Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Blocked after Attempted Malware Removal


  • This topic is locked This topic is locked
55 replies to this topic

#1 Belwell

Belwell

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 13 February 2016 - 03:41 PM

This is the third post trying to fix this problem:
 
First Post to Am I Infected Forum:
http://www.bleepingcomputer.com/forums/t/601413/dchp-and-dns-issues-after-removing-trojan/#entry3907418
Second Post to Networking Forum:
http://www.bleepingcomputer.com/forums/t/602425/dns-issues-after-virus-removal/page-2#entry3932653
 
Which leads me to here. 
 
Quick Summary of events. 
 
Microsoft Security Essentials warns me that computer has been infected with Trojan:Win64/Patched.AZ.gen!dll virus. I managed to remove it (or so I thought) using a combination of Spybot, and Malware Bytes, and some manual replacement of files. 
 
After the Trojan was removed I could not connect to the internet and the DNS and DCHP services would not start. I eventually repaired those two services from starting by using the Windows 7 Install disc and running the repair console, however that still didn't fit my internet issues. 
 
The weird part is that the computer connects to the internet just fine. I can ping Google/yahoo successfully, but when I open a web browser (IE, Firefox, Chrome) I can not connect to any websites. The other day I was surprised to see that Adobe was able to download updates to Adobe Reader without any issues.
 
Yes, I have restarted the computer/modem/router/Switch multiple times. 
 
FRST Log As Follows:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by editor (administrator) on EDITING (13-02-2016 12:22:06)
Running from C:\Users\editor\Desktop
Loaded Profiles: editor (Available Profiles: editor & UpdatusUser & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
() C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe
(E-MU Systems) C:\Windows\System32\emaudsv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Realtek) C:\Program Files (x86)\RNX-N180UBE 11n USB Wireless LAN Utility\RtlService.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe
(Blackmagic Design) C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe
(Alberto Martínez Pérez) C:\Program Files (x86)\AMP WinOFF\WinOFF.exe
(Pantone & X-Rite) C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Dropbox, Inc.) C:\Users\editor\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Users\editor\AppData\Local\Google\Update\GoogleUpdate.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Blackmagic Streaming Server] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe [1034240 2014-10-08] ()
HKLM\...\Run: [Blackmagic CheckVersion PCI] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe [46685512 2014-10-08] (Blackmagic Design)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: 
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2799872349-2356347096-2862904162-1000\...\Run: [AMP WinOFF] => c:\program files (x86)\amp winoff\winoff.exe [1025024 2010-10-17] (Alberto Martínez Pérez)
HKU\S-1-5-21-2799872349-2356347096-2862904162-1000\...\MountPoints2: {06829583-2c71-11e4-acd4-f46d04930d75} - I:\LaunchU3.exe -a
HKU\S-1-5-21-2799872349-2356347096-2862904162-1000\...\MountPoints2: {0682958b-2c71-11e4-acd4-f46d04930d75} - I:\LaunchU3.exe -a
HKU\S-1-5-21-2799872349-2356347096-2862904162-1000\...\MountPoints2: {26f63517-0c17-11e3-a6dd-f46d04930d75} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2799872349-2356347096-2862904162-1000\...\MountPoints2: {62f58c5a-8e06-11e4-af61-f46d04930d75} - I:\LG_PC_Programs.exe
HKU\S-1-5-21-2799872349-2356347096-2862904162-1000\...\MountPoints2: {8b903a37-3aeb-11e1-9eba-f46d04930d75} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2799872349-2356347096-2862904162-1000\...\MountPoints2: {b2fbd943-44ce-11e2-b024-f46d04930d75} - L:\LaunchU3.exe -a
HKU\S-1-5-21-2799872349-2356347096-2862904162-1000\...\MountPoints2: {bbdc8b37-52ba-11e1-b875-f46d04930d75} - J:\HPLauncher.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\editor\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\editor\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\editor\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\editor\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\editor\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\editor\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\editor\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\editor\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\editor\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\editor\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\editor\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hueyPROTray.lnk [2014-01-23]
ShortcutTarget: hueyPROTray.lnk -> C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2012-04-12]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\editor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\editor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.7.254
Tcpip\..\Interfaces\{A02EB544-0167-4DF0-AB55-C7DD1F3ED735}: [DhcpNameServer] 192.168.7.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2799872349-2356347096-2862904162-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2799872349-2356347096-2862904162-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-04-15] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-04-15] (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-07] (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
 
FireFox:
========
FF ProfilePath: C:\Users\editor\AppData\Roaming\Mozilla\Firefox\Profiles\mfl6re7r.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-10-14] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-10-14] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2014-06-25] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2799872349-2356347096-2862904162-1000: @citrixonline.com/appdetectorplugin -> C:\Users\editor\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-2799872349-2356347096-2862904162-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\editor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2799872349-2356347096-2862904162-1000: @talk.google.com/O1DPlugin -> C:\Users\editor\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2799872349-2356347096-2862904162-1000: @tools.google.com/Google Update;version=3 -> C:\Users\editor\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2799872349-2356347096-2862904162-1000: @tools.google.com/Google Update;version=9 -> C:\Users\editor\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\editor\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\editor\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: S3 Firefox Organizer(S3Fox) - C:\Users\editor\AppData\Roaming\Mozilla\Firefox\Profiles\mfl6re7r.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}.xpi [2014-04-08] [not signed]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\editor\AppData\Roaming\Mozilla\Firefox\Profiles\mfl6re7r.default\extensions\LogMeInClient@logmein.com [2014-12-05] [not signed]
FF Extension: DownThemAll! AntiContainer - C:\Users\editor\AppData\Roaming\Mozilla\Firefox\Profiles\mfl6re7r.default\extensions\anticontainer@downthemall.net.xpi [2015-09-08]
FF Extension: DownloadHelper - C:\Users\editor\AppData\Roaming\Mozilla\Firefox\Profiles\mfl6re7r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-09-08]
FF Extension: DownThemAll! - C:\Users\editor\AppData\Roaming\Mozilla\Firefox\Profiles\mfl6re7r.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-09-08]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?shva=1#inbox","hxxps://drive.google.com/?authuser=0#my-drive","hxxps://www.google.com/calendar/render?tab=mc&pli=1&gsessionid=SPZU2QKostITZwKV4kl_Yg"
CHR Plugin: (Shockwave Flash) - C:\Users\editor\AppData\Local\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\editor\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\editor\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Screen Capture Plugin) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\plugins/screen_capture.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\editor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\editor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\editor\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\editor\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Profile: C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WebPlotDigitizer) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blomnnpciekdhecimpnjfcchdicopdii [2015-10-26]
CHR Extension: (Adblock Plus) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
CHR Extension: (Remember The Milk) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2015-07-09]
CHR Extension: (Davitily Math Academy) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgkencbhniekejnjmlkpfmcambmikj [2013-06-12]
CHR Extension: (Google Play Music) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-12-09]
CHR Extension: (The QR Code Generator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2014-04-09]
CHR Extension: (Google Docs Offline) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (IdeaBoardz) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbkmnmhjcfdloeeninecffnaaajgcmn [2013-08-16]
CHR Extension: (Free and Simple QR Code Generator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkoeohnfpjhbofooijgjknmfpgogceln [2013-11-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Graph.tk) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk [2013-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (LogMeIn) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-09-04]
CHR Profile: C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]
CHR Extension: (Google Docs) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12]
CHR Extension: (Session Manager) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-03-04]
CHR Extension: (QRreader beta) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfdjglobiolninfgldchakgfldifphic [2015-03-04]
CHR Extension: (Scientific Calculator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkcacjpkcjbobdnlibcljlnmpmmjahek [2015-03-04]
CHR Extension: (WebPlotDigitizer) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blomnnpciekdhecimpnjfcchdicopdii [2015-03-04]
CHR Extension: (YouTube) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-12]
CHR Extension: (Remember The Milk) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2015-03-04]
CHR Extension: (Google Search) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Davitily Math Academy) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ehdgkencbhniekejnjmlkpfmcambmikj [2015-03-04]
CHR Extension: (Google Play Music) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-05-20]
CHR Extension: (Google Sheets) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (Pendule) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbkffbkamcejhkcaocmkdeiiccpmjfdi [2015-03-04]
CHR Extension: (The QR Code Generator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2015-03-04]
CHR Extension: (Bookmark Manager) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-08]
CHR Extension: (Sudoku for Google Chrome™) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifaabgmcffhggbfgjknkgenljelbocin [2015-03-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Free and Simple QR Code Generator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkoeohnfpjhbofooijgjknmfpgogceln [2015-03-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Boomerang for Gmail) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2015-03-04]
CHR Extension: (ScanQR) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nihhbejdflkeingkkpakffdlmepaeaah [2015-03-04]
CHR Extension: (Graph.tk) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-17]
CHR Extension: (Scientific Calculator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\npoipmeppdioagbkigdlnpmjphnolaog [2015-03-04]
CHR Extension: (Gmail) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Profile: C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-04]
CHR Extension: (Google Docs) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-04]
CHR Extension: (Google Drive) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-04]
CHR Extension: (Scientific Calculator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkcacjpkcjbobdnlibcljlnmpmmjahek [2015-03-04]
CHR Extension: (WebPlotDigitizer) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blomnnpciekdhecimpnjfcchdicopdii [2015-03-04]
CHR Extension: (YouTube) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-04]
CHR Extension: (Remember The Milk) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2015-03-04]
CHR Extension: (Google Search) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-04]
CHR Extension: (Davitily Math Academy) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ehdgkencbhniekejnjmlkpfmcambmikj [2015-03-04]
CHR Extension: (Google Sheets) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-04]
CHR Extension: (The QR Code Generator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2015-03-04]
CHR Extension: (Sudoku for Google Chrome™) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ifaabgmcffhggbfgjknkgenljelbocin [2015-03-04]
CHR Extension: (Free and Simple QR Code Generator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lkoeohnfpjhbofooijgjknmfpgogceln [2015-03-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-04]
CHR Extension: (ScanQR) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nihhbejdflkeingkkpakffdlmepaeaah [2015-03-04]
CHR Extension: (Graph.tk) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]
CHR Extension: (Scientific Calculator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\npoipmeppdioagbkigdlnpmjphnolaog [2015-03-04]
CHR Extension: (Gmail) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-04]
CHR Profile: C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-23]
CHR Extension: (Google Docs) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-23]
CHR Extension: (Google Drive) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-23]
CHR Extension: (Scientific Calculator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bkcacjpkcjbobdnlibcljlnmpmmjahek [2015-06-23]
CHR Extension: (WebPlotDigitizer) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blomnnpciekdhecimpnjfcchdicopdii [2015-06-23]
CHR Extension: (YouTube) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-23]
CHR Extension: (Remember The Milk) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2015-06-23]
CHR Extension: (Google Search) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-23]
CHR Extension: (Davitily Math Academy) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ehdgkencbhniekejnjmlkpfmcambmikj [2015-06-23]
CHR Extension: (Google Play Music) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-06-23]
CHR Extension: (Google Sheets) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-23]
CHR Extension: (The QR Code Generator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2015-06-23]
CHR Extension: (Sudoku for Google Chrome™) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ifaabgmcffhggbfgjknkgenljelbocin [2015-06-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-23]
CHR Extension: (Free and Simple QR Code Generator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lkoeohnfpjhbofooijgjknmfpgogceln [2015-06-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-23]
CHR Extension: (ScanQR) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nihhbejdflkeingkkpakffdlmepaeaah [2015-06-23]
CHR Extension: (Graph.tk) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk [2015-06-23]
CHR Extension: (Google Wallet) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-23]
CHR Extension: (Scientific Calculator) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\npoipmeppdioagbkigdlnpmjphnolaog [2015-06-23]
CHR Extension: (Gmail) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-23]
CHR Profile: C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-21]
CHR Extension: (Google Docs) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-21]
CHR Extension: (Google Drive) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-21]
CHR Extension: (YouTube) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-21]
CHR Extension: (Google Search) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-21]
CHR Extension: (Google Sheets) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]
CHR Extension: (Gmail) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-21]
CHR HKU\S-1-5-21-2799872349-2356347096-2862904162-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - <no Path/update_url>
CHR HKU\S-1-5-21-2799872349-2356347096-2862904162-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\editor\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-05-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-05] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DDService; C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [1946960 2014-02-11] (Drobo, Inc.)
R2 dvhlp; C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe [25088 2014-10-08] () [File not signed]
R2 emaudsv; C:\Windows\system32\emaudsv.exe [26624 2010-10-06] (E-MU Systems)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-05-31] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-12-08] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-12-08] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\system32\nlssrv32.exe [66560 2010-11-22] (Nalpeiron Ltd.) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2010-11-22] (Nalpeiron Ltd.) [File not signed]
R2 Realtek11nSU; C:\Program Files (x86)\RNX-N180UBE 11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2015-05-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 BlackmagicUsbIO; C:\Windows\System32\DRIVERS\BlackmagicUsbIO.sys [189952 2014-10-08] (Blackmagic Design)
R3 BMDDeckLinkAudio; C:\Windows\System32\DRIVERS\deckaud.sys [18432 2014-10-08] (Blackmagic Design)
R3 deckavs; C:\Windows\System32\DRIVERS\deckavs.sys [50688 2014-10-08] (Blackmagic Design)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 emusba10; C:\Windows\System32\DRIVERS\emusba10.sys [215000 2010-10-06] (E-MU Systems)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-04] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S1 sx64ait; C:\Windows\System32\DRIVERS\sx64ait.sys [17408 2007-02-28] (Sony Electronics)
U5 Tape; C:\Windows\System32\Drivers\Tape.sys [29184 2009-07-13] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [122624 2011-01-13] (ZTE Incorporated)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-11 12:15 - 2016-02-11 12:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-11 12:15 - 2016-02-11 12:15 - 00002082 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-11 11:46 - 2016-02-11 11:58 - 00000323 _____ C:\Users\editor\Desktop\fixit.bat
2016-02-10 09:36 - 2016-02-06 02:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 09:36 - 2016-02-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 09:36 - 2016-02-06 02:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 09:36 - 2016-02-06 02:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 09:36 - 2016-02-06 02:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 09:36 - 2016-02-06 02:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 09:36 - 2016-02-06 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 09:36 - 2016-02-06 01:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 09:36 - 2016-02-06 01:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 09:36 - 2016-02-06 01:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 09:36 - 2016-02-06 01:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 09:36 - 2016-02-06 01:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 09:36 - 2016-02-06 01:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 09:36 - 2016-02-06 00:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 09:36 - 2016-01-06 11:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 09:36 - 2016-01-06 11:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-10 09:36 - 2016-01-06 10:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 09:35 - 2016-01-22 12:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 09:35 - 2016-01-22 12:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 09:35 - 2016-01-21 22:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 09:35 - 2016-01-21 22:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 09:35 - 2016-01-21 22:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 09:35 - 2016-01-21 22:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 09:35 - 2016-01-21 22:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 09:35 - 2016-01-21 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 09:35 - 2016-01-21 22:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 09:35 - 2016-01-21 22:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 09:35 - 2016-01-21 22:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 09:35 - 2016-01-21 22:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 09:35 - 2016-01-21 22:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 09:35 - 2016-01-21 22:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 09:35 - 2016-01-21 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 09:35 - 2016-01-21 22:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 09:35 - 2016-01-21 22:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 09:35 - 2016-01-21 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 09:35 - 2016-01-21 22:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 09:35 - 2016-01-21 22:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 09:35 - 2016-01-21 22:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 09:35 - 2016-01-21 22:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 09:35 - 2016-01-21 22:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 09:35 - 2016-01-21 22:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 09:35 - 2016-01-21 22:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 09:35 - 2016-01-21 22:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 09:35 - 2016-01-21 22:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 09:35 - 2016-01-21 21:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 09:35 - 2016-01-21 21:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 09:35 - 2016-01-21 21:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 09:35 - 2016-01-21 21:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 09:35 - 2016-01-21 21:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 09:35 - 2016-01-21 21:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 09:35 - 2016-01-21 21:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 09:35 - 2016-01-21 21:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 09:35 - 2016-01-21 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 09:35 - 2016-01-21 21:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 09:35 - 2016-01-21 21:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 09:35 - 2016-01-21 21:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 09:35 - 2016-01-21 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 09:35 - 2016-01-21 21:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 09:35 - 2016-01-21 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 09:35 - 2016-01-21 21:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 09:35 - 2016-01-21 21:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 09:35 - 2016-01-21 21:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 09:35 - 2016-01-21 21:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 09:35 - 2016-01-21 21:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 09:35 - 2016-01-21 21:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 09:35 - 2016-01-21 21:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 09:35 - 2016-01-21 21:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 09:35 - 2016-01-21 21:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 09:35 - 2016-01-21 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 09:34 - 2016-01-16 11:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 09:34 - 2016-01-16 10:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 09:34 - 2016-01-07 09:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 09:34 - 2016-01-07 09:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 09:33 - 2016-01-21 22:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 09:33 - 2016-01-21 22:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 09:33 - 2016-01-21 22:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 09:33 - 2016-01-21 22:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 09:33 - 2016-01-21 22:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 09:33 - 2016-01-21 22:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 09:33 - 2016-01-21 22:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 09:33 - 2016-01-21 22:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 09:33 - 2016-01-21 22:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 09:33 - 2016-01-21 22:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 09:33 - 2016-01-21 22:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 09:33 - 2016-01-21 22:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 09:33 - 2016-01-21 22:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 09:33 - 2016-01-21 22:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 09:33 - 2016-01-21 22:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 09:33 - 2016-01-21 22:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 09:33 - 2016-01-21 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 09:33 - 2016-01-21 22:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 09:33 - 2016-01-21 22:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 09:33 - 2016-01-21 22:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 09:33 - 2016-01-21 22:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 09:33 - 2016-01-21 22:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 09:33 - 2016-01-21 22:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 09:33 - 2016-01-21 22:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 09:33 - 2016-01-21 22:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 09:33 - 2016-01-21 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 09:33 - 2016-01-21 22:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 09:33 - 2016-01-21 22:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 09:33 - 2016-01-21 22:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 09:33 - 2016-01-21 22:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 09:33 - 2016-01-21 22:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 09:33 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 09:33 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 09:33 - 2016-01-21 22:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 22:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 09:33 - 2016-01-21 22:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 09:33 - 2016-01-21 22:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 09:33 - 2016-01-21 22:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 09:33 - 2016-01-21 22:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 09:33 - 2016-01-21 22:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 09:33 - 2016-01-21 22:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 09:33 - 2016-01-21 22:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 09:33 - 2016-01-21 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 09:33 - 2016-01-21 22:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 09:33 - 2016-01-21 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 09:33 - 2016-01-21 22:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 09:33 - 2016-01-21 22:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 09:33 - 2016-01-21 22:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 09:33 - 2016-01-21 22:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 09:33 - 2016-01-21 22:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 09:33 - 2016-01-21 22:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 09:33 - 2016-01-21 22:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 09:33 - 2016-01-21 22:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 09:33 - 2016-01-21 22:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 21:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 09:33 - 2016-01-21 21:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 09:33 - 2016-01-21 21:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 09:33 - 2016-01-21 21:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 09:33 - 2016-01-21 20:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 09:33 - 2016-01-21 20:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 09:33 - 2016-01-21 20:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 09:33 - 2016-01-21 20:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 09:33 - 2016-01-21 20:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 09:33 - 2016-01-21 20:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 09:33 - 2016-01-21 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 09:33 - 2016-01-21 20:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 09:33 - 2016-01-21 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 09:33 - 2016-01-21 20:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 09:33 - 2016-01-21 20:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 20:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 20:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 09:33 - 2016-01-21 20:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 17:55 - 2016-02-09 17:55 - 08817344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-02-09 10:52 - 2016-02-09 10:52 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2016-02-09 10:52 - 2016-02-09 10:50 - 04009167 _____ C:\Users\editor\Desktop\ServicesRepair.exe
2016-02-08 14:31 - 2016-02-08 14:32 - 2090729472 _____ C:\Users\editor\Documents\Backup
2016-02-08 13:00 - 2016-02-08 13:07 - 00000000 ____D C:\Users\editor\Documents\DVD_VIDEO_RECORDER
2016-02-08 11:22 - 2016-01-05 11:49 - 00165376 _____ C:\Users\editor\Desktop\SystemLook_x64.exe
2016-02-04 18:06 - 2016-02-04 18:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-04 18:06 - 2016-02-04 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-04 18:06 - 2016-02-04 18:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-04 18:06 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-04 18:06 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-04 18:06 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-04 18:03 - 2016-02-04 18:03 - 00001048 _____ C:\Users\Public\Desktop\AMP WinOFF.lnk
2016-02-04 18:03 - 2016-02-04 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMP WinOFF
2016-02-04 18:03 - 2016-02-04 18:03 - 00000000 ____D C:\Program Files (x86)\AMP WinOFF
2016-02-02 11:55 - 2016-02-02 11:55 - 00000198 _____ C:\Users\editor\Desktop\Bowling Audio.mpg.sfl
2016-02-02 11:54 - 2016-02-02 11:55 - 20797440 _____ C:\Users\editor\Desktop\Bowling Audio.mpg
2016-02-01 11:01 - 2016-02-01 11:11 - 11415224 _____ C:\Users\editor\Desktop\Test.wav-0-76101025000-1.sfk
2016-02-01 10:49 - 2016-02-01 11:11 - 11415224 _____ C:\Users\editor\Desktop\Test.sfk
2016-02-01 10:45 - 2016-02-01 10:48 - 1461140174 _____ C:\Users\editor\Desktop\Test.wav
2016-01-27 13:15 - 2016-02-11 12:36 - 05173392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-27 13:15 - 2016-01-27 13:15 - 00139904 _____ C:\Users\editor\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-27 12:52 - 2016-01-27 12:52 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-27 12:52 - 2016-01-27 12:52 - 00000857 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-27 12:52 - 2016-01-27 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-27 12:52 - 2016-01-27 12:52 - 00000000 ____D C:\Program Files\CCleaner
2016-01-15 15:09 - 2016-01-15 15:09 - 00045323 _____ C:\Users\editor\Desktop\MTB.txt
2016-01-15 15:08 - 2016-01-15 15:08 - 00891392 _____ (Farbar) C:\Users\editor\Desktop\MiniToolBox.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-13 12:22 - 2016-01-11 19:03 - 00039917 _____ C:\Users\editor\Desktop\FRST.txt
2016-02-13 12:22 - 2015-10-05 11:07 - 00000000 ____D C:\FRST
2016-02-13 12:20 - 2013-01-30 14:22 - 00000000 ____D C:\ProgramData\LogMeIn
2016-02-13 12:20 - 2011-10-14 17:48 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2799872349-2356347096-2862904162-1000UA.job
2016-02-13 12:19 - 2009-07-13 20:45 - 00034336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-13 12:19 - 2009-07-13 20:45 - 00034336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-13 11:55 - 2012-04-04 09:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-13 11:54 - 2015-06-15 16:42 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2799872349-2356347096-2862904162-1000UA.job
2016-02-13 11:49 - 2013-05-01 09:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-13 02:19 - 2011-10-14 17:48 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2799872349-2356347096-2862904162-1000Core.job
2016-02-12 19:53 - 2015-06-15 16:42 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2799872349-2356347096-2862904162-1000Core.job
2016-02-12 18:58 - 2012-11-21 09:53 - 00000338 _____ C:\Windows\Tasks\The end of the day.job
2016-02-12 15:02 - 2016-01-05 16:17 - 00000276 _____ C:\Windows\Tasks\WinThruster_DEFAULT.job
2016-02-12 14:31 - 2009-07-13 21:13 - 00819142 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-12 14:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-02-12 13:49 - 2013-05-01 09:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-12 09:04 - 2014-01-28 08:57 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-02-12 09:04 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-11 14:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-02-11 12:33 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 12:17 - 2016-01-11 11:48 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-11 12:15 - 2012-08-15 09:42 - 00007603 _____ C:\Users\editor\AppData\Local\resmon.resmoncfg
2016-02-11 12:15 - 2011-11-04 10:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-11 12:04 - 2013-06-26 09:48 - 00002010 ____H C:\Users\editor\Documents\Default.rdp
2016-02-11 12:02 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-02-10 16:16 - 2016-01-05 16:16 - 00000284 _____ C:\Windows\Tasks\WinThruster_UPDATES.job
2016-02-09 17:55 - 2012-04-04 09:03 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 17:55 - 2012-04-04 09:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 17:55 - 2011-11-22 18:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-09 17:16 - 2011-11-16 10:54 - 00000000 ____D C:\Users\editor\AppData\Roaming\vlc
2016-02-08 14:17 - 2009-07-13 21:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-08 13:22 - 2012-01-27 09:20 - 00000000 ____D C:\Users\editor\AppData\Roaming\HandBrake
2016-02-05 09:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-02-04 18:52 - 2015-07-29 11:44 - 00000000 ____D C:\Users\editor\AppData\LocalLow\Company
2016-02-01 13:44 - 2013-05-01 09:52 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 13:44 - 2013-05-01 09:52 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-27 13:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-27 13:13 - 2016-01-05 10:43 - 00000000 ____D C:\Windows\pss
2016-01-27 13:09 - 2015-08-16 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher
2016-01-27 13:09 - 2015-07-14 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
2016-01-27 13:09 - 2014-09-29 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVob2Mpg
2016-01-27 13:09 - 2013-07-29 11:30 - 00000000 ____D C:\Users\editor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-01-27 13:09 - 2012-01-05 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMPshop
2016-01-27 13:09 - 2012-01-04 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DupKiller
2016-01-27 13:09 - 2011-11-23 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.3.2
2016-01-27 13:07 - 2012-10-05 17:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-27 13:06 - 2015-01-29 16:02 - 00000000 ____D C:\Users\editor\AppData\Roaming\Vso
2016-01-27 13:06 - 2015-01-29 16:02 - 00000000 ____D C:\ProgramData\VSO
2016-01-27 13:06 - 2014-09-29 23:15 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-27 13:06 - 2011-10-14 17:40 - 00000000 ____D C:\Users\editor\AppData\Roaming\Sony
2016-01-27 13:05 - 2011-11-09 17:31 - 00000000 ____D C:\Windows\Minidump
2016-01-27 13:05 - 2011-10-15 06:46 - 00000000 ____D C:\Windows\Panther
2016-01-27 13:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2016-01-17 03:36 - 2012-04-05 09:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-17 03:36 - 2012-04-05 09:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-17 03:33 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-01-17 03:33 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-17 03:33 - 2014-12-14 03:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-17 03:33 - 2014-05-07 17:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-17 03:17 - 2012-04-05 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-17 03:11 - 2011-11-08 10:23 - 00811264 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2013-10-31 12:03 - 2013-10-31 12:03 - 0000132 _____ () C:\Users\editor\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-04-02 12:21 - 2012-04-02 12:25 - 0000132 _____ () C:\Users\editor\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-02-08 11:51 - 2015-06-16 14:00 - 0000132 _____ () C:\Users\editor\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-11-04 11:22 - 2016-01-13 17:47 - 0001305 _____ () C:\Users\editor\AppData\Roaming\burnaware.ini
2012-03-15 11:29 - 2012-03-15 11:30 - 0306372 _____ () C:\Users\editor\AppData\Roaming\CodecsLE_Install.log
2012-12-14 12:31 - 2012-12-14 13:09 - 0000915 _____ () C:\Users\editor\AppData\Roaming\CoreAvc.ini
2013-02-19 10:53 - 2014-04-15 17:18 - 0072054 _____ () C:\Users\editor\AppData\Roaming\Image Processor Pro.log
2013-02-22 11:23 - 2014-04-15 16:34 - 0002259 _____ () C:\Users\editor\AppData\Roaming\Image Processor Pro.xml
2015-01-29 16:02 - 2015-01-29 16:02 - 0099384 _____ () C:\Users\editor\AppData\Roaming\inst.exe
2015-01-29 16:02 - 2015-01-29 16:02 - 0007859 _____ () C:\Users\editor\AppData\Roaming\pcouffin.cat
2015-01-29 16:02 - 2015-01-29 16:02 - 0001167 _____ () C:\Users\editor\AppData\Roaming\pcouffin.inf
2015-01-29 16:02 - 2015-01-29 16:02 - 0000055 _____ () C:\Users\editor\AppData\Roaming\pcouffin.log
2015-01-29 16:02 - 2015-01-29 16:02 - 0082816 _____ (VSO Software) C:\Users\editor\AppData\Roaming\pcouffin.sys
2012-09-18 11:40 - 2012-09-18 18:02 - 0000077 _____ () C:\Users\editor\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-18 11:38 - 2012-09-19 09:54 - 0002021 _____ () C:\Users\editor\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-09-18 11:40 - 2012-09-18 18:02 - 0000077 _____ () C:\Users\editor\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-02-08 10:52 - 2014-02-03 17:48 - 0001456 _____ () C:\Users\editor\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-07-17 10:15 - 2015-07-17 10:15 - 0000031 _____ () C:\Users\editor\AppData\Local\burnaware.ini
2012-02-06 17:43 - 2013-11-01 12:38 - 0064000 _____ () C:\Users\editor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-15 09:42 - 2016-02-11 12:15 - 0007603 _____ () C:\Users\editor\AppData\Local\resmon.resmoncfg
2012-02-04 10:52 - 2012-02-04 10:52 - 0017408 _____ () C:\Users\editor\AppData\Local\WebpageIcons.db
2014-11-07 10:24 - 2015-02-23 17:19 - 0000040 ___SH () C:\ProgramData\.zreglib
 
Files to move or delete:
====================
C:\Users\editor\2013 batch.bat
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-09 11:22
 
 
==================== End of FRST.txt ============================
 
Thank you for your help. 
 
 
 

AlternateDataStreams: C:\ProgramData\TEMP:2E0A12A9

Attached Files


Edited by Oh My!, 17 February 2016 - 11:15 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 PM

Posted 17 February 2016 - 11:18 AM

Greetings Belwell and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

WinThruster
Spybot - Search & Destroy

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\LBTWlgn: 
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR Plugin: (Screen Capture Plugin) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\plugins/screen_capture.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\editor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
CHR Plugin: (Google Update) - C:\Users\editor\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
S4 LMIRfsClientNP; no ImagePath
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
C:\Users\editor\2013 batch.bat
Task: {3F20AACE-8286-4117-A9B2-2C5BE7F83E42} - System32\Tasks\WinThruster_UPDATES => C:\Program Files (x86)\WinThruster\WinThruster.exe [2015-11-25] (Solvusoft Corporation) <==== ATTENTION
Task: {625D3EA9-AB9D-432F-ADF9-582012C5F233} - System32\Tasks\WinThruster_DEFAULT => C:\Program Files (x86)\WinThruster\WinThruster.exe [2015-11-25] (Solvusoft Corporation) <==== ATTENTION
Task: C:\Windows\Tasks\WinThruster_DEFAULT.job => C:\Program Files (x86)\WinThruster\WinThruster.exe <==== ATTENTION
Task: C:\Windows\Tasks\WinThruster_UPDATES.job => C:\Program Files (x86)\WinThruster\WinThruster.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:2E0A12A9
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Belwell

Belwell
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 17 February 2016 - 04:22 PM

Hi Gary, 

 

Thanks for the help. 

 

First, the bittorrent program is never used for pirating, but used for transfer of files between remote locations. I am aware of the risk and positive that it did not cause the infection. 

 

Fixlog - 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by editor (2016-02-17 11:08:34) Run:1
Running from C:\Users\editor\Desktop
Loaded Profiles: editor (Available Profiles: editor & UpdatusUser & LogMeInRemoteUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\LBTWlgn: 
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR Plugin: (Screen Capture Plugin) - C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\plugins/screen_capture.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\editor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
CHR Plugin: (Google Update) - C:\Users\editor\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
S4 LMIRfsClientNP; no ImagePath
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
C:\Users\editor\2013 batch.bat
Task: {3F20AACE-8286-4117-A9B2-2C5BE7F83E42} - System32\Tasks\WinThruster_UPDATES => C:\Program Files (x86)\WinThruster\WinThruster.exe [2015-11-25] (Solvusoft Corporation) <==== ATTENTION
Task: {625D3EA9-AB9D-432F-ADF9-582012C5F233} - System32\Tasks\WinThruster_DEFAULT => C:\Program Files (x86)\WinThruster\WinThruster.exe [2015-11-25] (Solvusoft Corporation) <==== ATTENTION
Task: C:\Windows\Tasks\WinThruster_DEFAULT.job => C:\Program Files (x86)\WinThruster\WinThruster.exe <==== ATTENTION
Task: C:\Windows\Tasks\WinThruster_UPDATES.job => C:\Program Files (x86)\WinThruster\WinThruster.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:2E0A12A9
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
C:\Users\editor\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\plugins/screen_capture.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Users\editor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => not found.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => not found.
C:\Users\editor\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
LMIRfsClientNP => service removed successfully
RimUsb => service removed successfully
C:\Users\editor\2013 batch.bat => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F20AACE-8286-4117-A9B2-2C5BE7F83E42} => key not found. 
C:\Windows\System32\Tasks\WinThruster_UPDATES => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinThruster_UPDATES => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{625D3EA9-AB9D-432F-ADF9-582012C5F233} => key not found. 
C:\Windows\System32\Tasks\WinThruster_DEFAULT => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinThruster_DEFAULT => key not found. 
C:\Windows\Tasks\WinThruster_DEFAULT.job => not found.
C:\Windows\Tasks\WinThruster_UPDATES.job => not found.
C:\ProgramData\TEMP => ":2E0A12A9" ADS removed successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:09:40 ====
 
Update of behavior - No change. 
 
System Summary is attached. 
 
Thank you for your help Gary. 
 
Brian

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 PM

Posted 18 February 2016 - 10:39 AM

Hi Brian,

Sorry for the delayed reply, I was not notified you had responded.

Please do this.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items

2440069.png

  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 PM

Posted 21 February 2016 - 09:52 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Belwell

Belwell
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 22 February 2016 - 01:10 PM

No Change 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 PM

Posted 22 February 2016 - 03:48 PM

Thanks for the update.

I would like you to run FRST twice. In each instance uncheck Addition.txt. The first time run it in Safe Mode with Networking. Once the file is on your desktop rename it to FRSTSafe.txt. Then run FRST in the Clean Boot Environment. Rename that report FRSTClean.txt.

Please attach both reports to your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Belwell

Belwell
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 22 February 2016 - 04:20 PM

Here are the reports. 

 

 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 PM

Posted 22 February 2016 - 04:21 PM

I am assuming you still have internet in Safe Mode, correct?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Belwell

Belwell
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 22 February 2016 - 04:24 PM

Yup, that is correct. 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 PM

Posted 22 February 2016 - 04:30 PM

OK, thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 PM

Posted 22 February 2016 - 04:37 PM

Did you go through this part of the Clean Boot step?
 

Click the Services tab
Click to select the Hide All Microsoft Services check box
Click Disable All, and then click OK
When you are prompted, click Restart and boot into Normal Mode

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Belwell

Belwell
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 22 February 2016 - 04:45 PM

So I believe so, but let me break down what I did because I'm confused on your last instruction. 

 

Open up Msconfig. 

On General tab switch to selective startup and uncheck load startup items 

On Services tab, check Hide all Microsoft Services, then disable all

Clicked Apply, then Okay. Then When prompted to restart I did. 

After start up Ran FRST. 

 

When you say click Restart and boot into "Normal Mode" do you want me to switch from "Selective Startup" back to "Normal" Startup?



#14 Belwell

Belwell
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 22 February 2016 - 04:50 PM

Just in case I did it wrong here is a clean boot log again.

 

 

Attached Files



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,737 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:30 PM

Posted 22 February 2016 - 05:45 PM

Still doesn't look right to me.

 

Did you Uncheck Load Startup items?

 

Go through the steps again but this time before running FRST in Clean Boot go into msconfig startup tab, check Hide all Microsoft and make sure everything else is unchecked. If so, run FRST again.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users