4D5974-35BD-49C0-ABC8-DDC6F1CAF8A8} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {CEEF9A7F-E188-4F60-8026-C760F97B72EA} - \ProfessionalCleaningSoftware_Start -> No File <==== ATTENTION
Task: {D1C5067F-2CAD-4216-B301-0F565C4A3D64} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security with Backup\Norton Security with Backup\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {D247FED8-2FA7-4025-B90F-CEA1AC06038E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D610679D-5661-46C8-ABA3-7B1B5F277E38} - System32\Tasks\Mosvonv => C:\PROGRA~1\SHOPPE~2\Eunoudha.bat
Task: {D746C3C4-9BC8-4D2D-9864-BE41CEFFA5CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-11] (Adobe Systems Incorporated)
Task: {E6C185AF-6708-434C-AF94-59E8AE8BE878} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-12] (Google Inc.)
Task: {F67166B5-903C-4FED-B530-520CA3EDD482} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {F94B2868-571A-4CA1-B1DC-2DEC9C8480C3} - System32\Tasks\{4548698D-33F7-47D4-A4E5-00CC569E1E85} => pcalua.exe -a "C:\Users\Patrick\Downloads\HP Downloads\Intel PRO Wireless Drivers for Microsoft Windows 7 - sp50655.exe" -d "C:\Users\Patrick\Downloads\HP Downloads"
Task: {FB6BCB05-1866-48EC-81A2-B67FF3D03AC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {FB93CD31-D539-43A3-A0F5-24C81350D6FD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-12-10] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d134e0d39f4f1b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPatrick.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-07-21 14:33 - 2010-07-21 14:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2015-12-12 08:29 - 2015-12-04 16:32 - 01583432 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-12 08:29 - 2015-12-04 16:32 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.80\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1427679835-2329525423-855090277-1000\...\hola.org -> hxxp://hola.org
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1427679835-2329525423-855090277-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1427679835-2329525423-855090277-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\111872.Patrick-PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [CoreNet-DNS-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{C7E4234D-08E4-4CF4-90D4-995C2946E29C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{4CA15B9F-35D1-4EA3-B68D-BA8D0506F312}C:\program files\trackview\trackview.exe] => (Allow) C:\program files\trackview\trackview.exe
FirewallRules: [UDP Query User{181DE372-D1DA-43EB-8FB2-9234A819FD38}C:\program files\trackview\trackview.exe] => (Allow) C:\program files\trackview\trackview.exe
FirewallRules: [{EAF427C6-4CB1-4BC6-B269-132DC12A323F}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [TCP Query User{31F69561-7997-4F83-AF96-81127F35292E}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{BC44C5E5-7A62-43B3-9A65-F617E1048827}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [{1ED49424-242C-42D1-BEE7-5600868AAAFC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A0958DEF-BCF2-4F7F-95A0-AD485425D6AF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F370BB03-C4F2-4967-9FD0-596FBBA7FD4B}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{A615FDAC-8FC6-49C9-8FBF-67342B8B2E49}C:\users\patrick\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Block) C:\users\patrick\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [UDP Query User{D457FD07-01F2-4BC7-8000-F2015632D4FB}C:\users\patrick\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Block) C:\users\patrick\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{20762D11-EC57-4C7F-AE48-0BA5CBA9D2E4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/22/2015 08:59:33 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3248) WebCacheLocal: An attempt to open the file "C:\Users\Patrick\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/22/2015 08:59:23 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3248) WebCacheLocal: An attempt to open the file "C:\Users\Patrick\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/22/2015 08:59:13 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3248) WebCacheLocal: An attempt to open the file "C:\Users\Patrick\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/22/2015 08:59:03 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3248) WebCacheLocal: An attempt to open the file "C:\Users\Patrick\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/22/2015 08:58:53 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3248) WebCacheLocal: An attempt to open the file "C:\Users\Patrick\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/22/2015 08:58:43 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3248) WebCacheLocal: An attempt to open the file "C:\Users\Patrick\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/22/2015 08:58:33 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3248) WebCacheLocal: An attempt to open the file "C:\Users\Patrick\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/22/2015 08:58:23 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3248) WebCacheLocal: An attempt to open the file "C:\Users\Patrick\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/22/2015 08:58:13 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3248) WebCacheLocal: An attempt to open the file "C:\Users\Patrick\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/22/2015 08:58:03 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3248) WebCacheLocal: An attempt to open the file "C:\Users\Patrick\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (12/22/2015 06:27:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/22/2015 06:27:16 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (12/22/2015 06:25:28 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/22/2015 06:16:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/22/2015 06:16:39 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (12/22/2015 06:14:21 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/22/2015 04:59:02 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (12/22/2015 04:48:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/22/2015 04:17:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/22/2015 04:12:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2015-12-11 15:46:21.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-11 15:46:21.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-11 15:42:26.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-11 15:42:26.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-11 15:41:53.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-11 15:40:51.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-11 15:40:51.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-11 15:40:05.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-11 15:39:39.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-11 15:39:39.177
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU U 380 @ 1.33GHz
Percentage of memory in use: 65%
Total physical RAM: 2485.86 MB
Available physical RAM: 861.17 MB
Total Virtual: 4970.03 MB
Available Virtual: 2620.12 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.43 GB) (Free:44.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 5AB95677)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by Cyco72us, 22 December 2015 - 11:06 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:32 PM

Posted 24 December 2015 - 12:02 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

For this process I will need additional attention. See my remark below.

Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden

===

Remove this process in bold via Control Panel > Programs and Feature applet.
SpaceSoundPro Service (HKLM\...\zz.10788.ssp) (Version: 1.0.0 - CSDI) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:


ShellExecuteHooks:  - {2FE8BE27-87FE-4DA8-ABBA-E6745D6E8712} - C:\Program Files\SurDoc\SurDocShellv3.dll No File [ ]
ShellIconOverlayIdentifiers: [.1SurDocSuccess] -> {72308719-579C-4659-BF50-FDF8CD781952} => C:\Program Files\SurDoc\SurDocShellv3.dll No File
ShellIconOverlayIdentifiers: [.2SurDocWorking] -> {E5F463A3-2717-4B4F-8136-8328FF6CFC08} => C:\Program Files\SurDoc\SurDocShellv3.dll No File
GroupPolicyUsers\S-1-5-21-1427679835-2329525423-855090277-1001\User: Restriction <======= ATTENTION
HKU\S-1-5-21-1427679835-2329525423-855090277-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF NetworkProxy: "autoconfig_url", "http://127.0.0.1:5050/pac"
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 2
FF user.js: detected! => C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ppjcynbk.default\user.js [2015-12-22]
FF Extension: Discover Treasure - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ppjcynbk.default\Extensions\{7a7bca54-96ed-4df4-a9ce-76091cfaaee6}.xpi [2015-12-11] [not signed]
CHR Extension: (Hola VPN) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmolfjcfkljcegibacpmhnanbfkbmcnh [2015-12-12]
CHR Extension: (Popup Blocker Pro) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2015-12-12]
S3 EraserUtilDrv11520; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11520.sys [X]
S3 STHDA; system32\DRIVERS\stwrt.sys [X]
Task: {1680E583-C0A7-4D78-9AAD-DD484892CA16} - \ProfessionalCleaningSoftware_Popup -> No File <==== ATTENTION
Task: {289B1225-0EC8-4AFC-8144-BC10458FC353} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {29A48AD3-768F-4731-82F6-1C9AC07B6BD1} - System32\Tasks\Aamibvu => C:\PROGRA~1\SHOPPE~1\Sofsik.bat
Task: {2DB3CA1F-CCF4-46CC-968F-A4BB31A6113B} - System32\Tasks\Klojleglih => C:\ProgramData\Klojleglih\1.0.7.1\isrufsea.exe
Task: {2EBCC7CD-0B75-4313-9C91-6593E11CE899} - System32\Tasks\Myrfewuf => C:\PROGRA~1\GROOVE~2\Fakfu.bat
Task: {2EC2ECE5-6B05-4598-98BE-D946839BE5A4} - System32\Tasks\SecurityApps2 => C:\Program Files\PC Optimizer\PC Optimizer\SecurityApps.exe
Task: {843BBB59-4DFF-46B6-9231-8C51D8420E51} - \Seventh -> No File <==== ATTENTION
Task: {9B847B51-563C-4216-87F8-FDDF6CA1BFD4} - System32\Tasks\Nuvmukby => \Ugawy.bat
Task: {9CFCA580-0035-4AE7-9CCE-2E2A3219B109} - \Sixth -> No File <==== ATTENTION
Task: {AF81C712-21E6-4D1D-B616-5C3D9592B49C} - System32\Tasks\Jowpiod => C:\PROGRA~1\GROOVE~2\Etemlen.bat
Task: {B1B7AE92-6D5B-45DE-8CF5-FF917852E022} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {B4D4FB0D-4723-4F20-943E-7B3E9F0695BA} - \SushiLeads -> No File <==== ATTENTION
Task: {C542B05A-BF85-444F-920B-6D1205AAC976} - System32\Tasks\Noglo => C:\PROGRA~1\GROOVE~1\Iseii.bat
Task: {CD4D5974-35BD-49C0-ABC8-DDC6F1CAF8A8} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {CEEF9A7F-E188-4F60-8026-C760F97B72EA} - \ProfessionalCleaningSoftware_Start -> No File <==== ATTENTION
Task: {D610679D-5661-46C8-ABA3-7B1B5F277E38} - System32\Tasks\Mosvonv => C:\PROGRA~1\SHOPPE~2\Eunoudha.bat
IE trusted site: HKU\S-1-5-21-1427679835-2329525423-855090277-1000\...\hola.org -> hxxp://hola.org
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ppjcynbk.default\Extensions\{7a7bca54-96ed-4df4-a9ce-76091cfaaee6}.xpi
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmolfjcfkljcegibacpmhnanbfkbmcnh
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai 
C:\PROGRA~1\SHOPPE~1
C:\PROGRA~1\SHOPPE~2
C:\PROGRA~1\SHOPPE~3
C:\ProgramData\Klojleglih
C:\PROGRA~1\GROOVE~1
C:\PROGRA~1\GROOVE~2
C:\Program Files\PC Optimizer

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

I need more information on this.

Please run the Farbar Recovery Scan Tool. Enter Itibiti in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

Please post the logs and let me know what problem persists.

#4 Cyco72us

Cyco72us
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:michigan usa
  • Local time:03:32 PM

Posted 24 December 2015 - 07:22 PM

I clicked on uninstall on soundspace pro it it was already uninstalled . and do you want to clear it from list . I clicked yes I don't know if its gone though.

#5 Cyco72us

Cyco72us
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:michigan usa
  • Local time:03:32 PM

Posted 24 December 2015 - 08:04 PM

and i cant find the location to save  the fixljst.txt



#6 Cyco72us

Cyco72us
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:michigan usa
  • Local time:03:32 PM

Posted 24 December 2015 - 08:25 PM

I save it in c: users/patick/programs/frst.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:32 PM

Posted 25 December 2015 - 09:24 AM

Please the Fixlist.txt file in the downloads folder in bold.
Running from C:\Users\Patrick\Downloads

This is were the Farbar tool is located.

Run the Farbar tool and hid the fix button.

Post the Fixlog.txt that will be created.

===

I also need to the results of the AdwCleaner and the Search from Farbar...

Let me know what problem persists.

#8 Cyco72us

Cyco72us
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:michigan usa
  • Local time:03:32 PM

Posted 25 December 2015 - 02:38 PM

I have tried and tried to get frst to fix but tells me no fixlist found .but its there.

#9 Cyco72us

Cyco72us
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:michigan usa
  • Local time:03:32 PM

Posted 25 December 2015 - 08:24 PM

i have both files in the same place, but when i click fix it say no fixlist found and that i have to have them in the same place .i notice they had the shield symbol on there icons.some of the other had that and now they don't. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:32 PM

Posted 26 December 2015 - 09:13 AM

The operating system any not like that the tool is running from the Downloads folder.

Copy both the Farbar programs .exe and the FixList.txt file to your Desktop.
Run the fix from that folder.

Keep me posted.

#11 Cyco72us

Cyco72us
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:michigan usa
  • Local time:03:32 PM

Posted 26 December 2015 - 03:13 PM

I have tried that . I even recopied a couple times . when the fixlist box comes up is says c:\users\patrick\desktop\fixlis~1.exe

#12 Cyco72us

Cyco72us
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:michigan usa
  • Local time:03:32 PM

Posted 27 December 2015 - 01:35 AM

My system won't run the dos program.it says the ntvdm cpu has encountered an illegal instruction. Should I downloaded dosbox or something will it work?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:32 PM

Posted 27 December 2015 - 10:29 AM

Your Fixlist.txt file is malformed. The extension should be .txt not .exe

c:\users\patrick\desktop\fixlis~1.exe



Remove all the Fixlist.* file you have created.

Download the attach fixlist.txt file and place on your Desktop where the Farbar tool is located.
Run the tool and click the Fix button.

Attached Files



#14 Cyco72us

Cyco72us
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:michigan usa
  • Local time:03:32 PM

Posted 27 December 2015 - 10:32 AM

I have try both ways.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:32 PM

Posted 27 December 2015 - 10:51 AM


NTVDM CPU Has Encountered an Illegal Instruction
See this Microsoft Article.
https://support.microsoft.com/en-us/kb/245184

Is the message exactly the same?

This may be different.

CS: 04c3 IP:3937 OP:c71c 9d 37 00


Run the SFC.exe

To check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users