Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MITM, XSS, and many more compromises on my network.


  • This topic is locked This topic is locked
16 replies to this topic

#1 Lisamichele

Lisamichele

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 19 January 2016 - 12:17 AM

Assuming you are getting actual post I can only say,,,,, a have major issues. Can't get Farbar to run due to error with "endpoint mapper"



BC AdBot (Login to Remove)

 


#2 Lisamichele

Lisamichele
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 19 January 2016 - 12:46 AM

Here is a Zoek log I created using optic disk drive.

 

 

Zoek.exe Version 5.0.0.0 Updated 31-December-2015

Tool run by Administrator on Tue 01/19/2016 at 0:37:51.04.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: D:\zoek\zoek.exe [Scan all users] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2015-07-06-000008.log 97107 bytes

C:\zoek-results2015-08-24-033012.log 276644 bytes

C:\zoek-results2016-01-19-005905.log 69341 bytes

C:\zoek-results2016-01-19-053637.log 100322 bytes

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

C:\Windows\system32\UI0Detect.exe

C:\Program Files\VoodooShield\VoodooShieldService.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\REGEDIT.EXE

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\MsSpellCheckingFacility.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

D:\zoek\zoek.exe

C:\Windows\system32\conhost.exe

==== Windows Installer Info ======================

Adobe Reader XI (11.0.10) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B744BA0000000010]C:\Windows\Installer\7d003f.msi

Dell Data Vault [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DFEE55E22612D7A41985DE0B0365306A]C:\Windows\Installer\1890dd1.msi

Dell Support Center (Support Software) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\55EEFB3E2E930EB49B6698EF8583221C]C:\Windows\Installer\d254e.msi

Dell SupportAssistAgent [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8C84378274B863C4FA8244A1B3D77822]C:\Windows\Installer\1890d88.msi

Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\108989c.msi

Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC]C:\Windows\Installer\50d4e.msi

Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6414876250E69FF3395387C6C7F05BEB]C:\Windows\Installer\15ad64b.msi

Microsoft Security Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EAABCF9D27BDB884690DA03A8C290C6D]c:\Windows\Installer\6d6f5.msi

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1007C6B46D7C017319E3B52CF3EC196E]c:\Windows\Installer\21358a.msi

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D]c:\Windows\Installer\53457e.msi

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]c:\Windows\Installer\213585.msi

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\Windows\Installer\534584.msi

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C173E5AD3336A8D3394AF65D2BB0CCE6]c:\Windows\Installer\5b0a90.msi

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D04BB691875110D32B98EBCF771AA1E1]c:\Windows\Installer\5a95ce.msi

WIDCOMM Bluetooth Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A94D9E94FD183147BBDD5788A3980E8]C:\Windows\Installer\64473.msi

==== Checking Systemdrive for Symlinks ======================

Volume in drive C has no label.

Volume Serial Number is 90E0-9FE2

Directory of C:\

07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]

0 File(s) 0 bytes

Directory of C:\ProgramData

07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]

07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]

07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]

07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]

07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users

07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]

07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]

0 File(s) 0 bytes

Directory of C:\Users\Administrator

05/02/2015 01:03 AM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Roaming]

05/02/2015 01:03 AM <JUNCTION> Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]

05/02/2015 01:03 AM <JUNCTION> Local Settings [C:\Users\Administrator\AppData\Local]

05/02/2015 01:03 AM <JUNCTION> My Documents [C:\Users\Administrator\Documents]

05/02/2015 01:03 AM <JUNCTION> NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

05/02/2015 01:03 AM <JUNCTION> PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

05/02/2015 01:03 AM <JUNCTION> Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]

05/02/2015 01:03 AM <JUNCTION> SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]

05/02/2015 01:03 AM <JUNCTION> Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]

05/02/2015 01:03 AM <JUNCTION> Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Administrator\AppData\Local

05/02/2015 01:03 AM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Local]

05/02/2015 01:03 AM <JUNCTION> History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]

05/02/2015 01:03 AM <JUNCTION> Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Administrator\Documents

05/02/2015 01:03 AM <JUNCTION> My Music [C:\Users\Administrator\Music]

05/02/2015 01:03 AM <JUNCTION> My Pictures [C:\Users\Administrator\Pictures]

05/02/2015 01:03 AM <JUNCTION> My Videos [C:\Users\Administrator\Videos]

0 File(s) 0 bytes

Directory of C:\Users\All Users

07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]

07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]

07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]

07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]

07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\bee

08/03/2015 10:44 PM <JUNCTION> Application Data [C:\Users\bee\AppData\Roaming]

08/03/2015 10:44 PM <JUNCTION> Cookies [C:\Users\bee\AppData\Roaming\Microsoft\Windows\Cookies]

08/03/2015 10:44 PM <JUNCTION> Local Settings [C:\Users\bee\AppData\Local]

08/03/2015 10:44 PM <JUNCTION> My Documents [C:\Users\bee\Documents]

08/03/2015 10:44 PM <JUNCTION> NetHood [C:\Users\bee\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

08/03/2015 10:44 PM <JUNCTION> PrintHood [C:\Users\bee\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

08/03/2015 10:44 PM <JUNCTION> Recent [C:\Users\bee\AppData\Roaming\Microsoft\Windows\Recent]

08/03/2015 10:44 PM <JUNCTION> SendTo [C:\Users\bee\AppData\Roaming\Microsoft\Windows\SendTo]

08/03/2015 10:44 PM <JUNCTION> Start Menu [C:\Users\bee\AppData\Roaming\Microsoft\Windows\Start Menu]

08/03/2015 10:44 PM <JUNCTION> Templates [C:\Users\bee\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\bee\AppData\Local

08/03/2015 10:44 PM <JUNCTION> Application Data [C:\Users\bee\AppData\Local]

08/03/2015 10:44 PM <JUNCTION> History [C:\Users\bee\AppData\Local\Microsoft\Windows\History]

08/03/2015 10:44 PM <JUNCTION> Temporary Internet Files [C:\Users\bee\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\bee\Documents

08/03/2015 10:44 PM <JUNCTION> My Music [C:\Users\bee\Music]

08/03/2015 10:44 PM <JUNCTION> My Pictures [C:\Users\bee\Pictures]

08/03/2015 10:44 PM <JUNCTION> My Videos [C:\Users\bee\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Default

07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]

11/17/2015 12:46 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]

07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]

07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]

07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]

07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]

07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Default\AppData\Local

07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]

07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Default\Documents

07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]

07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]

07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]

0 File(s) 0 bytes

Directory of C:\Users\doony\doony.ls-pc

12/22/2015 02:45 AM <JUNCTION> Application Data [C:\Users\doony.ls-pc\AppData\Roaming]

12/22/2015 02:45 AM <JUNCTION> Cookies [C:\Users\doony.ls-pc\AppData\Roaming\Microsoft\Windows\Cookies]

12/22/2015 02:45 AM <JUNCTION> Local Settings [C:\Users\doony.ls-pc\AppData\Local]

12/22/2015 02:45 AM <JUNCTION> My Documents [C:\Users\doony.ls-pc\Documents]

12/22/2015 02:45 AM <JUNCTION> NetHood [C:\Users\doony.ls-pc\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

12/22/2015 02:45 AM <JUNCTION> PrintHood [C:\Users\doony.ls-pc\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

12/22/2015 02:45 AM <JUNCTION> Recent [C:\Users\doony.ls-pc\AppData\Roaming\Microsoft\Windows\Recent]

12/22/2015 02:45 AM <JUNCTION> SendTo [C:\Users\doony.ls-pc\AppData\Roaming\Microsoft\Windows\SendTo]

12/22/2015 02:45 AM <JUNCTION> Start Menu [C:\Users\doony.ls-pc\AppData\Roaming\Microsoft\Windows\Start Menu]

12/22/2015 02:45 AM <JUNCTION> Templates [C:\Users\doony.ls-pc\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\doony\doony.ls-pc\AppData\Local

12/22/2015 02:45 AM <JUNCTION> Application Data [C:\Users\doony.ls-pc\AppData\Local]

12/22/2015 02:45 AM <JUNCTION> History [C:\Users\doony.ls-pc\AppData\Local\Microsoft\Windows\History]

12/22/2015 02:45 AM <JUNCTION> Temporary Internet Files [C:\Users\doony.ls-pc\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\doony\doony.ls-pc\Documents

12/22/2015 02:45 AM <JUNCTION> My Music [C:\Users\doony.ls-pc\Music]

12/22/2015 02:45 AM <JUNCTION> My Pictures [C:\Users\doony.ls-pc\Pictures]

12/22/2015 02:45 AM <JUNCTION> My Videos [C:\Users\doony.ls-pc\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Guest

08/04/2015 09:12 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]

08/04/2015 09:12 PM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]

08/04/2015 09:12 PM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]

08/04/2015 09:12 PM <JUNCTION> My Documents [C:\Users\Guest\Documents]

08/04/2015 09:12 PM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

08/04/2015 09:12 PM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

08/04/2015 09:12 PM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]

08/04/2015 09:12 PM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]

08/04/2015 09:12 PM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]

08/04/2015 09:12 PM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Guest\AppData\Local

08/04/2015 09:12 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]

08/04/2015 09:12 PM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]

08/04/2015 09:12 PM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Guest\Documents

08/04/2015 09:12 PM <JUNCTION> My Music [C:\Users\Guest\Music]

08/04/2015 09:12 PM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]

08/04/2015 09:12 PM <JUNCTION> My Videos [C:\Users\Guest\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Lisa

01/05/2015 04:07 PM <JUNCTION> Application Data [C:\Users\Lisa\AppData\Roaming]

01/05/2015 04:07 PM <JUNCTION> Cookies [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies]

01/05/2015 04:07 PM <JUNCTION> Local Settings [C:\Users\Lisa\AppData\Local]

01/05/2015 04:07 PM <JUNCTION> My Documents [C:\Users\Lisa\Documents]

01/05/2015 04:07 PM <JUNCTION> NetHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

01/05/2015 04:07 PM <JUNCTION> PrintHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

01/05/2015 04:07 PM <JUNCTION> Recent [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Recent]

01/05/2015 04:07 PM <JUNCTION> SendTo [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\SendTo]

01/05/2015 04:07 PM <JUNCTION> Start Menu [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu]

01/05/2015 04:07 PM <JUNCTION> Templates [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Lisa\AppData\Local

01/05/2015 04:07 PM <JUNCTION> Application Data [C:\Users\Lisa\AppData\Local]

01/05/2015 04:07 PM <JUNCTION> History [C:\Users\Lisa\AppData\Local\Microsoft\Windows\History]

01/05/2015 04:07 PM <JUNCTION> Temporary Internet Files [C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Lisa\Documents

01/05/2015 04:07 PM <JUNCTION> My Music [C:\Users\Lisa\Music]

01/05/2015 04:07 PM <JUNCTION> My Pictures [C:\Users\Lisa\Pictures]

01/05/2015 04:07 PM <JUNCTION> My Videos [C:\Users\Lisa\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Public\Documents

07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]

07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]

07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]

0 File(s) 0 bytes

Total Files Listed:

0 File(s) 0 bytes

114 Dir(s) 424,037,203,968 bytes free

 

==== Installed Programs ======================

Adobe Flash Player 18 ActiveX

Atheros Client Installation Program

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Attack Surface Analyzer

CDBurnerXP

Citrix Online Launcher

Dell Data Vault

Dell Support Center (Support Software)

Dell SupportAssist

Dell SupportAssistAgent

Dell System Detect

Dell Wireless Driver Installation

Google Chrome

Google Update Helper

ManageEngine Firewall Analyzer 8

McAfee Security Scan Plus

Microsoft .NET Framework 4.5.2

Microsoft Security Client

Microsoft Security Essentials

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

NetTools 5.0

RegRun Reanimator

Revo Uninstaller 1.95

Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)

Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)

Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)

Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)

Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)

Security Update for Microsoft .NET Framework 4.5.2 (KB3074550)

Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)

Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)

SpyHolesList 1.5 release

Tweaking.com - Windows Repair

VoodooShield version 2.75

WIDCOMM Bluetooth Software

Windows 7 USB/DVD Download Tool

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 3547 MB

CPU Info: Pentium® Dual-Core CPU T4500 @ 2.30GHz

CPU Speed: 387.4 MHz

Sound Card: Speakers (High Definition Audio |

Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Generic PnP Monitor |

Screen Resolution: 1366 X 768 - 32 bit

Network: Network Present

Network Adapters: Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20) | Atheros AR9285 802.11b/g/n WiFi Adapter

CD / DVD Drives: 1x (D: | ) D: Optiarc DVD+-RW AD-7717H

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 2 Button Mouse Present

Hard Disks: C: 465.7GB

Hard Disks - Free: C: 394.9GB

Manufacturer *: Dell Inc.

BIOS Info: AT/AT COMPATIBLE | 09/13/10 | DELL - 27da090d

Time Zone: Eastern Standard Time

Motherboard *: Dell Inc. 0N7J7M

Country: United States

Language: ENU

==== System Specs (Software) ======================

AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Internet Explorer Version: 11.0.9600.18163

Google Chrome version: 47.0.2526.111

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2016-01-18 06:17:51 72F2D357120F95C1E725C22915FE95E1 193 ----a-w- C:\Windows\WORDPAD.INI

====== C:\Users\ADMINI~1\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2016-01-19 01:17:21 4489D5077C5D2396E3A94D652ADAE1CA 14336 ----a-w- C:\Windows\SysWOW64\fixmapi.exe

2016-01-19 01:17:21 2BB34CC2D6DF7194F46C6508589EF8FD 76800 ----a-w- C:\Windows\SysWOW64\mapistub.dll

2016-01-19 01:17:21 2BB34CC2D6DF7194F46C6508589EF8FD 76800 ----a-w- C:\Windows\SysWOW64\mapi32.dll

2016-01-19 01:16:57 3553707B119AD5AAF1F31BFF5517A093 627712 ----a-w- C:\Windows\SysWOW64\usp10.dll

2016-01-19 01:16:27 A0BF4CD0C8F805A816B67C004B12E24D 30208 ----a-w- C:\Windows\SysWOW64\wups.dll

2016-01-19 01:16:25 C66D020B1C268FF9AB1672C99E76CA66 174080 ----a-w- C:\Windows\SysWOW64\wuwebv.dll

2016-01-19 01:16:25 B1384CCEFB8F64EC85AECB70AFB91D8D 93696 ----a-w- C:\Windows\SysWOW64\wudriver.dll

2016-01-19 01:16:25 9AA46606BCC013F5FB7E5B70FAB1ABE0 573440 ----a-w- C:\Windows\SysWOW64\wuapi.dll

2016-01-19 01:16:25 58B9CFDD032CB92CEC0D3E8454E4C766 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe

2016-01-19 01:15:50 0A78439765E31510D75C9E2284F3A722 833024 ----a-w- C:\Windows\SysWOW64\user32.dll

2016-01-19 01:15:49 FDB73E2FFDEE1F28D1AF3B80E3F0FE99 1251328 ----a-w- C:\Windows\SysWOW64\DWrite.dll

2016-01-19 01:15:11 EB11947B250AD259755939A2DE349FBB 14848 ----a-w- C:\Windows\SysWOW64\wshrm.dll

2016-01-19 01:14:17 F60154A0DD1DCCF2EE75BE45A676BA51 1242624 ----a-w- C:\Windows\SysWOW64\comsvcs.dll

2016-01-19 01:14:17 169BDD4EF6E99E43720534E07798400C 487936 ----a-w- C:\Windows\SysWOW64\catsrvut.dll

2016-01-19 01:06:25 BBCD95BC468665A596D7ED2D6233A34E 509952 ----a-w- C:\Windows\SysWOW64\qedit.dll

2016-01-19 01:05:57 EDCAA72A69E36517F1493F09B8A834F7 829952 ----a-w- C:\Windows\SysWOW64\MSMPEG2ENC.DLL

2016-01-19 01:05:57 A7FAA81D1622D6AF4467A81B42D30DBE 241152 ----a-w- C:\Windows\SysWOW64\MPG4DECD.DLL

2016-01-19 01:05:57 8A2A7AA90CBA77DD44FBAE713B4B3877 415744 ----a-w- C:\Windows\SysWOW64\MP4SDECD.DLL

2016-01-19 01:05:57 5DCE986C8D7E91B455FB3D57BF955A2A 79872 ----a-w- C:\Windows\SysWOW64\MP3DMOD.DLL

2016-01-19 01:05:57 0697FF546D6D70AE7F77EF6398004153 241152 ----a-w- C:\Windows\SysWOW64\MP43DECD.DLL

2016-01-19 01:05:56 3CC0EF43C256D0A28C908F36AD06963D 970240 ----a-w- C:\Windows\SysWOW64\msmpeg2adec.dll

2016-01-19 01:05:55 7C135C38EC6586F7562CFBC184A514E2 2285056 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll

2016-01-19 01:05:54 FEB2B13697D1C482D84FB626A0F1F73A 2048 ----a-w- C:\Windows\SysWOW64\mferror.dll

2016-01-19 01:05:54 BBE4D9B89B3FBC97C0F381C2F9C4ADEF 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe

2016-01-19 01:05:54 5342DCCA8EA8ED193ACAAD14A5046982 354816 ----a-w- C:\Windows\SysWOW64\mfplat.dll

2016-01-19 01:05:53 936E6F6F76136BC73B13D25A254BC84B 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe

2016-01-19 01:05:53 92BBFF13DE00F30DABC03CFF59D8678E 609280 ----a-w- C:\Windows\SysWOW64\MFWMAAEC.DLL

2016-01-19 01:05:53 4FBCDC326769C31CB283981A51C867F3 53248 ----a-w- C:\Windows\SysWOW64\mfvdsp.dll

2016-01-19 01:05:53 41BAC1A440EAA15AD4CC15B0C7870AB0 103424 ----a-w- C:\Windows\SysWOW64\mfps.dll

2016-01-19 01:05:52 EDB8F80672DBF24C6C522A29F5854F14 153600 ----a-w- C:\Windows\SysWOW64\COLORCNV.DLL

2016-01-19 01:05:52 BE2D4165A6845FEE05CBD36D8B41E518 193536 ----a-w- C:\Windows\SysWOW64\ksproxy.ax

2016-01-19 01:05:52 66EB4C814BF7BD76CF7CBC7F562234BA 67584 ----a-w- C:\Windows\SysWOW64\devenum.dll

2016-01-19 01:05:52 5CF623B21998B8F1D081D55910A0BDA7 206848 ----a-w- C:\Windows\SysWOW64\qasf.dll

2016-01-19 01:05:52 24D74CF313DC62C65EEA4726AE2EB3F8 154112 ----a-w- C:\Windows\SysWOW64\VIDRESZR.DLL

2016-01-19 01:05:51 B25C60E9ED641AFF18198CBF6C288DB8 740352 ----a-w- C:\Windows\SysWOW64\wmpmde.dll

2016-01-19 01:05:51 A4C85F362EBB7815676F1CD9CFC5BA59 4608 ----a-w- C:\Windows\SysWOW64\ksuser.dll

2016-01-19 01:05:51 2C838797F2F6138EF36C8964487775B9 358400 ----a-w- C:\Windows\SysWOW64\WMVSENCD.DLL

2016-01-19 01:05:50 B049A75BD074FC465D2BCE2BF5B15D75 3209728 ----a-w- C:\Windows\SysWOW64\mf.dll

2016-01-19 01:05:50 78E7D511C9FB80ADC9A1DD22CCF66C0E 519680 ----a-w- C:\Windows\SysWOW64\qdvd.dll

2016-01-19 01:05:50 65EED8B27B02573948434B583DACFB39 489984 ----a-w- C:\Windows\SysWOW64\evr.dll

2016-01-19 01:05:49 A0448DC7978E550FE64B9A984522B963 815616 ----a-w- C:\Windows\SysWOW64\WMADMOE.DLL

2016-01-19 01:05:49 6B1BB70E72B573EBDF1235B77DF5706D 1325056 ----a-w- C:\Windows\SysWOW64\WMSPDMOE.DLL

2016-01-19 01:05:48 7368176B23E9BE5D23ED9BFE1D58AC0C 902144 ----a-w- C:\Windows\SysWOW64\WMADMOD.DLL

2016-01-19 01:05:48 62851F0D13AD06F0042C8109E680421F 739328 ----a-w- C:\Windows\SysWOW64\WMSPDMOD.DLL

2016-01-19 01:05:47 FEAEA5182DB9072EBD493466F8608EB8 1568768 ----a-w- C:\Windows\SysWOW64\WMVENCOD.DLL

2016-01-19 01:05:47 D1450810490EB170A182C4AC915CB87C 1620992 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL

2016-01-19 01:05:47 96FF617934E6A87AA810719D1D911DA9 541184 ----a-w- C:\Windows\SysWOW64\WMVSDECD.DLL

2016-01-19 01:05:47 71C9DDA9ED939361C1CA2CE21EA84DBF 665088 ----a-w- C:\Windows\SysWOW64\WMVXENCD.DLL

2016-01-19 01:04:39 67527FD222AD6842F98A733DF52C8416 130048 ----a-w- C:\Windows\SysWOW64\occache.dll

2016-01-19 01:04:33 C5BF6D661A8EFB996AD5E4B88FFBD7FD 476160 ----a-w- C:\Windows\SysWOW64\ieui.dll

2016-01-19 01:04:19 C2806F9A73E738CDC0718E5D7375BDCB 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2016-01-19 01:04:15 2C10833C0180FEE2AEB6DAEB76FD16E7 341504 ----a-w- C:\Windows\SysWOW64\html.iec

2016-01-19 01:04:14 D5E9072573EEE8DFEF63CD38640F6D35 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll

2016-01-19 01:04:14 3C9399B72F7FFB9EE63BB173B481340E 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll

2016-01-19 01:04:13 06CEABA53DA48B45C2B23F52C8C9EA72 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2016-01-19 01:04:10 B26FB4205FDB1542166C1D8D7D1968C0 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll

2016-01-19 01:04:10 424300DDB7A1B24199C9B481438F55E9 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2016-01-19 01:04:09 D1348E7209031F20BC8864DA8CA2F955 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2016-01-19 01:04:09 CFA5159B0C90A82D28314571E8B64775 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll

2016-01-19 01:04:09 063A81A53400EA55D27AFC77C49A5B4B 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll

2016-01-19 01:04:08 D47060A0923B50FB9E4DD5D9DE0C7402 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2016-01-19 01:04:07 DAEFD0F03CA94242ACB5C3C1359176D3 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2016-01-19 01:04:07 8E5DD507EC43B5C738EB0289A9663670 687104 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2016-01-19 01:04:07 0DABE887449758C9E70FFB253A787D44 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll

2016-01-19 01:04:06 C5B72E7048DEEE1B264D7155C77241C5 341192 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll

2016-01-19 01:04:06 A786A11EE4C05BC3AE924344F10275DE 496640 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2016-01-19 01:04:06 49FBB053E3AC19EEE92AE8492CDA7E91 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2016-01-19 01:04:05 83F409B2EC14007F6D7E2EA485E6B7D9 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll

2016-01-19 01:04:05 73C47A23B212481ABF01924B5C74C140 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll

2016-01-19 01:04:05 18B231ACA137116CF16DBE3EBD7FDB5D 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll

2016-01-19 01:04:02 21784CDE61E83DBCB42DA6C2A374D69A 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll

2016-01-19 01:04:00 FFA261B9252C71A6910B4F19FDC1EA57 2011136 ----a-w- C:\Windows\SysWOW64\wininet.dll

2016-01-19 01:03:59 CA0F8D2342A719DEA69C7840B0BB5F4B 2280448 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2016-01-19 01:03:59 AB90455CBD34BDE95F463C02C4D3FF50 1311744 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2016-01-19 01:03:58 9DA0FD6D5B8E2FAD8967A617FD142C6D 2050560 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2016-01-19 01:03:57 862FF89AEF127D001ADBF75095D5ECB1 12856320 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2016-01-19 01:03:55 D120251F43699D6C08E13950C3C72978 20367360 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2016-01-19 01:03:55 6D7983A5DFD58E54159D2A03558D4BCE 4610560 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2016-01-19 01:03:39 E8D68D619AAF4E78850DF96B5E53EA03 641536 ----a-w- C:\Windows\SysWOW64\advapi32.dll

2016-01-19 01:03:31 7FD1DCF4F11C61621AE9279E26FADCF3 312320 ----a-w- C:\Windows\SysWOW64\gdi32.dll

2016-01-19 01:03:19 E7CA874DA58A607E11ACAB33718AE9FA 179712 ----a-w- C:\Windows\SysWOW64\els.dll

2016-01-19 01:00:48 41560C9C4CCA31FC3B0CA192B113F68F 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll

2016-01-19 01:00:48 16A3C3CCDB7ECFD2A72DAFED734B22BB 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll

2016-01-19 01:00:43 80497842956847806BC7DAD11A18D9D4 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll

2016-01-19 01:00:35 59541469E828B311B1E5EEA77E6F6BE7 2048 ----a-w- C:\Windows\SysWOW64\user.exe

2016-01-19 01:00:34 ECA0236432A1C2E695FD50C3AC4CAFCE 36352 ----a-w- C:\Windows\SysWOW64\cryptbase.dll

2016-01-19 01:00:33 B9E8D6170C3325895EF3E1E5699A6F8B 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll

2016-01-19 01:00:31 EA5A0A356F6DB3D4177568FF084AD367 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll

2016-01-19 01:00:27 5A3BF056627B6A7C348FD7AF420741E1 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll

2016-01-19 01:00:25 DC9222A325ACFC29E019013505AE33DB 171520 ----a-w- C:\Windows\SysWOW64\wdigest.dll

2016-01-19 01:00:24 AFCF45621028D4B6D252B1429A07A530 251392 ----a-w- C:\Windows\SysWOW64\schannel.dll

2016-01-19 01:00:23 4743B91B77F4B8CEF891ABF00C1E0055 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll

2016-01-19 01:00:22 CE283E9E462E8FC95F7DC5DAF39D09FA 223232 ----a-w- C:\Windows\SysWOW64\ncrypt.dll

2016-01-19 01:00:22 8E3915AF90315E4ED96D4CAE316E8F21 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe

2016-01-19 01:00:22 1418C1A502A9540A4726B4935229E7B9 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe

2016-01-19 01:00:21 AE6E759632A0F931CFB626EED55C3E99 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe

2016-01-19 01:00:20 BC5142F61047916EA677908F98F3A7C2 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll

2016-01-19 01:00:20 678A679C5E416A93A71DA3D4241692B0 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll

2016-01-19 01:00:19 D92212049589535FBB25B806FF8A20C5 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll

2016-01-19 01:00:19 BFDCF4944CC86AB5A59B605637C82090 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll

2016-01-19 01:00:19 69048141035DEDA0D3AFB28367622130 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll

2016-01-19 01:00:18 ED43479669D84DC8A4385E6AC2CF5A7F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll

2016-01-19 01:00:18 119F46197BABD04BE1E2DDD50E782DAC 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll

2016-01-19 01:00:16 9E02351A74A6F1FA0F46405583525959 1311768 ----a-w- C:\Windows\SysWOW64\ntdll.dll

2016-01-19 01:00:16 68EC4300B8EF8D7E2B857FABB91F3EFB 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll

2016-01-19 01:00:15 E149FE1FD23748986551F4E1F5752090 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll

2016-01-19 01:00:14 1615874D0262DA99E565D4FE6F74F7DD 3993536 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2016-01-19 01:00:13 A8D4C2B034947F2445F5099E6B3173C8 3938240 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2016-01-16 18:33:32 89FBB1C25E02767572AB1F136EE8CD04 1329664 ----a-w- C:\Windows\SysWOW64\quartz.dll

2016-01-16 18:33:30 D6A767B747F4D58EBDAAD1925DC863FA 206848 ----a-w- C:\Windows\SysWOW64\RESAMPLEDMO.DLL

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2016-01-19 01:17:21 73DC9840FE246158ECCBC8270847CCBC 91648 ----a-w- C:\Windows\Sysnative\mapistub.dll

2016-01-19 01:17:21 73DC9840FE246158ECCBC8270847CCBC 91648 ----a-w- C:\Windows\Sysnative\mapi32.dll

2016-01-19 01:17:21 2FFBA1EAE28B45A92E2EA70C61C66F14 17920 ----a-w- C:\Windows\Sysnative\fixmapi.exe

2016-01-19 01:16:57 077CC8BF1076D49E85687AACB30956A1 802304 ----a-w- C:\Windows\Sysnative\usp10.dll

2016-01-19 01:16:28 6BB823DF7F117BF4958303B443E8100D 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll

2016-01-19 01:16:26 A1D9A6B41647E8F008A25DA7B80708CB 37888 ----a-w- C:\Windows\Sysnative\wups2.dll

2016-01-19 01:16:26 59C2B329F87F46C384F3F139376CD315 36864 ----a-w- C:\Windows\Sysnative\wups.dll

2016-01-19 01:16:26 2E53E71ED8277444E37BAA3932089C45 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll

2016-01-19 01:16:25 EB6D501FCFAFF726EA1B50B8276F5F34 709632 ----a-w- C:\Windows\Sysnative\wuapi.dll

2016-01-19 01:16:25 A6C4964F3C382592785EACFBA2DA8F6C 3170304 ----a-w- C:\Windows\Sysnative\wucltux.dll

2016-01-19 01:16:25 6075791ED85E47A2A2916B1F34582944 2609152 ----a-w- C:\Windows\Sysnative\wuaueng.dll

2016-01-19 01:16:25 4CD20F77149C689703A71561747E7B8D 37888 ----a-w- C:\Windows\Sysnative\wuapp.exe

2016-01-19 01:16:25 2B8660213ED7873FCF5C5540023C48F5 98816 ----a-w- C:\Windows\Sysnative\wudriver.dll

2016-01-19 01:16:25 233AB915DBB476BFD7218DB553D91DCC 140288 ----a-w- C:\Windows\Sysnative\wuauclt.exe

2016-01-19 01:16:25 0CF6EFBC9BCC6EDE114F71BCAEE9CCF4 192512 ----a-w- C:\Windows\Sysnative\wuwebv.dll

2016-01-19 01:15:50 06BF84D26A05D400F6B3FB3D3DE0B03A 1008640 ----a-w- C:\Windows\Sysnative\user32.dll

2016-01-19 01:15:49 BCB16AE33AA58E0042F3EF34CFB6396A 1180160 ----a-w- C:\Windows\Sysnative\FntCache.dll

2016-01-19 01:15:49 1AE1D0D71C3C61A0ECA941140E1E2FF8 1648128 ----a-w- C:\Windows\Sysnative\DWrite.dll

2016-01-19 01:15:11 2DA9EB73046595D79ADE306BC22B02C4 17408 ----a-w- C:\Windows\Sysnative\wshrm.dll

2016-01-19 01:14:17 E385472FF300F2BFD323B667EBAE93C7 1735680 ----a-w- C:\Windows\Sysnative\comsvcs.dll

2016-01-19 01:14:17 75DFE3CE6A8BFC995CC1D615B74DF8B0 525312 ----a-w- C:\Windows\Sysnative\catsrvut.dll

2016-01-19 01:06:44 C96B880CE00D71939A9E982307589029 210432 ----a-w- C:\Windows\Sysnative\aepic.dll

2016-01-19 01:06:43 EC1E743D4DB6C6EBEDCEB4B4C8E1905A 1164800 ----a-w- C:\Windows\Sysnative\aeinv.dll

2016-01-19 01:06:25 D33DF59002203FED8DE6087256DFDE89 624640 ----a-w- C:\Windows\Sysnative\qedit.dll

2016-01-19 01:05:58 D66AE152C1EE7DA2548EC2AF4203025D 653824 ----a-w- C:\Windows\Sysnative\MP4SDECD.DLL

2016-01-19 01:05:58 BEFEDC65A88D44153983455C699F81C8 100864 ----a-w- C:\Windows\Sysnative\MP3DMOD.DLL

2016-01-19 01:05:57 65BA8738CC3C21C62E746A1DDF04EC74 223744 ----a-w- C:\Windows\Sysnative\MP43DECD.DLL

2016-01-19 01:05:57 55C3F89354C086EFFF1C5AAD1E808134 1160192 ----a-w- C:\Windows\Sysnative\MSMPEG2ENC.DLL

2016-01-19 01:05:57 18A11A96B3C1C9E2FD1E6137C8BD4018 224768 ----a-w- C:\Windows\Sysnative\MPG4DECD.DLL

2016-01-19 01:05:56 27221616A71A25E0B7065926FCC417A7 1307136 ----a-w- C:\Windows\Sysnative\msmpeg2adec.dll

2016-01-19 01:05:55 A54381C84F3CEBF4D339778339D141F0 2777088 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll

2016-01-19 01:05:54 A2877C3165FCD229D1BFC9CC4FFC2B2E 2048 ----a-w- C:\Windows\Sysnative\mferror.dll

2016-01-19 01:05:54 777654DB4C306B22A5A54690A258650D 24576 ----a-w- C:\Windows\Sysnative\mfpmp.exe

2016-01-19 01:05:54 3AECE087DB6F663C2B7F538C81C60F64 432128 ----a-w- C:\Windows\Sysnative\mfplat.dll

2016-01-19 01:05:53 9524717B1B183A066E0516BFF2888D51 70144 ----a-w- C:\Windows\Sysnative\mfvdsp.dll

2016-01-19 01:05:53 8B995A315448ABFC6E41A200079E7DBA 55808 ----a-w- C:\Windows\Sysnative\rrinstaller.exe

2016-01-19 01:05:53 6727B79444C3C8362DB4045E86152707 206848 ----a-w- C:\Windows\Sysnative\mfps.dll

2016-01-19 01:05:53 2F0BA9348CB8D62FF8C28B4B83D57FA3 378880 ----a-w- C:\Windows\Sysnative\SysFxUI.dll

2016-01-19 01:05:53 2A8760952F296D6208FE5FC358ECD59A 484864 ----a-w- C:\Windows\Sysnative\MFWMAAEC.DLL

2016-01-19 01:05:53 294B7F30B70E0D7867F5EB69E630884A 225792 ----a-w- C:\Windows\Sysnative\RESAMPLEDMO.DLL

2016-01-19 01:05:52 D624DE0DED716916F69D495807C9D787 254464 ----a-w- C:\Windows\Sysnative\qasf.dll

2016-01-19 01:05:52 ACA7F078CAD7D225D4F2D973C9812225 250880 ----a-w- C:\Windows\Sysnative\ksproxy.ax

2016-01-19 01:05:52 A64D697EA82530530693AA2102FCA420 292352 ----a-w- C:\Windows\Sysnative\VIDRESZR.DLL

2016-01-19 01:05:52 9A2DCBE0A803AF0DF58D8B3EB041065E 447488 ----a-w- C:\Windows\Sysnative\WMVSENCD.DLL

2016-01-19 01:05:52 6C6CF29B05DBCA772AED1551AF0DF6DF 76288 ----a-w- C:\Windows\Sysnative\devenum.dll

2016-01-19 01:05:52 60957C2BD1C03CF395006FDBC29D2569 189952 ----a-w- C:\Windows\Sysnative\COLORCNV.DLL

2016-01-19 01:05:51 C62B3D8C69437192AA58AD6E380E4BC3 371712 ----a-w- C:\Windows\Sysnative\qdvd.dll

2016-01-19 01:05:51 6D21051C8EA17C1DD0A6FD07CCAB8232 5120 ----a-w- C:\Windows\Sysnative\ksuser.dll

2016-01-19 01:05:50 82AB148A0E747855F83F332FC83B254F 1573888 ----a-w- C:\Windows\Sysnative\quartz.dll

2016-01-19 01:05:49 E6A0093D872D860BEA437DF6C666DF89 632320 ----a-w- C:\Windows\Sysnative\evr.dll

2016-01-19 01:05:49 BF9CFEE3D22CE61E5B57C9B8A14F172D 1026048 ----a-w- C:\Windows\Sysnative\wmpmde.dll

2016-01-19 01:05:49 530B3A72692DB253DE8BB8E8C11468DD 1010688 ----a-w- C:\Windows\Sysnative\mcmde.dll

2016-01-19 01:05:49 3B6466686CDC57453592E6188C3FA4DC 4121600 ----a-w- C:\Windows\Sysnative\mf.dll

2016-01-19 01:05:48 B62CEF4A731EE983D440804A2B9DA0B1 642048 ----a-w- C:\Windows\Sysnative\WMVXENCD.DLL

2016-01-19 01:05:48 759DF4479855EED0D78249798325D373 1955328 ----a-w- C:\Windows\Sysnative\WMVENCOD.DLL

2016-01-19 01:05:47 91E1D7BE8513032B5CCA26AFD0BF0ADC 666112 ----a-w- C:\Windows\Sysnative\WMVSDECD.DLL

2016-01-19 01:05:47 5EA57A6AD59D0785C9A390DF14736899 978944 ----a-w- C:\Windows\Sysnative\WMSPDMOD.DLL

2016-01-19 01:05:47 5BAEB6D045DA253787F3F1984B712835 1888768 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL

2016-01-19 01:05:46 FF5D49FAA86DBD9033DABC1ABCEA3429 1232896 ----a-w- C:\Windows\Sysnative\WMADMOD.DLL

2016-01-19 01:05:46 DB018B9F38BC34E9AE21C01448E810D2 1575424 ----a-w- C:\Windows\Sysnative\WMSPDMOE.DLL

2016-01-19 01:05:46 B7CBAC1F4175C1D59B197020268A290B 1153024 ----a-w- C:\Windows\Sysnative\WMADMOE.DLL

2016-01-19 01:05:21 F094FCE25E33140B5F7AEE2E5BDF6931 3211264 ----a-w- C:\Windows\Sysnative\win32k.sys

2016-01-19 01:04:39 5794E3E7388205B0D7E87D665054A12A 152064 ----a-w- C:\Windows\Sysnative\occache.dll

2016-01-19 01:04:33 65E6158EF33AE88A412D3CEB33A20F47 615936 ----a-w- C:\Windows\Sysnative\ieui.dll

2016-01-19 01:04:19 DA52C6C0BA729466416B3F086C97B570 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll

2016-01-19 01:04:19 7A566BAD311137B88DDF444D13C1C594 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2016-01-19 01:04:15 FB3047038F1800A0891B4D35F40E4F59 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll

2016-01-19 01:04:15 B67D37636216B98F70064C3A2B295EF7 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2016-01-19 01:04:15 5F08FC1143F907E990F0E1EB4C8E77F2 417792 ----a-w- C:\Windows\Sysnative\html.iec

2016-01-19 01:04:13 20773DBF4A2DC49785831FDA12530A0A 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll

2016-01-19 01:04:10 F604E67A3B37B21485DEE9CC14AA2AAB 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll

2016-01-19 01:04:10 AC8410A5877FFBC98D1ECFF949A2E0A4 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2016-01-19 01:04:10 A32269075B35C5C9C2A3641A0E7AA0A5 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll

2016-01-19 01:04:09 DD2AC5827D111001E805C19786D2DE41 199680 ----a-w- C:\Windows\Sysnative\msrating.dll

2016-01-19 01:04:09 9C9E498EA2527F96EC7ADDF3634BF624 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll

2016-01-19 01:04:08 F66091A35F4810BD501CD7B65778D4B1 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2016-01-19 01:04:08 8100C63E02EC310C0E8712D6603E3DBA 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll

2016-01-19 01:04:07 9E30C99BBB024E1CFC4B9A387132B0BE 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll

2016-01-19 01:04:07 65CCD789E06B82989596D584D1AE6D46 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll

2016-01-19 01:04:07 26509D490CC4DFE3291DC5E3847EBB14 798208 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2016-01-19 01:04:06 E341F64F351629296178A872C7666620 718336 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2016-01-19 01:04:06 7300C7AB7EF1CDE5C19EEB6970C71473 571904 ----a-w- C:\Windows\Sysnative\vbscript.dll

2016-01-19 01:04:06 5794608757509D090F5B48B0A1F7A192 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll

2016-01-19 01:04:06 4718E9DE3101969567EC0F148BF66006 387784 ----a-w- C:\Windows\Sysnative\iedkcs32.dll

2016-01-19 01:04:06 207D3D17F61029FD0FB7B6DF1244E5E2 817664 ----a-w- C:\Windows\Sysnative\jscript.dll

2016-01-19 01:04:05 6AEBA30A9AF45D0C83385F48EC943426 25837568 ----a-w- C:\Windows\Sysnative\mshtml.dll

2016-01-19 01:04:02 FEB22838B5A1EA29FAEBBEEA14107049 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe

2016-01-19 01:04:02 E8CA48B9CB7F0ACEA28DDDE9EFF22C80 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll

2016-01-19 01:04:02 359B81512F7A45213180DD3D821F11BB 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe

2016-01-19 01:04:02 0236A801C4907B13E5BADEE62EB3284B 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll

2016-01-19 01:04:00 1258BDEE548BCD771DD35485CDD176EA 2487808 ----a-w- C:\Windows\Sysnative\wininet.dll

2016-01-19 01:03:59 D9A22C7E960A41500D5B76C31D3222D0 1546752 ----a-w- C:\Windows\Sysnative\urlmon.dll

2016-01-19 01:03:59 16D24DE8CB771F481152CA186814CA16 2887168 ----a-w- C:\Windows\Sysnative\iertutil.dll

2016-01-19 01:03:58 CF6B70A265ADA05CC55D57D9DE8B06E0 2123264 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2016-01-19 01:03:58 80322AAB422075922A0EA3CFEA35061C 14457856 ----a-w- C:\Windows\Sysnative\ieframe.dll

2016-01-19 01:03:55 789E93204829D6519F55D5A61586B7B5 6051328 ----a-w- C:\Windows\Sysnative\jscript9.dll

2016-01-19 01:03:39 35A6E891DF89085216F18F5B998D6CB4 879104 ----a-w- C:\Windows\Sysnative\advapi32.dll

2016-01-19 01:03:32 AD46BED774CF502E9C0100CFC29C1F82 405504 ----a-w- C:\Windows\Sysnative\gdi32.dll

2016-01-19 01:03:19 218D2848CDDE80DD9AF72D5DD78F225C 241664 ----a-w- C:\Windows\Sysnative\els.dll

2016-01-19 01:00:48 D55C59AD1C93B728AB508F4F6529ED8F 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll

2016-01-19 01:00:48 5124EA325CF0806FFA9514DC11593DA9 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll

2016-01-19 01:00:43 F6BD25ED678D2A5866FFC3355EC1E2C2 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll

2016-01-19 01:00:34 8645BD647D1ECEB0E6F90E01A4C412EA 43520 ----a-w- C:\Windows\Sysnative\cryptbase.dll

2016-01-19 01:00:33 BBF3E0FAFE3179FFED231D2266247476 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll

2016-01-19 01:00:31 377FEC833CC924E83029A83F99230663 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll

2016-01-19 01:00:28 F557804C926BE42B0DCF0CB2AC138156 210432 ----a-w- C:\Windows\Sysnative\wdigest.dll

2016-01-19 01:00:28 56157CA130B661080B9DC97FE63F6D50 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll

2016-01-19 01:00:27 CD2249AEDD225CAB5CC88B40126C987F 344064 ----a-w- C:\Windows\Sysnative\schannel.dll

2016-01-19 01:00:27 A582574464654555D17338C6657EF69B 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll

2016-01-19 01:00:24 CB0E57424A776C51EF42469064ADBF08 30720 ----a-w- C:\Windows\Sysnative\lsass.exe

2016-01-19 01:00:23 CE14A4BBF890A7D4C898CF886D145EC9 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll

2016-01-19 01:00:23 B25B3DE2FA73735074CA62AFEFE4AE47 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll

2016-01-19 01:00:23 7AC830607D940A3DABB8E5EB6EB22DF2 338432 ----a-w- C:\Windows\Sysnative\conhost.exe

2016-01-19 01:00:23 28E55B4DA450C29326A25BE29C72FB1B 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll

2016-01-19 01:00:22 10DDB11D4451AAB9A32FFCEE8045BA6F 312320 ----a-w- C:\Windows\Sysnative\ncrypt.dll

2016-01-19 01:00:21 50AC63ADB9F92D5141703986C66AB61C 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe

2016-01-19 01:00:20 FA3E172432AFA1A7D43847C7AC58812B 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll

2016-01-19 01:00:20 5EBDD597DDCD94AE47CEFE6AFE41874A 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe

2016-01-19 01:00:19 928F79CDCE323CFEB221C7D2D539F86A 22016 ----a-w- C:\Windows\Sysnative\credssp.dll

2016-01-19 01:00:19 5CB16703E4E4203C5B1D0717D16D48D6 503808 ----a-w- C:\Windows\Sysnative\srcore.dll

2016-01-19 01:00:19 499545FF756FA6AFFB4F6679EA88BCB1 50176 ----a-w- C:\Windows\Sysnative\srclient.dll

2016-01-19 01:00:17 CB2A49FFC4390EC0C757B1FC07A07E17 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll

2016-01-19 01:00:17 B29C53B81C690394A2327AB2609B55FE 28160 ----a-w- C:\Windows\Sysnative\secur32.dll

2016-01-19 01:00:16 D23C252F866CE3599336D547722B4A9D 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll

2016-01-19 01:00:16 6872BBF984E6FA0AA910926D2F127372 1461248 ----a-w- C:\Windows\Sysnative\lsasrv.dll

2016-01-19 01:00:16 35D570D5191EE48A6D5091033C71B7CE 729600 ----a-w- C:\Windows\Sysnative\kerberos.dll

2016-01-19 01:00:16 1E22F3C99BB02A51179F9CCFEE242925 1214464 ----a-w- C:\Windows\Sysnative\rpcrt4.dll

2016-01-19 01:00:15 FE0C67D8D5D54F37B3A92E129A15C03A 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll

2016-01-19 01:00:15 FAF7892DD731F0649046B3AA3A5166AA 1730496 ----a-w- C:\Windows\Sysnative\ntdll.dll

2016-01-19 01:00:15 FACF1586F756E0B154EE6887FA017446 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll

2016-01-19 01:00:15 FA792622268EE423FC5E6AE23FB43599 112640 ----a-w- C:\Windows\Sysnative\smss.exe

2016-01-19 01:00:15 2E479BB995A0C130D6FF9F55E7DDA61F 243712 ----a-w- C:\Windows\Sysnative\wow64.dll

2016-01-19 01:00:14 2E4FF62CC7B88ABBF59C242DED7F919F 5572544 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe

====== C:\Windows\Sysnative\drivers =====

2016-01-19 01:15:11 5BD6B1EC997FF3DD779D62E05D2079A8 146944 ----a-w- C:\Windows\Sysnative\drivers\rmcast.sys

2016-01-19 01:05:51 C51B07394A087DA666A410DBFD26663A 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys

2016-01-19 01:05:51 647599CAE8CA0EF2FB09C4B150BC97FF 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys

2016-01-19 01:05:51 26FE888505E5A945B0536AF9A2A27A6F 5632 ----a-w- C:\Windows\Sysnative\drivers\drmkaud.sys

2016-01-19 01:00:25 0F776895884B8DC430A307D57FD867BB 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys

2016-01-19 01:00:23 28E75F316CCCD79337E4957C53017D4B 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys

2016-01-19 01:00:20 C49F1C4CA74FC52AFB2E892D8E50EA39 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys

2016-01-19 01:00:20 A572BEF41F3C55D7DAF24D2340C91FEC 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys

2016-01-19 01:00:20 32B85C4923D895B2FB35821A799BA38D 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Administrator\AppData\Roaming ======

2016-01-18 04:47:30 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\Temp

2016-01-18 04:47:30 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\Microsoft

2016-01-17 07:19:27 41D8C50126314705C45C512543F5043C 58408 ----a-w- C:\Users\doony\AppData\Local\GDIPFONTCACHEV1.DAT

2016-01-17 07:18:38 -------- d-----w- C:\Users\doony\AppData\Local\CrashDumps

2016-01-17 02:34:20 -------- d-----w- C:\Users\doony\AppData\Roaming\Adobe

2016-01-17 00:09:59 -------- d-----w- C:\Users\admin\AppData\Local\Diagnostics

2016-01-16 23:08:16 5A6B36AD6709E857C61C2B348A82EA02 58408 ----a-w- C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT

2016-01-16 21:23:38 -------- d-----w- C:\Users\admin\AppData\Roaming\Adobe

2016-01-16 11:31:51 -------- d-----w- C:\Users\Lisa\AppData\Local\SupportSoft

2016-01-16 11:26:47 -------- d-----w- C:\Users\admin\AppData\Local\VirtualStore

====== C:\Users\Administrator ======

2016-01-19 02:26:58 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Administrator\Downloads\6514vl2n.exe

2016-01-18 04:56:38 BF7EEE3DBF1B1EBFB63C616F8E354744 10752 --sha-w- C:\Users\Lisa\Thumbs.db

2016-01-17 07:05:02 543E7F6627037737D5AA152FF06EA608 541680 ----a-w- C:\Users\doony\Desktop\sqlite3.dll

2016-01-17 06:55:29 79B2D94BA757A3E425FE00E69E52AC94 21840024 ----a-w- C:\Users\doony\Desktop\tweaking.com_windows_repair_aio_setup.exe

2016-01-17 00:06:19 0E7820BEC8314BEEDDFD554B18855C39 17091624 ----a-w- C:\Users\admin\ghjugl,ku.msu

2015-12-22 07:45:13 -------- d-----w- C:\Users\doony\doony.ls-pc

====== C: exe-files ==

2016-01-19 03:03:56 B4656E85333FED69FD85761FDCE8B5D8 1484104 ----a-w- C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exe

2016-01-19 02:26:58 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Administrator\Downloads\6514vl2n.exe

2016-01-19 02:11:33 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JEK0D3S\6hy4g5yx.exe

2016-01-19 01:17:21 4489D5077C5D2396E3A94D652ADAE1CA 14336 ----a-w- C:\Windows\SysWOW64\fixmapi.exe

2016-01-19 01:17:21 2FFBA1EAE28B45A92E2EA70C61C66F14 17920 ----a-w- C:\Windows\System32\fixmapi.exe

2016-01-19 01:16:25 58B9CFDD032CB92CEC0D3E8454E4C766 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe

2016-01-19 01:16:25 4CD20F77149C689703A71561747E7B8D 37888 ----a-w- C:\Windows\System32\wuapp.exe

2016-01-19 01:16:25 233AB915DBB476BFD7218DB553D91DCC 140288 ----a-w- C:\Windows\System32\wuauclt.exe

2016-01-19 01:05:54 BBE4D9B89B3FBC97C0F381C2F9C4ADEF 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe

2016-01-19 01:05:54 777654DB4C306B22A5A54690A258650D 24576 ----a-w- C:\Windows\System32\mfpmp.exe

2016-01-19 01:05:53 936E6F6F76136BC73B13D25A254BC84B 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe

2016-01-19 01:05:53 8B995A315448ABFC6E41A200079E7DBA 55808 ----a-w- C:\Windows\System32\rrinstaller.exe

2016-01-19 01:04:19 EDA0948BAA8ED2FCF64942026A0B3457 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2016-01-19 01:04:19 C9B76533B304B3FEE41ED5C2500A0668 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe

2016-01-19 01:04:19 B778A5AAE66E7F1AC3414DDF41E4359E 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

2016-01-19 01:04:10 AC8410A5877FFBC98D1ECFF949A2E0A4 144384 ----a-w- C:\Windows\System32\ieUnatt.exe

2016-01-19 01:04:10 424300DDB7A1B24199C9B481438F55E9 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2016-01-19 01:04:06 E341F64F351629296178A872C7666620 718336 ----a-w- C:\Windows\System32\ie4uinit.exe

2016-01-19 01:04:02 FEB22838B5A1EA29FAEBBEEA14107049 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe

2016-01-19 01:04:02 359B81512F7A45213180DD3D821F11BB 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2016-01-19 01:03:59 CB76755799B821A9D8779DA004840E9C 814288 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2016-01-19 01:03:59 0E5C2FBD4CF9CB08DCDA586247195FF2 815304 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2016-01-19 01:00:35 59541469E828B311B1E5EEA77E6F6BE7 2048 ----a-w- C:\Windows\SysWOW64\user.exe

2016-01-19 01:00:24 CB0E57424A776C51EF42469064ADBF08 30720 ----a-w- C:\Windows\System32\lsass.exe

2016-01-19 01:00:23 7AC830607D940A3DABB8E5EB6EB22DF2 338432 ----a-w- C:\Windows\System32\conhost.exe

2016-01-19 01:00:22 8E3915AF90315E4ED96D4CAE316E8F21 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe

2016-01-19 01:00:22 1418C1A502A9540A4726B4935229E7B9 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe

2016-01-19 01:00:21 AE6E759632A0F931CFB626EED55C3E99 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe

2016-01-19 01:00:21 50AC63ADB9F92D5141703986C66AB61C 296960 ----a-w- C:\Windows\System32\rstrui.exe

2016-01-19 01:00:20 5EBDD597DDCD94AE47CEFE6AFE41874A 64000 ----a-w- C:\Windows\System32\auditpol.exe

2016-01-19 01:00:15 FA792622268EE423FC5E6AE23FB43599 112640 ----a-w- C:\Windows\System32\smss.exe

2016-01-19 01:00:14 2E4FF62CC7B88ABBF59C242DED7F919F 5572544 ----a-w- C:\Windows\System32\ntoskrnl.exe

2016-01-19 01:00:14 1615874D0262DA99E565D4FE6F74F7DD 3993536 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2016-01-19 01:00:13 A8D4C2B034947F2445F5099E6B3173C8 3938240 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2016-01-18 04:17:55 49B897C4A9BCC13308CC41CB1447C5D7 2370560 ----a-w- C:\Users\doony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UAEMOGV6\FRST64[1].exe

2016-01-17 06:55:29 79B2D94BA757A3E425FE00E69E52AC94 21840024 ----a-w- C:\Users\doony\Desktop\tweaking.com_windows_repair_aio_setup.exe

2016-01-17 03:20:17 D084B34422A7873B397FC7EC5E2253B5 1105784 ----a-w- C:\HotFix\KB960037\W2K3\ESN\x64\WindowsServer2003.WindowsXP-KB960037-x64-ESN.exe

2016-01-17 03:18:39 E95B784E316EA2C0069ACB79D5FB09AB 1514872 ----a-w- C:\HotFix\KB960037\W2K3\ENU\ia64\WindowsServer2003-KB960037-ia64-ENU.exe

2016-01-17 03:17:25 A8B6709962A319E8056E4C086B4EB7EC 1107832 ----a-w- C:\HotFix\KB960037\W2K3\DEU\x64\WindowsServer2003.WindowsXP-KB960037-x64-DEU.exe

2016-01-17 02:37:33 367BD81821F43B8CA6BE104B765F760B 43991120 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\47.0.2526.111\47.0.2526.111_chrome_installer.exe

2016-01-16 18:43:08 40234FBF2AC1FE6BB16BF967782C124C 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe

=== C: other files ==

2016-01-19 02:10:04 FB50E172074A6400F8CD2C0D31C5C6DB 370943 ----a-w- C:\Users\admin\Desktop\gmer.zip

2016-01-19 01:15:11 5BD6B1EC997FF3DD779D62E05D2079A8 146944 ----a-w- C:\Windows\System32\drivers\rmcast.sys

2016-01-19 01:05:51 C51B07394A087DA666A410DBFD26663A 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys

2016-01-19 01:05:51 647599CAE8CA0EF2FB09C4B150BC97FF 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys

2016-01-19 01:05:51 26FE888505E5A945B0536AF9A2A27A6F 5632 ----a-w- C:\Windows\System32\drivers\drmkaud.sys

2016-01-19 01:05:21 F094FCE25E33140B5F7AEE2E5BDF6931 3211264 ----a-w- C:\Windows\System32\win32k.sys

2016-01-19 01:00:25 0F776895884B8DC430A307D57FD867BB 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2016-01-19 01:00:23 28E75F316CCCD79337E4957C53017D4B 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2016-01-19 01:00:20 C49F1C4CA74FC52AFB2E892D8E50EA39 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2016-01-19 01:00:20 A572BEF41F3C55D7DAF24D2340C91FEC 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2016-01-19 01:00:20 32B85C4923D895B2FB35821A799BA38D 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2016-01-16 11:32:21 FF93ED57A0D714318BF6B736D1ECA3A2 111468 ----a-w- C:\Users\Lisa\AppData\Local\SupportSoft\DellSupportCenter\Lisa\data\manifest.zip

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VoodooShield"=":C:\Program Files\VoodooShield\VoodooShield.exe"

"MSC"=":c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Speed Launcher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"

"item"="Adobe Speed Launcher"

"hkey"="HKCU"

"command"="1432179496"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GUDelayStartup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GUDelayStartup"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Glary Utilities 5\\StartupManager.exe\" -delayrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vmware-tray.exe]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="vmware-tray.exe"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware-tray.exe\""

 

==== Startup Folders ======================

2009-07-14 04:54:23 174 --sha-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(153).ini

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GlaryInitialize 5.job --a------ C:\Users\admin\Desktop\Glary Utilities_Portable\Portable\Initialize.exe [03/02/2015 04:38 AM]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/21/2015 10:23 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0f4e617be9426.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/21/2015 10:23 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0f4e647c4fbab.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/21/2015 10:23 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineCore1d13a9e3ef38e5d.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/21/2015 10:23 PM]

C:\Windows\tasks\Tweaking.com - Windows Repair Tray Icon.job --a------ C:\Program Files (x86)\Tweaking.com\Windows Repair All in One\WR_Tray_Icon.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["E:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\Dell SupportAssistAgent AutoUpdate" [C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe]

"C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-3162173304-4069126337-300144156-1000" [C:\Users\Lisa\AppData\Local\Citrix\GoToMeeting\3019\g2mupdate.exe]

"C:\Windows\SysNative\tasks\G2MUploadTask-S-1-5-21-3162173304-4069126337-300144156-1000" [C:\Users\Lisa\AppData\Local\Citrix\GoToMeeting\3019\g2mupload.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\RunSpeccy" ["G:\Speccy64.exe"]

"C:\Windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]

"C:\Windows\SysNative\tasks\Tweaking.com - Windows Repair Tray Icon" [C:\4a09993df8657a80b35e12\WR_Tray_Icon.exe]

"C:\Windows\SysNative\tasks\UnHackMe Task Scheduler" [C:\Program Files (x86)\UnHackMe\hackmon.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{1BEE8BDB-0ACA-4A54-8F01-2D96D17182E0}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\{32010CCC-8217-4FD4-B521-DDA6669AB854}" [C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.18741_none_04b65b5f57dd127c\rrinstaller.exe]

==== Firefox Extensions ======================

ProfilePath: C:\Users\bee\AppData\Roaming\Mozilla\Firefox\Profiles\99Bbu5RW.default

- Segurana do navegador Avira - %ProfilePath%\extensions\abs@avira.com

==== Firefox Plugins ======================

 

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

 

Google Docs - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Docs Offline - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi

Chrome Web Store Payments - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Slides - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Sheets - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

Google Docs Offline - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi

Chrome Web Store Payments - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Slides - bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Sheets - bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

Chrome Hotword Shared Module - bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Chrome Web Store Payments - bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - bee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Docs - doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Docs Offline - doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi

Chrome Web Store Payments - doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Slides - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Sheets - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

Chrome Hotword Shared Module - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Chrome Web Store Payments - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Docs - Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Docs Offline - Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi

Chrome Web Store Payments - Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Uninstall List x64 ======================

Adobe Flash Player 18 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]

Atheros Client Installation Program [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28006915-2739-4EBE-B5E8-49B25D32EB33}]

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3108C217-BE83-42E4-AE9E-A56A2A92E549}]

Attack Surface Analyzer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2710505A-D198-4906-8767-F869909D9FA6}]

CDBurnerXP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1]

Citrix Online Launcher [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}]

Dell Data Vault [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}]

Dell Support Center (Support Software) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}]

Dell SupportAssist [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC-Doctor for Windows]

Dell SupportAssistAgent [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{287348C8-8B47-4C36-AF28-441A3B7D8722}]

Dell System Detect [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\73f463568823ebbe]

Dell Wireless Driver Installation [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{451517F1-7E41-400B-AA36-FB7E2563526D}]

Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]

Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}]

ManageEngine Firewall Analyzer 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D960DEB4-B7FD-4E6E-8241-3A12CB54A151}]

McAfee Security Scan Plus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]

Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26784146-6E05-3FF9-9335-786C7C0FB5BE}]

Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]

Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}]

Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}]

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}]

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}]

NetTools 5.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NetTools_is1]

RegRun Reanimator [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UnHackMe Update - Reanimator_is1]

Revo Uninstaller 1.95 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Revo Uninstaller]

SpyHolesList 1.5 release [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHolesList_is1]

Tweaking.com - Windows Repair [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Tweaking.com - Windows Repair]

VoodooShield version 2.75 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A8644328-A66F-490E-B8FA-901FF649189D}_is1]

WIDCOMM Bluetooth Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}]

Windows 7 USB/DVD Download Tool [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CCF298AF-9CE1-4B26-B251-486E98A34789}]

==== HijackThis Entries ======================

O4 - Global Startup: desktop(153).ini

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.dell.com

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe

O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VoodooShieldService - VoodooSoft, LLC - C:\Program Files\VoodooShield\VoodooShieldService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/

Output limited to non-default values, except where indicated by "{++}"

 

Startup items buried in registry:

---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

VoodooShield = :C:\Program Files\VoodooShield\VoodooShield.exe [file not found]

MSC = :"c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{7842554E-6BED-11D2-8CDB-B05550C10000} = Monitor

-> {HKLM...CLSID} = Monitor Class

\InProcServer32\(Default) = C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll [Broadcom Corporation.]

{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}\(Default) = BtwCredentialProvider

-> {HKLM...CLSID} = BtwCredentialProvider

\InProcServer32\(Default) = C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [Broadcom Corporation.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Monitor\(Default) = {7842554E-6BED-11D2-8CDB-B05550C10000}

-> {HKLM...CLSID} = Monitor Class

\InProcServer32\(Default) = C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll [Broadcom Corporation.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}

-> {HKLM...CLSID} = GraphicsShellExt Class

\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info

-> {HKLM...Wow...CLSID} = PDF Shell Extension

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

NoChangingWallpaper = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Control Panel|Display|

Disable changing wallpaper}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

Wallpaper = C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

 

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

CDBurnerXP\

Provider = CDBurnerXP

InvokeProgID = CDBurnerXPOpen

InvokeVerb = open

HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = "C:\Program Files\CDBurnerXP\cdbxpp.exe" /od "%1" [null data]

MSPlayCDAudioOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.AudioCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.DVD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.VCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.VCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.BurnCD

InvokeVerb = Burn

HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

 

Startup items in "Administrator" & "All Users" startup folders:

---------------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}

<<!>> desktop(153).ini [null data]

 

Non-disabled Scheduled Tasks: {++}

-----------------------------

C:\Windows\System32\Tasks

CCleanerSkipUAC -> launches: "E:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [file not found]

Dell SupportAssistAgent AutoUpdate -> launches: C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe AutoUpdate [null data]

G2MUpdateTask-S-1-5-21-3162173304-4069126337-300144156-1000 -> launches: C:\Users\Lisa\AppData\Local\Citrix\GoToMeeting\3019\g2mupdate.exe [Citrix Online, a division of Citrix Systems, Inc.]

G2MUploadTask-S-1-5-21-3162173304-4069126337-300144156-1000 -> launches: C:\Users\Lisa\AppData\Local\Citrix\GoToMeeting\3019\g2mupload.exe [Citrix Online, a division of Citrix Systems, Inc.]

GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]

GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]

RunSpeccy -> launches: "G:\Speccy64.exe" $(Arg0) [file not found]

SystemToolsDailyTest -> launches: "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently [file not found]

Tweaking.com - Windows Repair Tray Icon -> launches: C:\4a09993df8657a80b35e12\WR_Tray_Icon.exe [file not found]

UnHackMe Task Scheduler -> launches: C:\Program Files (x86)\UnHackMe\hackmon.exe $(Arg0) [file not found]

{32010CCC-8217-4FD4-B521-DDA6669AB854} -> launches: C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.18741_none_04b65b5f57dd127c\rrinstaller.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware

Microsoft Antimalware Scheduled Scan -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS]

MpIdleTask -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}

-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\AppID

VerifiedPublisherCertStoreCheck -> launches: %windir%\system32\appidcertstorecheck.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience

Microsoft Compatibility Appraiser -> launches: %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly [MS]

ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk

Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]

KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}

-> {HKLM...CLSID} = KernelCeipCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]

UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}

-> {HKLM...CLSID} = UsbCeip

\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

-> {HKLM...Wow...CLSID} = UsbCeip

\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis

Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}

-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location

Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance

WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}

-> {HKLM...CLSID} = WinSAT Task Manger Task

\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task

\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]

mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]

PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]

PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]

PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]

PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]

PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]

RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]

ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]

SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]

StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]

UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic

CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}

-> {HKLM...CLSID} = HotStart User Agent

\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

-> {HKLM...CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics

AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}

-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler

\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler

\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras

MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}

-> {HKLM...CLSID} = RasMobilityManager

\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry

RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}

-> {HKLM...CLSID} = RegistryIdleBackupHandler

\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx

launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [file not found]

refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [file not found]

refreshgwxconfigandcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [file not found]

refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [file not found]

C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers

Logon-10s -> launches: %windir%\system32\GWX\GWX.exe /event:2 [file not found]

MachineUnlock-10s -> launches: %windir%\system32\GWX\GWX.exe /event:3 [file not found]

OutOfIdle-10s -> launches: %windir%\system32\GWX\GWX.exe /event:1 [file not found]

OutOfSleep-10s -> launches: %windir%\system32\GWX\GWX.exe /event:4 [file not found]

refreshgwxconfig-B -> launches: schtasks /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig" [MS]

Time-10s -> launches: %windir%\system32\GWX\GWX.exe /event:5 [file not found]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}

-> {HKLM...CLSID} = GadgetsManager Class

\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager

Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}

-> {HKLM...CLSID} = RunTask

\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

-> {HKLM...Wow...CLSID} = RunTask

\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}

-> {HKLM...CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization

SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}

-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies

ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]

ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing

UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup

Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet

CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}

-> {HKLM...CLSID} = Wininet Cache task object

\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

-> {HKLM...Wow...CLSID} = Wininet Cache task object

\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

 

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 13

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 13

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{CCA281CA-C863-46EF-9331-5C8D4460577F}\

ButtonText = @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015

MenuText = @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650

Script = C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [null data]

 

Miscellaneous IE Hijack Points

------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\

<<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Application Host Helper Service, AppHostSvc, C:\Windows\system32\svchost.exe -k apphost {C:\Windows\system32\inetsrv\apphostsvc.dll [MS]}

Dell SupportAssist Agent, SupportAssistAgent, "C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [null data]

Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS]

VoodooShieldService, VoodooShieldService, "C:\Program Files\VoodooShield\VoodooShieldService.exe" [null data]

Windows Process Activation Service, WAS, C:\Windows\system32\svchost.exe -k iissvcs {C:\Windows\system32\inetsrv\iisw3adm.dll [MS]}

World Wide Web Publishing Service, W3SVC, C:\Windows\system32\svchost.exe -k iissvcs {C:\Windows\system32\inetsrv\iisw3adm.dll [MS]}

 

Safe Mode Drivers & Services (subkey name, subkey default value):

-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> AppXSvc, Service

<<!>> BITS, Service

<<!>> ClipSvc, Service

<<!>> msiserver, Service

<<!>> MsMpSvc, Service

<<!>> vss, Service

<<!>> WSService, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> AppXSvc, Service

<<!>> BITS, Service

<<!>> ClipSvc, Service

<<!>> msiserver, Service

<<!>> MsMpSvc, Service

<<!>> vss, Service

<<!>> WSService, Service

 

<<H>>: Suspicious data at a browser hijack point.

 

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1 folders=1 430 bytes)

==== EOF on Tue 01/19/2016 at 0:44:44.76 ======================

 

 

 

 

 

 

Root Reg is waaaaaaaay  corrupt!


Edited by Lisamichele, 19 January 2016 - 01:14 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 20 January 2016 - 10:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

These Junctions must be corrected.
 

07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
ETC...


Refer to this

http://www.firestonetechresources.com/index.php/support/technotes/entry/kaspersky-security-center-network-agent-error-25002

Quoted from the Article.

On the failing system all of the junction links were pointing to a D: drive, which did not exist on this system. In order to resolve the issue I listed the junction points, removed the bad link, and then recreated a new link with the correct drive letter.

C:\ProgramData>dir /al

07/13/2009 11:08 PM <JUNCTION> Application Data [D:\ProgramData]

C:\ProgramData>rd "Application Data"

C:\ProgramData>mklink /J "Application Data" C:\ProgramData

Once all of the junction point links displayed the correct path, I rebooted the system and attempted the installation of Kaspersky EPS by pushing it to the remote system from the server again. This time it worked fine.


If you need additional help before proceeding please ask.

If you can now please run the Farbar tool and post the FRST.TXT and Addition.txt files for my review.
Let me know what problem persists.

#4 Lisamichele

Lisamichele
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 20 January 2016 - 03:05 PM

Yes I guess I do need additional help. I confused about the drive C: not working I guess. Also there should be no remote system on this machine.


Edited by Lisamichele, 20 January 2016 - 03:09 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 21 January 2016 - 09:22 AM

Press the windows key Windows_Logo_key.gif

Search this file cmd.exe

When you see the file on the top of the pane click it.
It will open the DOS windows.

At the prompt

type cd c:\ProgramData

Hit the Enter key.

at the prompt C:\ProgramData>

type dir /al >c:\dirtextfile.txt < You can copy the bold instructions and paste it at the prompt.

Type Exit and hit the Enter key to return to Windows.

Post the contents of the dirtextfile.txt file for my review.

#6 Lisamichele

Lisamichele
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 21 January 2016 - 03:33 PM

When I use cmd as regular user I get the no such command or batch file error. When I try to run cmd as admin I get the mapping end point error. It won't allow me to run as admin.


Edited by Lisamichele, 21 January 2016 - 03:33 PM.


#7 Lisamichele

Lisamichele
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 21 January 2016 - 03:37 PM

I just tried logged in as admin and still got the not an internal orv extern command or batch error(same as before).


Edited by Lisamichele, 21 January 2016 - 03:42 PM.


#8 Lisamichele

Lisamichele
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 21 January 2016 - 03:51 PM

I am able to run Frst if I do not download. Although when it is finished it just shows 2 blank notepad pages with no text in logs.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 22 January 2016 - 10:29 AM

I am able to run Frst if I do not download. Although when it is finished it just shows 2 blank notepad pages with no text in logs.


Lets remove the Junctions on the Users and ProgramsData.


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

DeleteJunctionsInDirectory: C:\Users
DeleteJunctionsInDirectory: C:\ProgramData
End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

After the reboot please run the FRST tool normally.
Post the FRST and Addition.txt file if possible.

#10 Lisamichele

Lisamichele
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 23 January 2016 - 09:31 PM

I may not have access to this machine for a week or so. I still would like to continue but may need some time. Thanks



#11 Lisamichele

Lisamichele
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 23 January 2016 - 10:59 PM

Okay.   Got access to it again.   This is ran from regular user.  I am unsure what you meant on last reply when you spoke ofv FRST  log. The previous log was a Zoek log.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-01-2015
Ran by doony (ATTENTION: The user is not administrator) on LS-PC (23-01-2016 22:48:11)
Running from C:\Users\doony\Desktop
Loaded Profiles: doony (Available Profiles: Lisa & admin & doony & Administrator & DefaultAppPool)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> msiexec.exe
Failed to access process -> SupportAssistAgent.exe
Failed to access process -> UI0Detect.exe
Failed to access process -> VoodooShieldService.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [1730528 2015-06-27] (VoodooSoft, LLC)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\AppCertDlls: [cpn64] -> C:\Windows\System32\cpn64.dll [9216 2014-09-06] ()
HKLM\...\AppCertDlls: [cpn32] -> C:\Windows\SysWOW64\cpn32.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(153).ini [2009-07-13] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3EE733E8-F46A-48DD-86CA-64BA404035CD}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{611B912B-0D81-4966-914E-C8A2F12C0E78}: [DhcpNameServer] 68.87.66.246 162.150.8.37
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-19] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\doony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-21]
CHR Extension: (Google Drive) - C:\Users\doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-21]
CHR Extension: (YouTube) - C:\Users\doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-21]
CHR Extension: (Google Search) - C:\Users\doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-17]
CHR Extension: (Gmail) - C:\Users\doony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S3 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
U2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S3 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [79384 2015-06-27] (VoodooSoft, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-10-15] (Emsisoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [35344 2015-07-10] (CACE Technologies, Inc.)
U5 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2015-12-30] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-26] ()
S3 ute3otkw; C:\Windows\SysWOW64\Drivers\ute3otkw.sys [7168 2015-10-14] () [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 gwiopm; \??\C:\Users\ADMINI~1\AppData\Local\Temp\HBCD\gwiopm.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-21 15:44 - 2016-01-21 15:56 - 00000109 _____ C:\dirtextfile.txt
2016-01-18 21:10 - 2016-01-18 21:10 - 00370943 _____ C:\Users\admin\Desktop\gmer.zip
2016-01-18 20:17 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-18 20:17 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-18 20:17 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-18 20:17 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-18 20:17 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-18 20:17 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-18 20:16 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-18 20:16 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-18 20:16 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-01-18 20:16 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-18 20:16 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-18 20:16 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-01-18 20:16 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-01-18 20:16 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-18 20:16 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-18 20:16 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-01-18 20:16 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-01-18 20:16 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-01-18 20:16 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-01-18 20:16 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-01-18 20:16 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-01-18 20:16 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-01-18 20:16 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-01-18 20:16 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-01-18 20:15 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-01-18 20:15 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-01-18 20:15 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-01-18 20:15 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-01-18 20:15 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-01-18 20:15 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-01-18 20:15 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-01-18 20:15 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-01-18 20:14 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-01-18 20:14 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-01-18 20:14 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-01-18 20:14 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-01-18 20:06 - 2015-12-11 13:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-18 20:06 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-18 20:06 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-18 20:06 - 2015-11-16 15:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-18 20:05 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-18 20:05 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-18 20:05 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-18 20:05 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-18 20:05 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-18 20:05 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-18 20:05 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-18 20:05 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-18 20:05 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-18 20:05 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-18 20:05 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-18 20:05 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-18 20:05 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-18 20:05 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-18 20:05 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-18 20:05 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-18 20:05 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-18 20:05 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-18 20:05 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-18 20:05 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-18 20:05 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-18 20:05 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-18 20:05 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-18 20:05 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-18 20:05 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-18 20:05 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-18 20:05 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-18 20:05 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-18 20:05 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-18 20:05 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-18 20:05 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-18 20:05 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-18 20:05 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-18 20:05 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-18 20:05 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-18 20:05 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-18 20:05 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-18 20:05 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-18 20:05 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-18 20:05 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-18 20:05 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-18 20:05 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-18 20:05 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-18 20:04 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-18 20:04 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-18 20:04 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-18 20:04 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-18 20:04 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-18 20:04 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-18 20:04 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-18 20:04 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-18 20:04 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-18 20:04 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-18 20:04 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-18 20:04 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-18 20:04 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-18 20:04 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-18 20:04 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-18 20:04 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-18 20:04 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-18 20:04 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-18 20:04 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-18 20:04 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-18 20:04 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-18 20:04 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-18 20:04 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-18 20:04 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-18 20:04 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-18 20:04 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-18 20:04 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-18 20:04 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-18 20:04 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-18 20:04 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-18 20:04 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-18 20:04 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-18 20:04 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-18 20:04 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-18 20:04 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-18 20:04 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-18 20:04 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-18 20:04 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-18 20:04 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-18 20:04 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-18 20:04 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-18 20:04 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-18 20:04 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-18 20:04 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-18 20:04 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-18 20:04 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-18 20:04 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-18 20:04 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-18 20:04 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-18 20:04 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-18 20:04 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-18 20:04 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-18 20:04 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-18 20:03 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-18 20:03 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-18 20:03 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-18 20:03 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-18 20:03 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-18 20:03 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-18 20:03 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-18 20:03 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-18 20:03 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-18 20:03 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-18 20:03 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-18 20:03 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-18 20:03 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-18 20:03 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-18 20:03 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-18 20:03 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-01-18 20:03 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-01-18 20:00 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-18 20:00 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-18 20:00 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-18 20:00 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-18 20:00 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-18 20:00 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-18 20:00 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-18 20:00 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-18 20:00 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-18 20:00 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-18 20:00 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-18 20:00 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-18 20:00 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-18 20:00 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-18 20:00 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-18 20:00 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-18 20:00 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-18 20:00 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-18 20:00 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-18 20:00 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-18 20:00 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-18 20:00 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-18 20:00 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-18 20:00 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-18 20:00 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-18 20:00 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-18 20:00 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-18 20:00 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-18 20:00 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-18 20:00 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-18 20:00 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-18 20:00 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-18 20:00 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-18 20:00 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-18 20:00 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-18 20:00 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-18 20:00 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-18 20:00 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-18 20:00 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-18 20:00 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-18 20:00 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-18 20:00 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-18 20:00 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-18 20:00 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-18 20:00 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-18 20:00 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-18 20:00 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-18 20:00 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-18 20:00 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-18 20:00 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-18 20:00 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-18 20:00 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-18 20:00 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-18 20:00 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-18 20:00 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-18 20:00 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-18 20:00 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-18 20:00 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-18 20:00 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-18 20:00 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-18 20:00 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-18 20:00 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-18 01:17 - 2016-01-18 17:54 - 00000193 _____ C:\Windows\WORDPAD.INI
2016-01-17 23:56 - 2016-01-17 23:57 - 00010752 ___SH C:\Users\Lisa\Thumbs.db
2016-01-17 23:21 - 2016-01-17 23:21 - 00000872 _____ C:\Users\AntiMalwareScanset.a2s
2016-01-17 02:19 - 2016-01-17 02:19 - 00058408 _____ C:\Users\doony\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-17 02:18 - 2016-01-17 02:41 - 00000000 ____D C:\Users\doony\AppData\Local\CrashDumps
2016-01-17 02:05 - 2016-01-17 02:05 - 00541680 _____ C:\Users\doony\Desktop\sqlite3.dll
2016-01-17 01:55 - 2016-01-17 01:55 - 21840024 _____ (Tweaking.com) C:\Users\doony\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-01-17 01:51 - 2016-01-19 02:07 - 00013559 _____ C:\Users\doony\Desktop\Addition.txt
2016-01-17 01:42 - 2016-01-23 22:49 - 00009182 _____ C:\Users\doony\Desktop\FRST.txt
2016-01-17 00:41 - 2016-01-17 00:41 - 00000000 ____D C:\Users\admin\AppData\Roaming\Macromedia
2016-01-16 23:32 - 2016-01-16 23:32 - 00000000 ____D C:\Users\doony\AppData\Roaming\Macromedia
2016-01-16 22:27 - 2016-01-16 22:27 - 00196886 _____ C:\Users\doony\Desktop\ProfData.csv
2016-01-16 21:36 - 2016-01-16 21:43 - 00000000 ____D C:\HotFix
2016-01-16 21:34 - 2016-01-16 21:34 - 00000000 ____D C:\Users\doony\AppData\Roaming\Adobe
2016-01-16 19:12 - 2016-01-16 19:12 - 00000000 ____D C:\Users\admin\Desktop\XML
2016-01-16 19:12 - 2016-01-16 19:12 - 00000000 ____D C:\Users\admin\Desktop\Spreads
2016-01-16 19:12 - 2016-01-16 19:12 - 00000000 ____D C:\Users\admin\Desktop\Resources
2016-01-16 19:12 - 2016-01-16 19:12 - 00000000 ____D C:\Users\admin\Desktop\META-INF
2016-01-16 19:12 - 2016-01-16 19:12 - 00000000 ____D C:\Users\admin\Desktop\MasterSpreads
2016-01-16 19:06 - 2016-01-16 19:06 - 17091624 _____ C:\Users\admin\ghjugl,ku.msu
2016-01-16 18:08 - 2016-01-16 18:08 - 00058408 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-16 16:23 - 2016-01-16 16:23 - 00000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2016-01-16 13:33 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-16 13:33 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-16 06:26 - 2016-01-16 06:26 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-23 22:48 - 2015-08-23 20:31 - 01077208 _____ C:\Windows\ntbtlog.txt
2016-01-23 22:48 - 2015-05-03 10:34 - 00000000 ____D C:\FRST
2016-01-23 22:46 - 2009-07-14 00:08 - 00032654 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-23 22:46 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-23 21:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-23 21:46 - 2009-07-13 23:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-23 21:46 - 2009-07-13 23:45 - 00028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-23 21:42 - 2009-07-14 00:13 - 00867784 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-23 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-23 15:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-18 21:12 - 2014-01-28 18:36 - 00380416 _____ C:\Users\admin\Desktop\gmer.exe
2016-01-18 20:45 - 2015-01-05 19:39 - 00000000 ____D C:\Windows\system32\MRT
2016-01-18 20:37 - 2015-01-05 19:39 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-18 20:25 - 2015-05-21 00:16 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-17 23:56 - 2015-01-05 16:07 - 00000000 ____D C:\Users\Lisa
2016-01-17 23:36 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-17 23:18 - 2015-06-06 22:36 - 00000000 ____D C:\Users\doony\Desktop\FRST-OlderVersion
2016-01-17 23:18 - 2015-05-19 23:49 - 02370560 _____ (Farbar) C:\Users\doony\Desktop\FRST64.exe
2016-01-17 20:20 - 2015-07-05 23:31 - 00000000 ____D C:\Program Files (x86)\Net Tools
2016-01-17 01:58 - 2015-04-27 22:19 - 00000000 ____D C:\Users\doony
2016-01-17 00:01 - 2015-11-07 21:37 - 00000000 ____D C:\Users\doony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2016-01-17 00:01 - 2015-10-18 14:46 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-17 00:01 - 2015-09-16 19:02 - 00000000 ____D C:\Users\doony\Downloads\SpyStudio-v2-x64
2016-01-17 00:01 - 2015-09-16 00:11 - 00000000 ____D C:\Users\doony\Downloads\SolarWinds-FSM-v6.6.5-eval
2016-01-17 00:01 - 2015-09-12 23:37 - 00000000 ____D C:\Users\doony\Documents\hjred103
2016-01-17 00:01 - 2015-08-27 21:04 - 00000000 ____D C:\Users\doony\Downloads\SysinternalsSuite
2016-01-17 00:01 - 2015-08-12 23:17 - 00000000 ___RD C:\Users\doony\Documents\Scanned Documents
2016-01-17 00:01 - 2015-07-04 16:14 - 00000000 ____D C:\Users\doony\Downloads\tdsskiller
2016-01-17 00:01 - 2015-05-20 00:17 - 00000000 ____D C:\Users\doony\AppData\Roaming\VMware
2016-01-17 00:01 - 2015-05-19 21:27 - 00000000 ____D C:\Users\doony\Desktop\securitysoftview
2016-01-17 00:01 - 2015-05-02 01:03 - 00000000 ____D C:\Users\Administrator
2016-01-17 00:01 - 2015-03-27 18:23 - 00000000 ____D C:\Users\admin
2016-01-17 00:01 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-17 00:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-17 00:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2016-01-17 00:00 - 2015-11-13 03:15 - 00000000 ____D C:\Users\admin.ls-pc
2016-01-17 00:00 - 2015-10-16 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2016-01-17 00:00 - 2015-08-24 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
2016-01-17 00:00 - 2015-08-24 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHolesList
2016-01-17 00:00 - 2015-07-20 18:14 - 00000000 ____D C:\Users\admin\AppData\Roaming\gtk-2.0
2016-01-17 00:00 - 2015-07-05 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net Tools
2016-01-17 00:00 - 2015-06-30 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
2016-01-17 00:00 - 2015-06-09 17:53 - 00000000 ____D C:\2685ca1de3b97292de3f14bee8cb23
2016-01-17 00:00 - 2015-06-06 23:15 - 00000000 ____D C:\Users\admin\Desktop\New folder
2016-01-17 00:00 - 2015-05-26 17:04 - 00000000 ____D C:\Users\admin\Downloads\AccessEnum
2016-01-17 00:00 - 2015-04-28 22:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-01-17 00:00 - 2015-04-23 17:32 - 00000000 ____D C:\Users\admin\Desktop\Glary Utilities_Portable
2016-01-17 00:00 - 2015-03-04 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-01-17 00:00 - 2015-02-21 01:29 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2016-01-17 00:00 - 2015-01-31 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-17 00:00 - 2015-01-05 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2016-01-17 00:00 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-16 23:58 - 2015-12-22 00:58 - 00000000 ____D C:\Windows\files
2016-01-16 23:57 - 2015-07-05 18:46 - 00000000 ____D C:\zoek_backup
2016-01-16 23:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-01-16 23:55 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2016-01-16 23:53 - 2015-10-18 16:49 - 00000000 ____D C:\Users\doony\Downloads\js-1.7.0-mod-b
2016-01-16 23:53 - 2015-08-12 23:17 - 00000000 ____D C:\Users\doony\Documents\Fax
2016-01-16 23:53 - 2015-07-20 18:10 - 00000000 ____D C:\Users\doony\Downloads\gsmartcontrol-0.8.7-win32
2016-01-16 23:52 - 2015-09-16 18:59 - 00000000 ____D C:\Users\doony\AppData\Local\Nektra
2016-01-16 23:52 - 2015-09-16 00:30 - 00000000 ____D C:\Users\doony\AppData\Local\Mohammad_Ahmadi_Bidakhvid
2016-01-16 23:52 - 2015-05-25 00:30 - 00000000 ____D C:\Users\doony\AppData\Roaming\GlarySoft
2016-01-16 23:52 - 2015-04-27 22:19 - 00000000 ____D C:\Users\doony\AppData\Local\VirtualStore
2016-01-16 23:51 - 2015-04-27 22:20 - 00000000 ____D C:\Users\doony\AppData\Local\Google
2016-01-16 23:48 - 2015-10-20 00:54 - 00000000 ____D C:\Users\admin\Documents\wrapper-windows-x86-32-3.5.27-st
2016-01-16 23:48 - 2015-10-14 18:20 - 00000000 ____D C:\Users\admin\Desktop\avz4
2016-01-16 23:48 - 2015-08-13 19:00 - 00000000 ____D C:\Users\admin\Documents\tweaking.com_windows_repair_aio
2016-01-16 23:48 - 2015-06-06 22:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-01-16 23:48 - 2015-03-27 18:23 - 00000000 ____D C:\Users\admin\AppData\Roaming\GlarySoft
2016-01-16 23:47 - 2015-04-18 19:46 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2016-01-16 23:46 - 2015-12-18 23:49 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2016-01-16 23:46 - 2015-01-25 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-01-16 23:46 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-16 21:37 - 2015-01-31 19:22 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-16 21:28 - 2015-11-07 21:37 - 00000000 ____D C:\Users\doony\AppData\Local\WarThunder
2016-01-16 19:12 - 2011-06-08 15:30 - 00014067 _____ C:\Users\admin\Desktop\designmap.xml
2016-01-16 19:12 - 2011-06-08 15:30 - 00000043 _____ C:\Users\admin\Desktop\mimetype
2016-01-16 09:01 - 2015-12-22 02:45 - 00000000 ____D C:\Users\doony\doony.ls-pc
2016-01-16 09:01 - 2015-12-22 00:58 - 00000000 ____D C:\Windows\color_presets
2016-01-16 08:51 - 2015-02-15 19:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-16 08:48 - 2015-12-13 22:24 - 00000000 ____D C:\@RestoreQuarantine
2016-01-16 06:44 - 2015-10-16 20:55 - 00000000 ____D C:\ProgramData\PCDr
 
==================== Files in the root of some directories =======
 
2015-10-13 18:38 - 2015-10-13 18:38 - 9842759 _____ () C:\Program Files (x86)\avz4.zip
2015-08-24 23:30 - 2016-01-18 00:26 - 0000862 _____ () C:\ProgramData\SYSTEM.LOG1.lnk
 
Some files in TEMP:
====================
C:\Users\admin\AppData\Local\temp\7za.exe
C:\Users\admin\AppData\Local\temp\DaS_21.exe
C:\Users\admin\AppData\Local\temp\hijackthis.exe
C:\Users\admin\AppData\Local\temp\NirCmd.exe
C:\Users\admin\AppData\Local\temp\PEVZ.EXE
C:\Users\admin\AppData\Local\temp\remove.exe
C:\Users\admin\AppData\Local\temp\sed.exe
C:\Users\admin\AppData\Local\temp\shortcut.exe
C:\Users\admin\AppData\Local\temp\swreg.exe
C:\Users\admin\AppData\Local\temp\swxcacls.exe
C:\Users\admin\AppData\Local\temp\wget.exe
C:\Users\admin\AppData\Local\temp\zoek-delete.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. The user is not administrator
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-01-2015
Ran by doony (2016-01-23 22:56:57)
Running from C:\Users\doony\Desktop
Windows 7 Ultimate (X64) (2015-01-05 21:06:57)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-3162173304-4069126337-300144156-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3162173304-4069126337-300144156-500 - Administrator - Enabled) => C:\Users\Administrator
doony (S-1-5-21-3162173304-4069126337-300144156-1002 - Limited - Enabled) => C:\Users\doony
Guest (S-1-5-21-3162173304-4069126337-300144156-501 - Limited - Disabled)
Lisa (S-1-5-21-3162173304-4069126337-300144156-1000 - Limited - Enabled) => C:\Users\Lisa
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
Attack Surface Analyzer (HKLM\...\{2710505A-D198-4906-8767-F869909D9FA6}) (Version: 5.3.0.0 - Microsoft Corporation)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5790 - CDBurnerXP)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 8.0 - Dell)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
ManageEngine Firewall Analyzer 8 (HKLM-x32\...\{D960DEB4-B7FD-4E6E-8241-3A12CB54A151}) (Version: 7 - ZOHO Corp)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
NetTools 5.0 (HKLM-x32\...\NetTools_is1) (Version: 5.0 - Mohammad Ahmadi Bidakhvidi)
RegRun Reanimator (HKLM-x32\...\UnHackMe Update - Reanimator_is1) (Version:  - Greatis Software, LLC.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SpyHolesList 1.5 release (HKLM-x32\...\SpyHolesList_is1) (Version:  - Greatis Software, LLC.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.6.1 - Tweaking.com)
VoodooShield version 2.75 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 2.75 - VoodooSoft, LLC)
War Thunder Launcher 1.0.1.564 (HKU\S-1-5-21-3162173304-4069126337-300144156-1002\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Users\admin\Desktop\Glary Utilities_Portable\Portable\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f4e617be9426.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f4e647c4fbab.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d13a9e3ef38e5d.job => 
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-30 21:50 - 2014-09-06 14:26 - 00009216 _____ () C:\Windows\System32\cpn64.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-09-10 23:41 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3162173304-4069126337-300144156-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\doony\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1432179496
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{D024C524-AB72-4C36-BA64-427122BF7239}C:\program files (x86)\net tools\ircserver.exe] => (Block) C:\program files (x86)\net tools\ircserver.exe
FirewallRules: [UDP Query User{33D05F67-0191-4284-99A9-1930FB9F02DE}C:\program files (x86)\net tools\ircserver.exe] => (Block) C:\program files (x86)\net tools\ircserver.exe
FirewallRules: [TCP Query User{46F432B6-E07C-47E8-B9A7-7C6D79287497}C:\program files (x86)\net tools\centralserver.exe] => (Block) C:\program files (x86)\net tools\centralserver.exe
FirewallRules: [UDP Query User{E3E254D8-69AB-4806-94F6-894110CDA92A}C:\program files (x86)\net tools\centralserver.exe] => (Block) C:\program files (x86)\net tools\centralserver.exe
FirewallRules: [TCP Query User{E122F359-C02C-4B0C-8A10-3310532CC680}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{BB0C1B52-8DB8-4C61-9F3C-777042D54728}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Generic- Multi-Card USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
System error 5 has occurred.
 
Access is denied.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 26%
Total physical RAM: 3546.36 MB
Available physical RAM: 2605.65 MB
Total Virtual: 7090.93 MB
Available Virtual: 6098.34 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:396.09 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================


#12 Lisamichele

Lisamichele
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 24 January 2016 - 02:15 AM

 

I am able to run Frst if I do not download. Although when it is finished it just shows 2 blank notepad pages with no text in logs.


Lets remove the Junctions on the Users and ProgramsData.


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

DeleteJunctionsInDirectory: C:\Users
DeleteJunctionsInDirectory: C:\ProgramData
End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

After the reboot please run the FRST tool normally.
Post the FRST and Addition.txt file if possible.

 

I actually used this and that user is now inaccessible.  



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:57 PM

Posted 24 January 2016 - 08:50 AM

Can you open the computer using ad Administrator and run the Farbar tool.

Post the FRST log for my review.

Edited by nasdaq, 24 January 2016 - 08:52 AM.


#14 Lisamichele

Lisamichele
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 24 January 2016 - 11:48 PM

After running the script you posted earlier I get a "User profile failed the login" error on one admin account. I just downloaded a new FRST and tried from otherf admin account ant it just shows 2 blank notepad pages for the results....????



#15 Lisamichele

Lisamichele
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 24 January 2016 - 11:59 PM

Oh yeah,,,,,,,What is the Default App Pool acct?

 

 

Okay I did a search on that question and found out the answer. I am leaving the question for board info though.


Edited by Lisamichele, 25 January 2016 - 12:07 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users