Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS_PROBE_FINISHED_NXDOMAIN after Virus Removed


  • This topic is locked This topic is locked
3 replies to this topic

#1 liveimpact

liveimpact

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 01 January 2016 - 08:08 PM

I had a friend send me an Email with an attachement - yup - that was stupid....SHAME ON ME.
I scanned it for VIRUS - but none found. So I though OK
After running it - my antivirus started kicking in.... but the damage was done.
 
As soon as the Virus alert occured, I turned off the computer and restarted in SAFE MODE with NETWORK.
 
Then I was going to restore to the last restore point. But the VIIRUS had deleted the restore points - all of them.
I tried Last Known, and that did not work either.
 
I then started to look around for tools to help me isolate the actual problem.
It seems that the VIPRE was able to remove the VIRUS, but not after the VIRUS had damaged the OS.
 
The Virus also took out the LSP - and I tried the FIXLSP - that did nothing.
Have tried various tools that really are the easy fixes....  like resetting the IP and Winsock etc...
 
So I created a C++ program to test out what occured.  And while PING will resolve to an IP Address, as well as NSLOOKUP, the call to get the physical address fails, but the code works just fine on other systems.
 
I have had other weird issues occur in the past and most of the time - the standard RESET and FIXES work or they get associated with a specific USER PROFILE.
 
So I created a brand new profile and re-tested, yup same issue.
 
 
Using C++ get_hostby_name function - I found that works if run from the Virtual machine - but even in the Virtual machine Chrome/ie/etc.... fail.
 
But the same call in normal non-virtual mode - fails.
 
So this is not your normal - just reset and keep going....  More stuff has been stepped on ....
 
HELP
 
So things that I know are wrong...
 
LSP Stack XXXXXXXXXXXX
DNS LOOKUP XXXXXXXXX
 
CHROME XXXXXXXXXXXXX
FIREFOX  XXXXXXXXXXXXX
IE-11   XXXXXXXXXXXXXXXX
SAFARI  XXXXXXXXXXXXXXX
Any Program API DNS LOOKUP using
 
Here is the Logs
 
Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Liveimpact (2016-01-01 18:30:04)
Running from C:\Users\Liveimpact\Desktop
Boot Mode: Normal

================== Search Files: "dnsapi.dll" =============

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
[2011-04-15 15:44][2011-03-03 00:12] 0270336 ____A (Microsoft Corporation) 1F79F611109C2B97260B68FD6B4FC7DD [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
[2011-04-15 15:44][2011-03-03 00:38] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9 [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
[2011-04-28 08:10][2010-11-20 07:18] 0270336 ____A (Microsoft Corporation) 59DF156711A76BCB993253EC6C9BBF41 [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_49006e49e950e0ac\dnsapi.dll
[2011-04-15 15:44][2011-03-03 00:50] 0270336 ____A (Microsoft Corporation) 11DD7EB4446F25C132D0D8527DDCAF4D [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_4833ef7cd065b8b3\dnsapi.dll
[2011-04-15 15:44][2011-03-03 00:29] 0269824 ____A (Microsoft Corporation) 62390F4ACE9E2B63E3CA26B7F7497897 [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_482c18d6d06b2c0d\dnsapi.dll
[2009-07-13 18:12][2009-07-13 20:15] 0269824 ____A (Microsoft Corporation) 6D5A49D6479EB753C7879F73A4C35E0F [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
[2011-04-15 15:44][2011-03-03 01:12] 0357888 ____A (Microsoft Corporation) DCC0888655823103F19EF8FFD330080D [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
[2011-04-15 15:44][2011-03-03 01:24] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2011-04-28 08:10][2010-11-20 08:26] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsapi.dll
[2011-04-15 15:44][2011-03-03 01:23] 0356864 ____A (Microsoft Corporation) B538E393F7FD85A054106FF21A4240EA [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsapi.dll
[2011-04-15 15:44][2011-03-03 01:17] 0356352 ____A (Microsoft Corporation) E247E7DEB20C0CF0801A8AC39E9CE1DF [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsapi.dll
[2009-07-13 18:21][2009-07-13 20:40] 0356352 ____A (Microsoft Corporation) 05A2D26ACF0939A4E97160315F1FA12E [File is digitally signed]

C:\Windows\SysWOW64\dnsapi.dll
[2011-04-15 15:44][2011-03-03 00:38] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9 [File is digitally signed]

C:\Windows\System32\dnsapi.dll
[2011-04-15 15:44][2011-03-03 01:24] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File is digitally signed]

====== End of Search ======
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Liveimpact (administrator) on ZEONVIDEO7 (01-01-2016 18:47:03)
Running from C:\Users\Liveimpact\Desktop
Loaded Profiles: Liveimpact (Available Profiles: tom & Liveimpact)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft) C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
() C:\Program Files\Kerio\MailServer\AVUpdater\AVUpdaterServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Swiftpage ACT! LLC) C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Areson) C:\Program Files (x86)\Sentey\Lumenata Pro\Gaming Driver.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2583040 2009-09-21] (VIA)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe [8619008 2009-11-06] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-09-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [18944 2013-08-22] (Swiftpage ACT! LLC)
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [268984 2013-09-18] (Swiftpage)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [$REGNAME] => C:\Program Files (x86)\Sentey\Lumenata Pro\Gaming Driver.exe [3965440 2014-05-07] (Areson)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2015-03-30]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B83E8F1-C895-4A2A-A0AB-A2551F02C8BF}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0B83E8F1-C895-4A2A-A0AB-A2551F02C8BF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3627307450-2533143303-2593669786-1020 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3627307450-2533143303-2593669786-1020 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll [2013-09-05] ()
DPF: HKLM {A4639D2F-774E-11D3-A490-00C04F6843FB} hxxp://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll [2013-09-05] ()

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_45\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-11-20] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin64.dll [2014-11-03] (Skype)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-12-19] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-07-14] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-12-23] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-11-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-14] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-12-19] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-07-14] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-07-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-07-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-07-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-07-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-07-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-07-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-07-26] (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-09-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-10-24] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Liveimpact\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Liveimpact\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-01]
CHR Extension: (Google Drive) - C:\Users\Liveimpact\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-01]
CHR Extension: (YouTube) - C:\Users\Liveimpact\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-01]
CHR Extension: (Google Search) - C:\Users\Liveimpact\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-01]
CHR Extension: (Gmail) - C:\Users\Liveimpact\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-09-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Act! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [90112 2013-08-22] (Swiftpage ACT! LLC) [File not signed]
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27136 2013-08-22] (Microsoft) [File not signed]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [27136 2013-08-22] (Microsoft) [File not signed]
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-08-03] (Advanced Micro Devices) [File not signed]
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
R2 AVUpdaterserv; C:\Program Files\Kerio\MailServer\AVUpdater\AVUpdaterServices.exe [663552 2015-12-09] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-12-08] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 KerioMailServer; C:\Program Files\Kerio\MailServer\mailserver.exe [36712736 2015-12-09] (Kerio Technologies Inc.) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NSBackupServer tom@zeonvideo7; C:\Program Files\Novosoft\Handy Backup 7\BackupServer.exe [2636280 2015-10-29] (Novosoft LLC)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-19] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [251832 2010-12-02] (arvato digital services llc)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S4 SQLAgent$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 r_server; "C:\Windows\SysWOW64\r_server.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R0 acs6nts; C:\Windows\System32\DRIVERS\acs6nts.sys [29744 2010-06-01] (Windows ® Win 7 DDK provider)
S2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [297672 2015-08-04] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [185744 2015-10-21] (GenesysLogic)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-04-08] (Razer Inc)
S3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [32936 2014-04-08] (Razer Inc)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-11-20] () [File not signed]
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
U3 a37kr1j1; C:\Windows\System32\Drivers\a37kr1j1.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S1 archlp; SysWOW64\drivers\archlp.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 cpuz136; \??\C:\Users\tom\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 19:12 - 2016-01-01 19:12 - 02370560 ____N (Farbar) C:\Users\Liveimpact\Desktop\FRST64.exe
2016-01-01 18:30 - 2016-01-01 18:32 - 00003673 _____ C:\Users\Liveimpact\Desktop\Search.txt
2016-01-01 18:27 - 2016-01-01 18:27 - 00003083 _____ C:\Users\Liveimpact\Desktop\Fixlog.txt
2016-01-01 18:15 - 2016-01-01 18:15 - 00068646 _____ C:\Users\Liveimpact\Desktop\Addition.txt
2016-01-01 18:14 - 2016-01-01 18:47 - 00033340 _____ C:\Users\Liveimpact\Desktop\FRST.txt
2016-01-01 18:13 - 2016-01-01 18:47 - 00000000 ____D C:\FRST
2016-01-01 17:59 - 2016-01-01 17:59 - 00000000 ____H C:\Users\Liveimpact\Documents\Default.rdp
2016-01-01 17:57 - 2016-01-01 18:07 - 00000000 ____D C:\Users\Liveimpact\AppData\Local\Adobe
2016-01-01 17:57 - 2016-01-01 17:57 - 00000000 ____D C:\Users\Liveimpact\AppData\Roaming\IsolatedStorage
2016-01-01 17:57 - 2016-01-01 17:57 - 00000000 ____D C:\Users\Liveimpact\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
2016-01-01 17:57 - 2016-01-01 17:57 - 00000000 ____D C:\Users\Liveimpact\AppData\Roaming\ATI
2016-01-01 17:57 - 2016-01-01 17:57 - 00000000 ____D C:\Users\Liveimpact\AppData\Roaming\ACT
2016-01-01 17:57 - 2016-01-01 17:57 - 00000000 ____D C:\Users\Liveimpact\AppData\Local\IsolatedStorage
2016-01-01 17:57 - 2016-01-01 17:57 - 00000000 ____D C:\Users\Liveimpact\AppData\Local\ATI
2016-01-01 17:56 - 2016-01-01 18:07 - 00000000 ____D C:\Users\Liveimpact\AppData\Roaming\Adobe
2016-01-01 17:56 - 2016-01-01 17:58 - 00002297 _____ C:\Users\Liveimpact\Desktop\Google Chrome.lnk
2016-01-01 17:56 - 2016-01-01 17:57 - 00000000 ___RD C:\Users\Liveimpact\Virtual Machines
2016-01-01 17:56 - 2016-01-01 17:57 - 00000000 ____D C:\Users\Liveimpact\AppData\Roaming\VIPRE
2016-01-01 17:56 - 2016-01-01 17:56 - 00001455 _____ C:\Users\Liveimpact\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-01 17:56 - 2016-01-01 17:56 - 00000442 __RSH C:\Users\Liveimpact\ntuser.pol
2016-01-01 17:56 - 2016-01-01 17:56 - 00000020 ___SH C:\Users\Liveimpact\ntuser.ini
2016-01-01 17:56 - 2016-01-01 17:56 - 00000000 _SHDL C:\Users\Liveimpact\My Documents
2016-01-01 17:56 - 2016-01-01 17:56 - 00000000 _SHDL C:\Users\Liveimpact\Documents\My Videos
2016-01-01 17:56 - 2016-01-01 17:56 - 00000000 _SHDL C:\Users\Liveimpact\Documents\My Pictures
2016-01-01 17:56 - 2016-01-01 17:56 - 00000000 _SHDL C:\Users\Liveimpact\Documents\My Music
2016-01-01 17:56 - 2016-01-01 17:56 - 00000000 ____D C:\Users\Liveimpact\AppData\Local\NVIDIA Corporation
2016-01-01 17:56 - 2016-01-01 17:56 - 00000000 ____D C:\Users\Liveimpact\AppData\Local\NVIDIA
2016-01-01 17:56 - 2016-01-01 17:56 - 00000000 ____D C:\Users\Liveimpact\AppData\Local\Google
2016-01-01 17:56 - 2016-01-01 17:56 - 00000000 ____D C:\Users\Liveimpact
2016-01-01 17:56 - 2012-07-16 15:59 - 00000000 ____D C:\Users\Liveimpact\AppData\Roaming\Macromedia
2016-01-01 17:56 - 2012-04-21 02:01 - 00000000 ____D C:\Users\Liveimpact\Documents\Visual Studio 2008
2016-01-01 17:56 - 2010-11-21 03:00 - 00000000 ____D C:\Users\Liveimpact\AppData\Local\Microsoft Help
2016-01-01 17:56 - 2009-07-14 02:45 - 00000000 ____D C:\Users\Liveimpact\AppData\Roaming\Media Center Programs
2016-01-01 13:11 - 2016-01-01 13:11 - 00000020 _____ C:\Windows\ úL
2016-01-01 13:05 - 2016-01-01 13:05 - 00000000 ____D C:\Users\tom\AppData\Local\Anvisoft
2016-01-01 13:04 - 2016-01-01 13:04 - 00001317 _____ C:\Users\Public\Desktop\Anvi Browser Repair Tool.lnk
2016-01-01 13:04 - 2016-01-01 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2016-01-01 13:04 - 2016-01-01 13:04 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2016-01-01 12:49 - 2016-01-01 13:04 - 00000000 ____D C:\Users\tom\Desktop\REPAIR
2016-01-01 10:14 - 2016-01-01 10:14 - 00006306 _____ C:\Users\tom\Desktop\Windows Compatibility Report.htm
2016-01-01 10:04 - 2016-01-01 10:36 - 00001908 _____ C:\Windows\diagwrn.xml
2016-01-01 10:04 - 2016-01-01 10:36 - 00001908 _____ C:\Windows\diagerr.xml
2016-01-01 09:49 - 2016-01-01 09:49 - 00001455 _____ C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-01 03:03 - 2016-01-01 03:03 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-12-31 22:56 - 2014-04-04 21:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\tcpip.sys
2015-12-31 22:56 - 2014-04-04 21:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\tcpip.sysBAD
2015-12-31 21:10 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-31 21:10 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-31 21:10 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-31 21:10 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-31 21:10 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-31 21:10 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-31 21:10 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-31 21:10 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-31 21:10 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-31 21:10 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-31 21:10 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-31 21:10 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-31 21:10 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-31 21:10 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-31 21:10 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-31 21:10 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-31 21:10 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-31 21:10 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-31 21:10 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-31 21:10 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-31 21:10 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-31 21:10 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-31 21:10 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-31 21:10 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-31 21:10 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-31 21:10 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-31 21:10 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-31 21:10 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-31 21:10 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-31 21:10 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-31 21:10 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-31 21:10 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-31 21:10 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-31 21:10 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-31 21:10 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-12-31 21:10 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-12-31 21:10 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-31 21:10 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-12-31 21:10 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-12-31 21:10 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-12-31 21:10 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-12-31 21:10 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-12-31 21:10 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-12-31 21:10 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-31 21:10 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-12-31 21:10 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-12-31 21:10 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-12-31 21:10 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-12-31 21:10 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-12-31 21:10 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-12-31 21:10 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-31 21:10 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-12-31 21:10 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-12-31 21:10 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-12-31 21:10 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-12-31 21:10 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-12-31 21:10 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-12-31 21:10 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-12-31 21:10 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-12-31 21:10 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-12-31 21:10 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-12-31 21:10 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-12-31 21:10 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-31 21:10 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-12-31 21:10 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-12-31 21:10 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-12-31 21:10 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-12-31 21:10 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-12-31 21:10 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-12-31 21:10 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-12-31 21:10 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-12-31 21:10 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-12-31 21:10 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-12-31 21:10 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-12-31 21:10 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-12-31 21:10 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-12-31 21:10 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-12-31 21:10 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-12-31 21:10 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-12-31 21:10 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-12-31 21:09 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-31 21:09 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-31 21:09 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-31 21:09 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-31 21:09 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-31 21:09 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-31 21:09 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-31 21:09 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-31 21:09 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-31 21:09 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-31 21:09 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-31 21:09 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-31 21:09 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-31 21:09 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-31 21:09 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-31 21:09 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-31 21:09 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-31 21:09 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-31 21:09 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-31 21:09 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-31 21:09 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-31 21:09 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-31 21:09 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-31 21:09 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-31 21:09 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-31 21:09 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-31 21:09 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-31 21:09 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-31 21:09 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-31 21:09 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-31 21:09 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-31 21:09 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-31 21:09 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-31 21:09 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-31 21:09 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-31 21:09 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-31 21:09 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-31 21:09 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-31 21:09 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-31 21:09 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-31 21:09 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-31 21:09 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-31 21:09 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-31 21:09 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-31 21:09 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-31 21:09 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-31 21:09 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-31 21:09 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-31 21:09 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-31 21:09 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-31 21:09 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-31 21:09 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-31 21:09 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-31 21:09 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-31 21:09 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-31 21:09 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-31 21:09 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-31 21:09 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-31 21:09 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-31 21:09 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-31 21:09 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-31 21:09 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-31 21:09 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-31 21:09 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-31 21:09 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-31 21:09 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-31 21:09 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-12-31 21:09 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-12-31 21:09 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-12-31 21:09 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-12-31 21:09 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-12-31 21:09 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-12-31 21:09 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-12-31 21:09 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-12-31 21:09 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-12-31 21:09 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-12-31 21:09 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-12-31 21:09 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-12-31 21:09 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-12-31 20:24 - 2015-12-31 20:24 - 01378217 ____N C:\Users\tom\Desktop\comintrep_2103.zip
2015-12-31 19:44 - 2014-04-04 21:25 - 01294272 _____ (Microsoft Corporation) C:\tcpip.sys
2015-12-31 19:44 - 2012-10-03 10:21 - 00035328 _____ (Microsoft Corporation) C:\tcpipreg.sys
2015-12-31 17:31 - 2015-12-31 17:31 - 00201030 _____ C:\Users\tom\Downloads\lspfix[1].zip
2015-12-31 13:39 - 2016-01-01 13:04 - 00000000 ____D C:\Program Files\Cloud Imperium Games
2015-12-31 13:39 - 2015-12-31 14:22 - 00000949 _____ C:\Users\tom\Desktop\Star Citizen Launcher.lnk
2015-12-31 13:39 - 2015-12-31 13:39 - 111464086 _____ (Cloud Imperium Games) C:\Users\tom\Downloads\Star_Citizen_Launcher_Setup.exe
2015-12-31 13:39 - 2015-12-31 13:39 - 00000000 ____D C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher
2015-12-31 13:39 - 2015-12-31 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher
2015-12-31 10:09 - 2015-12-31 10:10 - 06556128 _____ (ThreatTrack Security, Inc) C:\Users\tom\Downloads\setup-vipre-antivirus-en-us-trial.exe
2015-12-31 09:58 - 2015-12-31 09:59 - 166048490 _____ C:\Users\tom\Downloads\Data (1).zip
2015-12-31 09:44 - 2015-12-31 09:44 - 00000884 _____ C:\Users\Public\Desktop\AM V18.0 64bit.lnk
2015-12-31 09:44 - 2015-12-31 09:44 - 00000878 _____ C:\Users\Public\Desktop\AM Netrender V18.0 64bit.lnk
2015-12-31 09:20 - 2015-12-31 09:21 - 57848310 _____ C:\Users\tom\Downloads\AM_64BIT.exe
2015-12-31 09:20 - 2015-12-31 09:21 - 166048490 _____ C:\Users\tom\Downloads\Data.zip
2015-12-31 09:06 - 2015-12-27 09:33 - 00122880 _____ C:\Users\tom\Desktop\Hash.Animation.Master.v18.0m.AVX.X64.exe
2015-12-31 09:03 - 2015-12-27 09:33 - 00122880 _____ C:\Users\tom\Desktop\Hash.Animation.Master.v18.0n.AVX.X64.exe
2015-12-30 11:40 - 2015-12-30 16:18 - 00000000 ____D C:\Users\tom\Desktop\84 Moser
2015-12-29 11:13 - 2015-12-29 11:13 - 00000000 ____D C:\Users\tom\AppData\Local\PhotoKey 7 Pro Activation
2015-12-29 11:13 - 2015-12-29 11:13 - 00000000 ____D C:\Users\tom\AppData\Local\FXHOME Helper
2015-12-29 11:12 - 2015-12-29 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoKey 7 Pro
2015-12-29 11:12 - 2015-12-29 11:12 - 00000000 ____D C:\Program Files\FXHOME
2015-12-29 11:11 - 2015-12-29 11:12 - 90607616 _____ C:\Users\tom\Downloads\PhotoKey7Pro_x64_7.0.15349.11115.msi
2015-12-23 15:04 - 2015-12-23 15:33 - 00000000 ____D C:\Users\tom\Desktop\Aparna
2015-12-21 09:23 - 2015-12-21 10:46 - 00000000 ____D C:\Users\tom\Desktop\JR
2015-12-16 09:44 - 2015-12-16 09:54 - 00000000 ____D C:\Users\tom\Desktop\Samson2015ChrismasParty
2015-12-16 00:31 - 2015-12-16 00:31 - 00000000 ____D C:\Users\tom\AppData\Roaming\Unity
2015-12-16 00:31 - 2015-12-16 00:31 - 00000000 ____D C:\Users\tom\AppData\LocalLow\Unity
2015-12-16 00:31 - 2015-12-16 00:31 - 00000000 ____D C:\Users\tom\AppData\Local\Unity
2015-12-16 00:10 - 2015-12-16 00:10 - 00000000 ____D C:\RGames
2015-12-16 00:09 - 2015-12-16 00:09 - 27864920 _____ (Riot Games) C:\Users\tom\Downloads\LeagueofLegends_NA_Installer_9_15_2014 (3).exe
2015-12-16 00:04 - 2015-12-16 00:04 - 27864920 _____ (Riot Games) C:\Users\tom\Downloads\LeagueofLegends_NA_Installer_9_15_2014 (2).exe
2015-12-15 23:59 - 2015-12-15 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-15 23:49 - 2015-12-15 23:49 - 27864920 _____ (Riot Games) C:\Users\tom\Downloads\LeagueofLegends_NA_Installer_9_15_2014 (1).exe
2015-12-10 18:18 - 2015-12-10 18:18 - 27864920 _____ (Riot Games) C:\Users\tom\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2015-12-09 16:51 - 2015-12-09 16:51 - 00793843 _____ C:\Users\tom\Downloads\kerio-api-php-1.3.0-62.zip
2015-12-09 16:00 - 2015-12-09 16:02 - 269002280 _____ (Kerio Technologies Inc.) C:\Users\tom\Downloads\kerio-connect-9.0.0-291-win64.exe
2015-12-09 15:40 - 2015-12-09 15:41 - 263035936 _____ (Kerio Technologies Inc.) C:\Users\tom\Downloads\kerio-connect-9.0.0-291-win32.exe
2015-12-09 14:30 - 2015-12-09 14:31 - 205539856 _____ (Kerio Technologies Inc.) C:\Users\tom\Downloads\kerio-connect-8.4.1-3789-win32.exe
2015-12-09 14:30 - 2015-12-09 14:31 - 205375320 _____ (Kerio Technologies Inc.) C:\Users\tom\Downloads\kerio-connect-8.4.1-3789-win64.exe
2015-12-09 10:34 - 2015-12-09 10:34 - 00000000 ____D C:\Program Files\Kerio
2015-12-09 10:21 - 2015-12-31 09:18 - 00000000 ____D C:\Users\tom\AppData\Roaming\Usenet.nl
2015-12-09 10:21 - 2015-12-31 09:14 - 00000000 ____D C:\Users\tom\Documents\Usenet.nl
2015-12-09 10:21 - 2015-12-09 10:21 - 07457256 _____ ( ) C:\Users\tom\Downloads\UsenetNLSetup_1.30.exe
2015-12-09 10:21 - 2015-12-09 10:21 - 00001931 _____ C:\Users\tom\Desktop\Usenet.nl.lnk
2015-12-09 10:21 - 2015-12-09 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Usenet.nl
2015-12-09 10:21 - 2015-12-09 10:21 - 00000000 ____D C:\Program Files (x86)\Usenet.nl
2015-12-04 11:36 - 2015-12-04 11:36 - 00511450 _____ C:\Users\tom\Documents\LiveImpactBizCard-TomHelmke.fw.pdf
2015-12-04 11:35 - 2015-12-04 11:35 - 00512772 _____ C:\Users\tom\Documents\LiveImpactBizCard-Stu-Macrae.pdf
2015-12-03 14:55 - 2015-12-03 14:55 - 00566399 _____ C:\Users\tom\Documents\AgentBizCard-2016.fw.pdf
2015-12-03 10:57 - 2015-12-03 10:57 - 00004559 _____ C:\Users\tom\Downloads\zdsf4mom4dukpfxxe7g4cojcpkds9cor.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 18:41 - 2012-11-14 18:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-01 18:38 - 2011-01-24 14:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-01 18:38 - 2011-01-24 14:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-01 18:36 - 2013-10-01 09:39 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3627307450-2533143303-2593669786-1000UA.job
2016-01-01 18:23 - 2015-05-18 19:54 - 00000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3627307450-2533143303-2593669786-1000.job
2016-01-01 18:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-01 18:05 - 2009-07-13 23:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-01 18:05 - 2009-07-13 23:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-01 18:02 - 2015-11-23 15:30 - 00003014 _____ C:\Windows\System32\Tasks\UMonitor Task
2016-01-01 17:57 - 2015-11-24 21:06 - 00000344 _____ C:\Windows\lgfwup.ini
2016-01-01 17:57 - 2015-11-24 21:06 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2016-01-01 17:57 - 2014-04-18 10:52 - 00306528 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2016-01-01 17:57 - 2014-01-30 09:21 - 00000000 ____D C:\ProgramData\VIPRE
2016-01-01 17:57 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-01 17:55 - 2014-04-21 12:05 - 00000000 ____D C:\Users\tom\AppData\Roaming\Skype
2016-01-01 17:55 - 2014-04-18 11:07 - 00000000 ____D C:\ProgramData\Origin
2016-01-01 17:53 - 2010-11-20 16:06 - 00007604 _____ C:\Users\tom\AppData\Local\Resmon.ResmonCfg
2016-01-01 17:16 - 2015-05-31 04:07 - 00000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3627307450-2533143303-2593669786-1000.job
2016-01-01 13:17 - 2010-11-20 18:05 - 00000000 ____D C:\Users\tom\AppData\Local\Adobe
2016-01-01 13:13 - 2015-11-24 21:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-01 13:13 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-01 13:11 - 2015-04-27 20:55 - 00004229 _____ C:\Windows\SysWOW64\PCPELog.txt
2016-01-01 13:11 - 2014-08-16 12:59 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-01-01 13:10 - 2013-06-11 15:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2016-01-01 12:26 - 2014-01-13 17:47 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{43CAA15F-5B56-4740-94CB-8813E31B8756}
2016-01-01 11:46 - 2009-07-14 00:13 - 00910650 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-01 11:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-01 11:37 - 2010-11-20 17:03 - 00002350 ____H C:\Users\tom\Documents\Default.rdp
2016-01-01 07:36 - 2013-10-01 09:39 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3627307450-2533143303-2593669786-1000Core.job
2016-01-01 03:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-01 03:32 - 2009-07-13 23:45 - 07190720 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-01 03:28 - 2015-10-29 16:49 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-01-01 03:28 - 2015-04-04 08:40 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-01 03:13 - 2010-11-21 00:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-01 03:05 - 2010-11-20 21:00 - 00905026 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-01 03:02 - 2009-07-14 02:47 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-31 20:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-31 19:22 - 2010-11-20 15:56 - 00000000 ____D C:\Users\tom
2015-12-31 19:20 - 2014-01-30 09:22 - 00000000 ____D C:\Program Files (x86)\VIPRE
2015-12-31 19:20 - 2014-01-07 20:24 - 00000000 ____D C:\ProgramData\Protexis
2015-12-31 19:20 - 2010-11-20 19:59 - 00000000 ___RD C:\Users\tom\Virtual Machines
2015-12-31 19:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-12-31 17:15 - 2013-09-10 02:12 - 00000000 ____D C:\ProgramData\firebird
2015-12-31 17:15 - 2011-04-04 00:36 - 00000030 _____ C:\Windows\SysWOW64\assist.err
2015-12-31 16:15 - 2011-05-03 10:30 - 00000000 ____D C:\Users\tom\AppData\Local\ElevatedDiagnostics
2015-12-31 15:53 - 2011-02-04 16:31 - 01114046 _____ C:\Windows\ntbtlog.txt
2015-12-31 10:17 - 2015-11-25 17:22 - 01065984 _____ C:\Users\tom\AppData\Local\file__0.localstorage
2015-12-31 09:44 - 2013-12-02 12:24 - 00000882 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AM V18.0 64bit.lnk
2015-12-30 19:31 - 2015-05-31 04:07 - 00003660 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3627307450-2533143303-2593669786-1000
2015-12-30 19:31 - 2015-05-18 19:54 - 00003564 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3627307450-2533143303-2593669786-1000
2015-12-30 11:36 - 2015-11-22 19:53 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-12-30 11:36 - 2013-01-29 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-29 12:37 - 2013-03-20 11:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-29 12:37 - 2010-12-10 23:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-29 11:41 - 2012-11-14 18:58 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-29 11:41 - 2012-11-14 18:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-29 11:41 - 2012-11-14 18:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-29 11:13 - 2013-10-03 09:55 - 00000000 ____D C:\Users\tom\AppData\Local\FXhome
2015-12-29 11:12 - 2013-10-03 09:55 - 00000000 ____D C:\ProgramData\FXhome
2015-12-29 11:12 - 2011-04-14 16:28 - 00000000 ____D C:\Users\tom\Documents\FXhome
2015-12-29 09:16 - 2015-01-29 12:08 - 00000000 ____D C:\Users\tom\AppData\Local\LogMeInIgnition
2015-12-28 15:19 - 2013-03-20 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-19 09:18 - 2012-05-08 10:57 - 00000000 ____D C:\ProgramData\Skype
2015-12-19 09:16 - 2015-09-18 21:45 - 00000000 ____D C:\Program Files (x86)\Origin
2015-12-16 00:41 - 2010-11-29 17:31 - 00000000 ____D C:\Users\tom\AppData\Roaming\Mozilla
2015-12-16 00:30 - 2010-11-22 21:50 - 00000000 ____D C:\Users\tom\AppData\Local\Deployment
2015-12-16 00:11 - 2013-06-20 22:06 - 00000000 ____D C:\Users\tom\AppData\Roaming\Riot Games
2015-12-15 23:59 - 2014-03-02 16:10 - 00000000 ____D C:\Users\tom\AppData\Local\Skype
2015-12-15 23:59 - 2012-05-08 10:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-13 22:06 - 2012-11-19 04:00 - 00000000 ____D C:\Users\tom\AppData\Roaming\LolClient
2015-12-09 16:04 - 2013-09-10 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerio
2015-12-09 16:04 - 2010-11-20 16:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-09 14:35 - 2010-11-21 20:57 - 00000000 ____D C:\Program Files (x86)\Kerio
2015-12-04 12:12 - 2015-10-07 08:09 - 03863975 _____ C:\Users\tom\Documents\Photo-Flyer.fw.pdf
2015-12-03 18:33 - 2011-01-24 14:24 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 18:33 - 2011-01-24 14:24 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 13:14 - 2011-01-06 20:40 - 00000000 ____D C:\Users\tom\Documents\Snagit
2015-12-02 07:31 - 2013-10-01 09:39 - 00003870 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3627307450-2533143303-2593669786-1000UA
2015-12-02 07:31 - 2013-10-01 09:39 - 00003474 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3627307450-2533143303-2593669786-1000Core

==================== Files in the root of some directories =======

2014-12-05 15:34 - 2014-12-05 15:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-10 17:24 - 2012-06-20 15:49 - 0015681 _____ () C:\ProgramData\hpzinstall.log
2015-03-10 13:22 - 2015-03-10 13:22 - 0000119 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-11-14 19:54 - 2015-02-25 14:41 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\tom\en_res.dll
C:\Users\tom\es_res.dll
C:\Users\tom\fr_res.dll
C:\Users\tom\gotomypc_533.exe
C:\Users\tom\gotomypc_540.exe
C:\Users\tom\gotomypc_626.exe
C:\Users\tom\grm_res.dll
C:\Users\tom\it_res.dll
C:\Users\tom\jp_res.dll
C:\Users\tom\mfc80u.dll
C:\Users\tom\msvcr80.dll
C:\Users\tom\PCPE Setup.exe
C:\Users\tom\pt_res.dll
C:\Users\tom\ResourceReader.dll
C:\Users\tom\ru_res.dll
C:\Users\tom\zh_res.dll


Some files in TEMP:
====================
C:\Users\tom\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe
C:\Users\tom\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\tom\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\tom\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\tom\AppData\Local\Temp\nvStInst.exe
C:\Users\tom\AppData\Local\Temp\nvz_1.exe
C:\Users\tom\AppData\Local\Temp\nvz_2.exe
C:\Users\tom\AppData\Local\Temp\raptrpatch.exe
C:\Users\tom\AppData\Local\Temp\raptr_stub.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-30 00:03

==================== End of FRST.txt ============================

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:10 AM

Posted 02 January 2016 - 10:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3627307450-2533143303-2593669786-1020 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3627307450-2533143303-2593669786-1020 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_45\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-09-15] [not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 r_server; "C:\Windows\SysWOW64\r_server.exe" /service [X]
U3 a37kr1j1; C:\Windows\System32\Drivers\a37kr1j1.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S1 archlp; SysWOW64\drivers\archlp.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 cpuz136; \??\C:\Users\tom\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
C:\Windows\System32\Drivers\a37kr1j1.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log.

I also need to see the Addition.txt file that was created by the Farbar tool.
Please post it for my review.

How is the computer running now?

#3 liveimpact

liveimpact
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 04 January 2016 - 03:11 PM

well thanks for the FRST - fixlist....

 

I was able to "REPAIR" the Windows 7 64 install by doing the following....

 

Uninstalled IE 11 --> IE 8

Uninstalled SP1

 

Originally I was planning on doing a SYSTEM UPGRADE.... but that will only work if the OS is the SAME or OLDER.

And with SP1 installed - the UPGRADE was stopped.

 

But after un-installing SP1 - the Network DNS was repaired.  I DID take a backup of the infected / corrupted system.

But the system DNS and other systems started to work after I did that...

 

RECAP - 

I received a file via email.

Scanned the file for Virus.  None found

Ran the File, and started to get alerts about multiple Virus launches.

Did a force Shutdown via power right away.

Rebooted into safe mode and removed the virus that were found - about 3 were found.

Rebooted - and No Browser DNS

Tried to go back to a restore point, but they were all removed (am guessing by the virus)

The computer was now isolated with no network connections.

The virus had killed LSP , DNS , BACKUP , and several other systems. OUCH....

 

I hand repaired corrupted DLL's and SYS file - coping them from a similar system, but that did not 

get the Network 100%.  It did get the computer so the NETWORK would work for FTP and local network shareing.

 

I continue to try various recovery methods to get the SYSTEM working....while they were all good....they did not fix the issue.

So I believe that the damage was more complex than so of the tools could deal with....

 

This took 2 days to get to this point....

I could have reinstalled the entire OS and reinstall all 250 programs that I use....but each time I tried something - I got closer and closer

to solving the issue.

 

Then I decided to do an UPGRADE to the same VERSION, but needed to uninstall IE 11 & SP1.

This step took about 6 hours and many reboots etc...

 

After doing that - the system started to work....So I took a backup & took a restore point.

 

Then I re-installed SP1 and that took an additional 6 hours.

I left IE 8 installed for now...

 

Again I did a restore point and backup.

 

Then I got you FIXLIST  - and ran that as an additional fix....

 

So at this point - the system is working and has been one of the more complex fixes.

 

Tools used

BRTSETUP

COMINTREP_2103

FRST64

LSPFIX

EastFix20140.mini.diagcab - from Microsoft.

 

While these tools helped - they did not 100% fix the corruption.

I never figured out exactly where the corruption was.  

 

But bottle line - I should have and a good / SYSTEM backup.  I backup all of my data file and now have included a complete OS backup every 2 weeks.

 

Feel free to contact me, but this ticket is closed.....after 2 day of very frustrating issues.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:10 AM

Posted 05 January 2016 - 09:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users