Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT for Windows 7


  • Please log in to reply
17 replies to this topic

#1 chhines

chhines

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 17 February 2016 - 06:59 PM

Hello all:

 

Can I get some advice and guidance on what I should remove from this and any specific instructions on what I should use to do so?  I believe I can fix it if I can get this, having done PC work years ago.  Attached is a HijackThis post from my wife's laptop.  Thank you for the help!

 

Attached Files


Edited by chhines, 17 February 2016 - 07:00 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 17 February 2016 - 07:22 PM

Hello chhines and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
Please do the following.

 

Uninstall: Coupons

==============================================================

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Edited by olgun52, 17 February 2016 - 07:24 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 chhines

chhines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 17 February 2016 - 07:59 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Marcella (administrator) on MLAPTOP (17-02-2016 17:56:54)
Running from C:\Users\Marcella\Desktop
Loaded Profiles: Marcella (Available Profiles: Marcella)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cisco) C:\Users\Marcella\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Octoshape ApS) C:\Users\Marcella\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(JRT Studio LLC) C:\Program Files (x86)\JRT Studio\iSyncr\iSyncr.exe
() C:\Users\Marcella\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\Marcella\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(AltrixSoft (hxxp://www.altrixsoft.com/)) C:\Program Files (x86)\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Sync\App\WDSyncService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-09-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HDInspector.exe] => C:\Program Files (x86)32\Hard Drive Inspector\HDInspector.exe [3171584 2015-07-27] (Altrixsoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [Google Update] => C:\Users\Marcella\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [GoogleChromeAutoLaunch_70D8B263224B29A79F4A1182BC875E7A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-09] (Google Inc.)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [PCShowServer] => C:\Users\Marcella\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631520 2015-05-21] (Cisco)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Marcella\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\MountPoints2: {4b620de0-dc90-11e4-8d23-606c66d952d7} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} =>  No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} =>  No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk [2015-08-14]
ShortcutTarget: iSyncr.lnk -> C:\Windows\Installer\{3A65FA92-8688-432C-9A24-6F99818BAAB2}\_E9582272BEF1788D305739.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk [2013-11-27]
ShortcutTarget: Outlook 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation)
Startup: C:\Users\Marcella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2015-04-28]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Marcella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-10-12]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Marcella\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{28560466-6F7A-4645-8CF1-78B22E8823B9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EBA351CA-E83A-4BA5-BBE0-DBC647A4EA11}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2437430253-643367097-1623690150-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-2437430253-643367097-1623690150-1001 -> {435E622A-9146-4C26-B116-01FD096DFE79} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-08] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-01-19] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-08] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-06-07] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Marcella\AppData\Roaming\Mozilla\Firefox\Profiles\94i5ztvp.default
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-07] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-06-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2437430253-643367097-1623690150-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Marcella\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2437430253-643367097-1623690150-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Marcella\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2437430253-643367097-1623690150-1001: @talk.google.com/O1DPlugin -> C:\Users\Marcella\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2437430253-643367097-1623690150-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2437430253-643367097-1623690150-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Marcella\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Marcella\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Marcella\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-09-19] (Octoshape ApS)
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3291325&octid=CT3291325&SearchSource=61&CUI=UN18131159063166215&UM=2&UP=SPF62039CE-8B53-4971-9C4D-389AB71E3C96&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M52EB0307-8DDC-4985-B2DC-D7AE52AA270F&SearchSource=55&CUI=&UM=6&UP=SPF62039CE-8B53-4971-9C4D-389AB71E3C96&SSPV="
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
CHR Profile: C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Pin It Button) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-25]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-04-27]
CHR Extension: (Window Resizer) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2015-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R3 HDDSvc; C:\Program Files (x86)\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe [484600 2015-03-26] (AltrixSoft (hxxp://www.altrixsoft.com/))
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [745224 2015-12-07] (DEVGURU Co., LTD.)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-17 17:56 - 2016-02-17 17:57 - 00028733 _____ C:\Users\Marcella\Desktop\FRST.txt
2016-02-17 17:32 - 2016-02-17 17:56 - 00000000 ____D C:\FRST
2016-02-17 17:32 - 2016-02-17 17:32 - 02371072 _____ (Farbar) C:\Users\Marcella\Desktop\FRST64.exe
2016-02-17 17:31 - 2016-02-17 17:32 - 02371072 _____ (Farbar) C:\Users\Marcella\Downloads\FRST64.exe
2016-02-17 16:49 - 2016-02-17 16:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marcella\Downloads\HijackThis.exe
2016-02-14 20:32 - 2016-02-14 20:32 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-14 20:03 - 2016-02-14 20:03 - 00000000 ____D C:\ProgramData\AltrixSoft
2016-02-14 20:02 - 2016-02-14 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Drive Inspector Professional
2016-02-14 20:02 - 2016-02-14 20:02 - 00000000 ____D C:\Program Files (x86)32
2016-02-14 19:57 - 2016-02-14 20:02 - 02782144 _____ (AltrixSoft) C:\Users\Marcella\Downloads\hddinsp.exe
2016-02-14 19:56 - 2016-02-14 19:56 - 01735313 _____ C:\Users\Marcella\Downloads\Hutil210_iso_for_CDROM_drive.zip
2016-02-12 08:43 - 2016-02-12 08:44 - 00000000 ____D C:\Users\Marcella\Documents\Remedia Publications_Former Work2
2016-02-12 06:55 - 2016-02-13 06:32 - 00000000 ____D C:\Users\Marcella\Documents\Remedia Publications_Former Work
2016-02-10 00:14 - 2016-02-06 03:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 00:14 - 2016-02-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 00:14 - 2016-02-06 03:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 00:14 - 2016-02-06 03:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 00:14 - 2016-02-06 03:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 00:14 - 2016-02-06 03:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 00:14 - 2016-02-06 02:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 00:14 - 2016-02-06 02:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 00:14 - 2016-02-06 02:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 00:14 - 2016-02-06 02:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 00:14 - 2016-02-06 02:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 00:14 - 2016-02-06 02:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 00:14 - 2016-02-06 02:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 00:14 - 2016-02-06 01:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 00:14 - 2016-01-16 12:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 00:14 - 2016-01-16 11:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 00:14 - 2016-01-11 07:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 00:14 - 2016-01-11 07:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 00:14 - 2016-01-11 07:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 00:14 - 2016-01-11 07:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 00:14 - 2016-01-11 07:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 00:14 - 2016-01-06 12:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 00:14 - 2016-01-06 12:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-10 00:14 - 2016-01-06 11:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 00:13 - 2016-01-22 13:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 00:13 - 2016-01-22 13:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 00:13 - 2016-01-21 23:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 00:13 - 2016-01-21 23:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 00:13 - 2016-01-21 23:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 00:13 - 2016-01-21 23:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 00:13 - 2016-01-21 23:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 00:13 - 2016-01-21 23:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 00:13 - 2016-01-21 23:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 00:13 - 2016-01-21 23:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 00:13 - 2016-01-21 23:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 00:13 - 2016-01-21 23:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 00:13 - 2016-01-21 23:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 00:13 - 2016-01-21 23:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 00:13 - 2016-01-21 23:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 00:13 - 2016-01-21 23:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 00:13 - 2016-01-21 23:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 00:13 - 2016-01-21 23:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 00:13 - 2016-01-21 23:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 00:13 - 2016-01-21 23:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 00:13 - 2016-01-21 23:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 00:13 - 2016-01-21 23:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 00:13 - 2016-01-21 23:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 00:13 - 2016-01-21 23:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 00:13 - 2016-01-21 23:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 00:13 - 2016-01-21 23:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 00:13 - 2016-01-21 23:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 00:13 - 2016-01-21 22:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 00:13 - 2016-01-21 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 00:13 - 2016-01-21 22:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 00:13 - 2016-01-21 22:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 00:13 - 2016-01-21 22:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 00:13 - 2016-01-21 22:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 00:13 - 2016-01-21 22:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 00:13 - 2016-01-21 22:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 00:13 - 2016-01-21 22:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 00:13 - 2016-01-21 22:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 00:13 - 2016-01-21 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 00:13 - 2016-01-21 22:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 00:13 - 2016-01-21 22:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 00:13 - 2016-01-21 22:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 00:13 - 2016-01-21 22:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 00:13 - 2016-01-21 22:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 00:13 - 2016-01-21 22:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 00:13 - 2016-01-21 22:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 00:13 - 2016-01-21 22:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 00:13 - 2016-01-21 22:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 00:13 - 2016-01-21 22:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 00:13 - 2016-01-21 22:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 00:13 - 2016-01-21 22:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 00:13 - 2016-01-21 22:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 00:13 - 2016-01-21 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 00:12 - 2016-01-11 12:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 00:12 - 2016-01-11 12:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 00:12 - 2016-01-11 12:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 00:12 - 2016-01-11 11:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-10 00:12 - 2016-01-11 11:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 00:12 - 2016-01-11 11:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 00:12 - 2016-01-11 11:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 00:12 - 2016-01-11 11:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 00:12 - 2016-01-11 11:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-10 00:12 - 2016-01-11 11:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 00:12 - 2016-01-11 11:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-10 00:12 - 2016-01-11 11:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-10 00:12 - 2016-01-11 11:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 00:12 - 2016-01-11 11:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 00:12 - 2016-01-11 11:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 00:12 - 2016-01-11 11:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-10 00:12 - 2016-01-07 10:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 00:12 - 2016-01-07 10:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 00:12 - 2015-12-20 11:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-10 00:12 - 2015-12-20 11:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 00:12 - 2015-12-20 07:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 00:11 - 2016-01-21 23:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 00:11 - 2016-01-21 23:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 00:11 - 2016-01-21 23:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 00:11 - 2016-01-21 23:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 00:11 - 2016-01-21 23:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 00:11 - 2016-01-21 23:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 00:11 - 2016-01-21 23:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 00:11 - 2016-01-21 23:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 00:11 - 2016-01-21 23:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 00:11 - 2016-01-21 23:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 00:11 - 2016-01-21 23:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 00:11 - 2016-01-21 23:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 00:11 - 2016-01-21 23:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 00:11 - 2016-01-21 23:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 00:11 - 2016-01-21 23:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 00:11 - 2016-01-21 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 00:11 - 2016-01-21 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 00:11 - 2016-01-21 23:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 00:11 - 2016-01-21 23:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 00:11 - 2016-01-21 23:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 00:11 - 2016-01-21 23:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 00:11 - 2016-01-21 23:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 00:11 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 00:11 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 00:11 - 2016-01-21 23:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 00:11 - 2016-01-21 23:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 00:11 - 2016-01-21 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 00:11 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 00:11 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 00:11 - 2016-01-21 22:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 00:11 - 2016-01-21 22:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 00:11 - 2016-01-21 22:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 00:11 - 2016-01-21 21:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 00:11 - 2016-01-21 21:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 00:11 - 2016-01-21 21:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 00:11 - 2016-01-21 21:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 00:11 - 2016-01-21 21:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 00:11 - 2016-01-21 21:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 00:11 - 2016-01-21 21:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 00:11 - 2016-01-21 21:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 00:11 - 2016-01-21 21:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 00:11 - 2016-01-21 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 00:11 - 2016-01-21 21:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 21:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 21:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 21:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 00:11 - 2016-01-16 12:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 00:11 - 2016-01-16 11:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 00:10 - 2016-01-21 23:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-10 00:10 - 2016-01-21 23:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 00:10 - 2016-01-21 23:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 00:10 - 2016-01-21 23:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-10 00:10 - 2016-01-21 22:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 00:10 - 2016-01-21 22:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 00:10 - 2016-01-21 22:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-04 14:09 - 2015-12-26 15:16 - 00824550 _____ C:\Users\Marcella\Desktop\20151226_145011.jpeg
2016-02-03 06:22 - 2016-02-03 06:22 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-03 06:22 - 2016-02-03 06:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-01-29 13:03 - 2016-01-29 13:03 - 00000000 __HDC C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}
2016-01-28 15:52 - 2016-02-17 13:00 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-01-28 15:52 - 2016-01-28 15:52 - 00004032 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-01-28 15:52 - 2016-01-28 15:52 - 00003342 _____ C:\Windows\System32\Tasks\PCDDataUploadTask
2016-01-28 15:52 - 2016-01-28 15:52 - 00003222 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-01-28 15:51 - 2016-01-28 15:51 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-01-28 15:51 - 2016-01-28 15:51 - 00000000 ____D C:\Program Files\Dell Support Center
2016-01-27 16:51 - 2016-01-27 16:51 - 00074449 _____ C:\Users\Marcella\Downloads\a-z-2 (1).pdf
2016-01-27 14:22 - 2016-01-27 14:22 - 00022988 _____ C:\Users\Marcella\Downloads\Hines-Song1 (2).pdf
2016-01-27 06:06 - 2016-01-27 06:06 - 00074449 _____ C:\Users\Marcella\Downloads\a-z-2.pdf
2016-01-27 06:06 - 2016-01-27 06:06 - 00022988 _____ C:\Users\Marcella\Downloads\Hines-Song1 (1).pdf
2016-01-26 06:17 - 2016-01-26 06:17 - 01071121 _____ C:\Users\Marcella\Downloads\Dessy Purna Sari M0408007.pdf
2016-01-23 12:49 - 2016-01-23 12:49 - 00271674 _____ C:\Users\Marcella\Downloads\a-z-black.pdf
2016-01-23 12:48 - 2016-01-23 12:48 - 00053045 _____ C:\Users\Marcella\Downloads\Hines-Song2.pdf
2016-01-23 12:48 - 2016-01-23 12:48 - 00049185 _____ C:\Users\Marcella\Downloads\Hines-Song1.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-17 17:36 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-17 17:36 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-17 17:32 - 2013-11-12 12:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-17 17:30 - 2014-06-01 08:18 - 00025324 _____ C:\Windows\wininit.ini
2016-02-17 17:30 - 2014-06-01 07:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-17 17:30 - 2014-06-01 07:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-17 17:27 - 2014-03-03 14:02 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2437430253-643367097-1623690150-1001UA.job
2016-02-17 16:58 - 2013-11-30 19:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-17 15:58 - 2013-11-30 19:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-17 15:00 - 2013-12-02 16:32 - 00000000 ____D C:\Users\Marcella\Documents\Outlook Files
2016-02-17 14:51 - 2013-11-27 22:06 - 00000000 ____D C:\Users\Marcella\Documents\Groceries
2016-02-17 09:56 - 2016-01-12 08:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-17 06:27 - 2014-03-03 14:02 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2437430253-643367097-1623690150-1001Core.job
2016-02-17 06:16 - 2013-12-01 08:35 - 00000000 ____D C:\Users\Marcella\Documents\JRT Studio
2016-02-17 06:11 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-16 14:16 - 2013-12-12 07:26 - 03199488 ___SH C:\Users\Marcella\Desktop\Thumbs.db
2016-02-16 09:36 - 2013-11-27 22:06 - 00000000 ____D C:\Users\Marcella\Documents\Work
2016-02-16 09:26 - 2014-09-28 19:04 - 00000000 ____D C:\Users\Marcella\Documents\The Tagalongs
2016-02-16 09:23 - 2013-11-27 22:07 - 00000000 ____D C:\Users\Marcella\Documents\Misc
2016-02-16 09:23 - 2013-11-27 22:07 - 00000000 ____D C:\Users\Marcella\Documents\Job Docs
2016-02-16 09:20 - 2013-11-27 22:06 - 00000000 ____D C:\Users\Marcella\Documents\House
2016-02-16 09:19 - 2013-11-27 22:06 - 00000000 ____D C:\Users\Marcella\Documents\Health
2016-02-16 06:57 - 2013-11-27 22:18 - 00000000 ____D C:\Users\Marcella\Documents\Fitness
2016-02-16 06:55 - 2013-11-27 22:05 - 00000000 ____D C:\Users\Marcella\Documents\Central Christian Church
2016-02-16 06:53 - 2013-11-27 22:05 - 00000000 ____D C:\Users\Marcella\Documents\Celebrations & Holidays
2016-02-14 21:34 - 2014-06-07 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-14 20:28 - 2013-12-01 17:34 - 00000000 ____D C:\Users\Marcella\AppData\Local\Windows Live
2016-02-14 20:27 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-14 20:13 - 2014-11-02 10:36 - 00000000 ____D C:\Program Files (x86)\Swapper
2016-02-14 06:24 - 2009-07-13 22:13 - 00826198 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-14 06:24 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-02-13 19:20 - 2016-01-02 10:22 - 00000000 ____D C:\.WDTemp
2016-02-12 17:34 - 2014-04-05 18:14 - 00000000 ____D C:\Users\Marcella\AppData\Roaming\VERIZON
2016-02-12 17:07 - 2013-12-01 08:34 - 00000000 ____D C:\Users\Marcella\AppData\Roaming\JRT Studio
2016-02-12 06:48 - 2013-11-27 22:07 - 00000000 ____D C:\Users\Marcella\Documents\Money Stuff
2016-02-12 06:48 - 2013-11-27 22:06 - 00000000 ____D C:\Users\Marcella\Documents\Letters, Essays, & Speeches
2016-02-10 21:46 - 2013-11-27 17:51 - 00000000 ____D C:\Users\Marcella\AppData\Roaming\Skype
2016-02-10 13:00 - 2013-11-30 19:01 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 05:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-02-10 03:39 - 2009-07-13 21:45 - 00437872 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 03:35 - 2014-12-12 18:55 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 03:35 - 2014-05-06 17:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 03:35 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 03:20 - 2013-11-27 17:12 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 03:10 - 2013-11-27 17:12 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-09 21:36 - 2013-11-12 12:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 21:35 - 2013-11-12 12:59 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 21:35 - 2013-11-12 12:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-03 06:23 - 2015-12-25 16:57 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-02-03 06:23 - 2013-11-12 13:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-03 06:22 - 2015-12-25 16:57 - 00003552 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-02-02 06:22 - 2014-03-03 14:02 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2437430253-643367097-1623690150-1001UA
2016-02-02 06:22 - 2014-03-03 14:02 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2437430253-643367097-1623690150-1001Core
2016-02-01 15:53 - 2013-11-30 19:01 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 15:53 - 2013-11-30 19:01 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 13:03 - 2015-03-18 11:02 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2016-01-28 15:51 - 2013-11-12 13:37 - 00000000 ____D C:\ProgramData\PCDr
2016-01-28 15:51 - 2013-11-12 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-01-21 06:08 - 2014-06-07 14:21 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-21 06:03 - 2014-06-07 14:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-19 05:54 - 2014-01-02 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Migration
 
==================== Files in the root of some directories =======
 
2013-11-30 20:13 - 2015-02-09 13:12 - 0038477 _____ () C:\Users\Marcella\AppData\Roaming\Comma Separated Values.ADR
2014-08-05 18:28 - 2014-08-05 18:30 - 7487488 _____ () C:\Users\Marcella\AppData\Local\ChromeHitoryDB
2013-12-03 19:23 - 2013-12-03 19:23 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-08 07:35
 
==================== End of FRST.txt ============================

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 18 February 2016 - 01:42 PM

Hi chhines,
 
İmportant:
The following is referring to WinASO Registry Optimizer and Auslogics Registry Cleaner.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side. If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

For more information about why you should avoid using a such programs please take a look here
---------------------------------------------------------------------------------------------------------------------------------------------
Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
Please uninstall the following applications:
Coupon
trovi.com
conduit

Auslogics Registry Cleaner
WinASO Registry Optimizer

and PC restart
-------------------------------------------------------------------------------------------
Please do the following.

 

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 chhines

chhines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 18 February 2016 - 07:34 PM

Zemana AntiMalware 2.19.2.904 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/2/18
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i7-3537U CPU @ 2.00GHz
BIOS Mode              : Legacy
CUID                   : 00843517BDDC614434E9D8
Scan Type              : Smart Scan
Duration               : 32m 42s
Scanned Objects        : 11662
Detected Objects       : 9
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Internet Explorer Shortcut
Status             : Scanned
Object             : -extoff
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Shortcut
 
Chrome Startup Url
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Chrome Startup Url
 
Chrome Homepage
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Chrome Homepage
 
remotewd.com
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\860EF57F837539B7C4C46A72BA83185196545295\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\860EF57F837539B7C4C46A72BA83185196545295\Blob = 1900000001000000100000007B5EDBFEB897712488BBF9F80A4E7CCA0F00000001000000140000000857383113585F33EDE37389C3A054C2C6A910700B000000010000002E000000720065006D006F0074006500770064002E0063006F006D005F0077006900780043006500720074005F0031000000030000000100000014000000860EF57F837539B7C4C46A72BA83185196545295140000000100000014000000D623D46F4B9837998304B539BA9A879B37E5766C20000000010000006403000030820360308202C9A003020102020900D614AC99C17E31C4300D06092A864886F70D0101050500307E310B3009060355040613025553310B3009060355040813024353311630140603550407130D4D6F756E7461696E205669657731183016060355040A130F5765737465726E204469676974616C31193017060355040B13104272616E6465642050726F6475637473311530130603550403130C72656D6F746577642E636F6D301E170D3130313131353138353735355A170D3230313131323138353735355A307E310B3009060355040613025553310B3009060355040813024353311630140603550407130D4D6F756E7461696E205669657731183016060355040A130F5765737465726E204469676974616C31193017060355040B13104272616E6465642050726F6475637473311530130603550403130C72656D6F746577642E636F6D30819F300D06092A864886F70D010101050003818D0030818902818100BF450B16CADAC7D402545033D95E2847323060C41C076D88050B4D5BF5506817759D83D5677242B6DE47F30E1D1D2E45913FD25BFE1D0E66A559C0CAA85DA6EF3B6CB1AE1AF5E6B50CCBEFDAC97E6066EC82396D6FD2DB5C80AE012DCB9203F3D016F5641C0370EDD137BB62CD0C412F3E680041716D5A4E9D2D55E11978D9690203010001A381E53081E2301D0603551D0E04160414D623D46F4B9837998304B539BA9A879B37E5766C3081B20603551D230481AA3081A78014D623D46F4B9837998304B539BA9A879B37E5766CA18183A48180307E310B3009060355040613025553310B3009060355040813024353311630140603550407130D4D6F756E7461696E205669657731183016060355040A130F5765737465726E204469676974616C31193017060355040B13104272616E6465642050726F6475637473311530130603550403130C72656D6F746577642E636F6D820900D614AC99C17E31C4300C0603551D13040530030101FF300D06092A864886F70D01010505000381810057E8D9250EC69DD24EA616FE4CFE4203A6778477F0391DAC1458D0E0A8CC47059D4174F7C947A8A76176530CBDAD409317E5A68D10FFB2BB57A64F56B4CFF92A4A7CCDDE765A35470378FE0643792053CD38EC24D977569BBC09D940CCB624F8F6C7A17F84140C55FFB89DBD5FBAEF150170D5E0332294877E7A0C02B51AA487
 
registry-cleaner-setup.exe
Status             : Scanned
Object             : %userprofile%\downloads\registry-cleaner-setup.exe
MD5                : 5C769E0A09AB328707A61231A81F4953
Publisher          : Auslogics Software Pty Ltd
Size               : 6309456
Version            : 3.5.3.0
Detection          : Adware:Win32/Quarand!Etat
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\registry-cleaner-setup.exe
 
Installation.exe
Status             : Scanned
Object             : %userprofile%\downloads\installation.exe
MD5                : F5E6576056CFC4619CB6212AAE2F0197
Publisher          : BEST APP
Size               : 583560
Version            : 1.65.40.0
Detection          : Adware:Win32/BulkHeur.f6cfff!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\installation.exe
 
CouponPrinter.exe
Status             : Scanned
Object             : %userprofile%\downloads\couponprinter.exe
MD5                : F793BB69527118385FC8BA70628F8A4B
Publisher          : Coupons, Inc.
Size               : 1859304
Version            : 5.0.0.4
Detection          : Adware:Win32/Coupons!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\couponprinter.exe
 
CouponPrinterCPS.exe
Status             : Scanned
Object             : %userprofile%\downloads\couponprintercps.exe
MD5                : 731F9FC1C5CF0E90990E353A531EA618
Publisher          : Coupons, Inc.
Size               : 2027336
Version            : 5.0.0.9
Detection          : Adware:Win32/Coupons!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\couponprintercps.exe
 
couponprinter (1).exe
Status             : Scanned
Object             : %userprofile%\downloads\couponprinter (1).exe
MD5                : 0D28FCC64CDF57E2EB0296F4C11CB2B6
Publisher          : Coupons, Inc.
Size               : 2072488
Version            : 5.0.0.10
Detection          : Adware:Win32/Coupons!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\couponprinter (1).exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 9
Reported as safe      : 0
Failed                : 0
 


#6 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 19 February 2016 - 11:59 AM

Hi chhines,

 

Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

A good source of information about safe computing is this topic by quietman7.

 

Step 1:

FRST Script:

Please download this attached     Attached File  Fixlist.txt   6.35KB   2 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Edited by olgun52, 19 February 2016 - 12:01 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 chhines

chhines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 20 February 2016 - 04:08 PM

Computer seems to be responding better already, only negative I've seen is that Microsoft Office is throwing errors at startup now, but I can easily run that thru the repair tool or reinstall.  Here's the pastes you asked for.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Marcella (2016-02-20 09:42:12) Run:1
Running from C:\Users\Marcella\Desktop
Loaded Profiles: Marcella (Available Profiles: Marcella)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\MountPoints2: {4b620de0-dc90-11e4-8d23-606c66d952d7} - E:\VZW_Software_upgrade_assistant.exe
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} =>  No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} =>  No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} =>  No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} =>  No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2437430253-643367097-1623690150-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-2437430253-643367097-1623690150-1001 -> {435E622A-9146-4C26-B116-01FD096DFE79} URL = 
FF ProfilePath: C:\Users\Marcella\AppData\Roaming\Mozilla\Firefox\Profiles\94i5ztvp.default
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3291325&octid=CT3291325&SearchSource=61&CUI=UN18131159063166215&UM=2&UP=SPF62039CE-8B53-4971-9C4D-389AB71E3C96&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M52EB0307-8DDC-4985-B2DC-D7AE52AA270F&SearchSource=55&CUI=&UM=6&UP=SPF62039CE-8B53-4971-9C4D-389AB71E3C96&SSPV="
CHR Plugin: (Shockwave Flash) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - <no Path/update_url>
C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}
2016-02-17 17:32 - 2013-11-12 12:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\wininit.ini
2016-02-17 17:27 - 2014-03-03 14:02 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2437430253-643367097-1623690150-1001UA.job
2016-02-17 16:58 - 2013-11-30 19:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-17 15:58 - 2013-11-30 19:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-16 14:16 - 2013-12-12 07:26 - 03199488 ___SH C:\Users\Marcella\Desktop\Thumbs.db
2016-02-12 17:34 - 2014-04-05 18:14 - 00000000 ____D C:\Users\Marcella\AppData\Roaming\VERIZON
2016-02-12 17:07 - 2013-12-01 08:34 - 00000000 ____D C:\Users\Marcella\AppData\Roaming\JRT Studio
2016-02-10 21:46 - 2013-11-27 17:51 - 00000000 ____D C:\Users\Marcella\AppData\Roaming\Skype
C:\ProgramData\Package Cache
2013-11-30 20:13 - 2015-02-09 13:12 - 0038477 _____ () C:\Users\Marcella\AppData\Roaming\Comma Separated Values.ADR
2014-08-05 18:28 - 2014-08-05 18:30 - 7487488 _____ () C:\Users\Marcella\AppData\Local\ChromeHitoryDB
2013-12-03 19:23 - 2013-12-03 19:23 - 0000057 _____ () C:\ProgramData\Ament.ini
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Hosts:
Emptytemp:
end
 
*****************
 
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b620de0-dc90-11e4-8d23-606c66d952d7}" => key removed successfully
HKCR\CLSID\{4b620de0-dc90-11e4-8d23-606c66d952d7} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Green" => key removed successfully
HKCR\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Partial" => key removed successfully
HKCR\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Yellow" => key removed successfully
HKCR\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Green" => key removed successfully
HKCR\Wow6432Node\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Partial" => key removed successfully
HKCR\Wow6432Node\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Carbonite.Yellow" => key removed successfully
HKCR\Wow6432Node\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2437430253-643367097-1623690150-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{435E622A-9146-4C26-B116-01FD096DFE79}" => key removed successfully
HKCR\CLSID\{435E622A-9146-4C26-B116-01FD096DFE79} => key not found. 
FF ProfilePath: C:\Users\Marcella\AppData\Roaming\Mozilla\Firefox\Profiles\94i5ztvp.default => FRST is scripted not to move this directory.
Firefox DefaultSearchEngine removed successfully
Firefox SearchEngineOrder.3 removed successfully
Firefox "Keyword.URL" removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
Chrome HomePage => not found.
Chrome StartupUrls => not found.
C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf" => key removed successfully
C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075} => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\wininit.ini => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2437430253-643367097-1623690150-1001UA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Users\Marcella\Desktop\Thumbs.db => moved successfully
 
"C:\Users\Marcella\AppData\Roaming\VERIZON" folder move:
 
Could not move "C:\Users\Marcella\AppData\Roaming\VERIZON" => Scheduled to move on reboot.
 
C:\Users\Marcella\AppData\Roaming\JRT Studio => moved successfully
C:\Users\Marcella\AppData\Roaming\Skype => moved successfully
C:\ProgramData\Package Cache => moved successfully
C:\Users\Marcella\AppData\Roaming\Comma Separated Values.ADR => moved successfully
C:\Users\Marcella\AppData\Local\ChromeHitoryDB => moved successfully
C:\ProgramData\Ament.ini => moved successfully
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.3 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-20 10:00:32)
 
C:\Users\Marcella\AppData\Roaming\VERIZON => Is moved successfully
 
==== End of Fixlog 10:00:32 ====
 
# AdwCleaner v5.035 - Logfile created 20/02/2016 at 10:13:10
# Updated 18/02/2016 by Xplode
# Database : 2016-02-20.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Marcella - MLAPTOP
# Running from : C:\Users\Marcella\Desktop\adwcleaner_5.035.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\Windows\SysNative\drivers\SPPD.sys
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : GoogleUpdateTaskUserS-1-5-21-2437430253-643367097-1623690150-1001Core
[-] Task Deleted : GoogleUpdateTaskUserS-1-5-21-2437430253-643367097-1623690150-1001Core
[-] Task Deleted : GoogleUpdateTaskUserS-1-5-21-2437430253-643367097-1623690150-1001UA
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\UpdateFiles
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1551 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Marcella (Administrator) on Sat 02/20/2016 at 10:17:45.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 10 
 
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Users\Marcella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SRN3GYDL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marcella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SXF5T2UY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marcella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W280EAG3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marcella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1UXK8PC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SRN3GYDL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SXF5T2UY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W280EAG3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1UXK8PC (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_70D8B263224B29A79F4A1182BC875E7A (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/20/2016 at 10:24:01.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/20/2016
Scan Time: 10:28 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.20.02
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marcella
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356921
Time Elapsed: 12 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR, Quarantined, [aa48006218814aecedf1f51a7391758b], 
 
Registry Values: 5
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130517620535283770, Quarantined, [d41eb6ac5643f1451ebfe02fe71df40c]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130517620535283770, Quarantined, [d9195e0454454fe7bc21e926a85c24dc]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130517620535283770, Quarantined, [82704f138910f640815cfd1214f023dd]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130517620535283770, Quarantined, [03ef72f04b4e8aacbe1f49c6689c31cf]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130517620535283770, Quarantined, [aa48006218814aecedf1f51a7391758b]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 21 February 2016 - 04:41 PM

Okay.

Step1:
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
 
Step 2:
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop
  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.
:hello:

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 chhines

chhines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 26 February 2016 - 06:47 PM

ComboFix 16-02-23.01 - Marcella 02/24/2016  22:32:40.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8079.5808 [GMT -7:00]
Running from: c:\users\Marcella\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6745\AddOnDownloaded\49f89ca5-aa70-4aab-9314-4a62fc1f0e87.dll
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-25 to 2016-02-25  )))))))))))))))))))))))))))))))
.
.
2016-02-25 05:55 . 2016-02-25 05:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-25 05:54 . 2016-02-25 05:54 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2DD6F7C-00CC-461D-B65C-45D1D8930469}\offreg.2412.dll
2016-02-25 02:55 . 2016-02-25 02:55 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-25 02:55 . 2016-02-25 05:11 -------- d-----w- c:\programdata\RogueKiller
2016-02-24 13:44 . 2016-02-24 13:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2DD6F7C-00CC-461D-B65C-45D1D8930469}\offreg.2912.dll
2016-02-23 13:59 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2DD6F7C-00CC-461D-B65C-45D1D8930469}\mpengine.dll
2016-02-20 17:27 . 2016-02-20 17:28 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-20 17:27 . 2016-02-20 17:27 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-02-20 17:27 . 2015-10-05 16:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-20 17:27 . 2015-10-05 16:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-20 17:27 . 2015-10-05 16:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-20 17:07 . 2016-02-20 17:13 -------- d-----w- C:\AdwCleaner
2016-02-20 17:00 . 2016-02-20 17:00 -------- d-----w- c:\users\Marcella\AppData\Roaming\VERIZON
2016-02-20 17:00 . 2016-02-20 17:00 -------- d-----w- c:\users\Marcella\AppData\Roaming\JRT Studio
2016-02-19 16:07 . 2016-02-19 16:07 57344 ----a-r- c:\users\Marcella\AppData\Roaming\Microsoft\Installer\{509E9FC8-0735-4FD8-BC9F-C6BD679790F7}\NewShortcut2_004CA6CE20F84A5EAA175F820D52B1AC.exe
2016-02-19 16:07 . 2016-02-19 16:07 53248 ----a-r- c:\users\Marcella\AppData\Roaming\Microsoft\Installer\{509E9FC8-0735-4FD8-BC9F-C6BD679790F7}\ARPPRODUCTICON.exe
2016-02-19 16:06 . 2016-02-19 16:06 57344 ----a-r- c:\users\Marcella\AppData\Roaming\Microsoft\Installer\{90ABC860-4B7B-4ABD-9004-88B1A459A456}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2016-02-19 16:06 . 2016-02-19 16:06 57344 ----a-r- c:\users\Marcella\AppData\Roaming\Microsoft\Installer\{90ABC860-4B7B-4ABD-9004-88B1A459A456}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2016-02-19 16:06 . 2016-02-19 16:06 53248 ----a-r- c:\users\Marcella\AppData\Roaming\Microsoft\Installer\{90ABC860-4B7B-4ABD-9004-88B1A459A456}\ARPPRODUCTICON.exe
2016-02-18 23:47 . 2016-02-18 23:47 202144 ----a-w- c:\windows\system32\drivers\zam64.sys
2016-02-18 23:47 . 2016-02-18 23:47 202144 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2016-02-18 23:47 . 2016-02-18 23:47 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2016-02-18 23:47 . 2016-02-18 23:47 -------- d-----w- c:\users\Marcella\AppData\Local\Zemana
2016-02-18 00:32 . 2016-02-20 17:00 -------- d-----w- C:\FRST
2016-02-15 03:32 . 2016-02-15 03:32 -------- d-----w- c:\program files\Common Files\AV
2016-02-15 03:03 . 2016-02-15 03:03 -------- d-----w- c:\programdata\AltrixSoft
2016-02-15 03:02 . 2016-02-19 01:21 -------- d-----w- C:\Program Files (x86)32
2016-02-15 03:02 . 2016-02-19 01:21 -------- d-----w- c:\program files (x86)\Common Files\AltrixSoft
2016-02-10 07:12 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-10 07:11 . 2016-01-16 19:01 2085888 ----a-w- c:\windows\system32\ole32.dll
2016-02-10 07:10 . 2016-01-22 05:19 3231232 ----a-w- c:\windows\explorer.exe
2016-02-10 07:10 . 2016-01-22 06:15 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-10 07:10 . 2016-01-22 06:12 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-10 07:10 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-02-10 07:10 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-02-10 07:10 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-01-28 22:51 . 2016-01-28 22:51 -------- d-----w- c:\programdata\PC-Doctor for Windows
2016-01-28 22:51 . 2016-01-28 22:51 -------- d-----w- c:\program files\Dell Support Center
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-23 13:42 . 2013-11-27 23:38 922392 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-02-10 10:10 . 2013-11-28 00:12 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-02-10 04:35 . 2013-11-12 19:59 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-10 04:35 . 2013-11-12 19:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-22 05:59 . 2016-02-10 07:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-08 21:54 . 2016-01-12 20:53 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-12 20:53 902144 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-12 20:53 815616 ----a-w- c:\windows\SysWow64\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-12 20:53 739328 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-12 20:53 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-12 20:53 740352 ----a-w- c:\windows\SysWow64\wmpmde.dll
2015-12-08 21:54 . 2016-01-12 20:53 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-12 20:53 1568768 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-12 20:53 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-12 20:53 1325056 ----a-w- c:\windows\SysWow64\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-12 20:53 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-12 20:53 154112 ----a-w- c:\windows\SysWow64\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-12 20:53 206848 ----a-w- c:\windows\SysWow64\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-12 20:53 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2015-12-08 21:53 . 2016-01-12 20:53 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-12-08 21:53 . 2016-01-12 20:53 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-12-08 21:53 . 2016-01-12 20:53 206848 ----a-w- c:\windows\SysWow64\qasf.dll
2015-12-08 21:53 . 2016-01-12 20:53 970240 ----a-w- c:\windows\SysWow64\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-12 20:53 829952 ----a-w- c:\windows\SysWow64\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-12 20:53 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-12 20:53 79872 ----a-w- c:\windows\SysWow64\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-12 20:53 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-12 20:53 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-12 20:53 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-12-08 21:53 . 2016-01-12 20:53 609280 ----a-w- c:\windows\SysWow64\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-12 20:53 53248 ----a-w- c:\windows\SysWow64\mfvdsp.dll
2015-12-08 21:53 . 2016-01-12 20:53 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2015-12-08 21:53 . 2016-01-12 20:53 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-12-08 21:53 . 2016-01-12 20:53 4608 ----a-w- c:\windows\SysWow64\ksuser.dll
2015-12-08 21:53 . 2016-01-12 20:53 489984 ----a-w- c:\windows\SysWow64\evr.dll
2015-12-08 21:53 . 2016-01-12 20:53 67584 ----a-w- c:\windows\SysWow64\devenum.dll
2015-12-08 21:53 . 2016-01-12 20:53 153600 ----a-w- c:\windows\SysWow64\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-12 20:53 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-12-08 21:53 . 2016-01-12 20:53 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2015-12-08 21:53 . 2016-01-12 20:53 193536 ----a-w- c:\windows\SysWow64\ksproxy.ax
2015-12-08 21:52 . 2016-01-12 20:51 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-12-08 21:50 . 2016-01-12 20:53 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-12-08 19:07 . 2016-01-12 20:53 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-08 19:07 . 2016-01-12 20:53 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-08 19:07 . 2016-01-12 20:53 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-08 19:07 . 2016-01-12 20:53 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-08 19:07 . 2016-01-12 20:53 1153024 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-08 19:07 . 2016-01-12 20:53 1026048 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-08 19:07 . 2016-01-12 20:53 642048 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-08 19:07 . 2016-01-12 20:53 447488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-08 19:07 . 2016-01-12 20:53 1955328 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-08 19:07 . 2016-01-12 20:53 1575424 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-08 19:07 . 2016-01-12 20:53 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-08 19:07 . 2016-01-12 20:53 292352 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-08 19:07 . 2016-01-12 20:53 378880 ----a-w- c:\windows\system32\SysFxUI.dll
2015-12-08 19:07 . 2016-01-12 20:53 225792 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-08 19:07 . 2016-01-12 20:53 624640 ----a-w- c:\windows\system32\qedit.dll
2015-12-08 19:07 . 2016-01-12 20:53 1573888 ----a-w- c:\windows\system32\quartz.dll
2015-12-08 19:07 . 2016-01-12 20:53 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-12-08 19:07 . 2016-01-12 20:53 254464 ----a-w- c:\windows\system32\qasf.dll
2015-12-08 19:07 . 2016-01-12 20:53 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
2015-12-08 19:07 . 2016-01-12 20:53 1160192 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-08 19:07 . 2016-01-12 20:53 4121600 ----a-w- c:\windows\system32\mf.dll
2015-12-08 19:07 . 2016-01-12 20:53 1010688 ----a-w- c:\windows\system32\mcmde.dll
2015-12-08 19:07 . 2016-01-12 20:53 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-08 19:07 . 2016-01-12 20:53 484864 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-08 19:07 . 2016-01-12 20:53 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-12-08 19:07 . 2016-01-12 20:53 70144 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-08 19:07 . 2016-01-12 20:53 224768 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-08 19:07 . 2016-01-12 20:53 223744 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-08 19:07 . 2016-01-12 20:53 206848 ----a-w- c:\windows\system32\mfps.dll
2015-12-08 19:07 . 2016-01-12 20:53 100864 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-08 19:07 . 2016-01-12 20:53 5120 ----a-w- c:\windows\system32\ksuser.dll
2015-12-08 19:07 . 2016-01-12 20:53 632320 ----a-w- c:\windows\system32\evr.dll
2015-12-08 19:07 . 2016-01-12 20:51 405504 ----a-w- c:\windows\system32\gdi32.dll
2015-12-08 19:07 . 2016-01-12 20:53 76288 ----a-w- c:\windows\system32\devenum.dll
2015-12-08 19:07 . 2016-01-12 20:53 189952 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-08 19:07 . 2016-01-12 20:53 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-12-08 19:06 . 2016-01-12 20:53 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-12-08 19:06 . 2016-01-12 20:53 250880 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-08 19:04 . 2016-01-12 20:53 2048 ----a-w- c:\windows\system32\mferror.dll
2015-12-08 18:54 . 2016-01-12 20:53 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-08 18:12 . 2016-01-12 20:53 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-12-08 18:11 . 2016-01-12 20:53 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2015-12-08 04:43 . 2015-12-22 23:50 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2015-12-08 04:43 . 2015-12-22 23:50 113408 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2015-12-02 20:18 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-02-23 13:45 1741104 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-02-23 13:45 1741104 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-02-23 13:45 1741104 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 7520 series (NET)"="c:\program files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"PCShowServer"="c:\users\Marcella\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2015-05-22 1631520]
"Octoshape Streaming Services"="c:\users\Marcella\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2014-08-01 500016]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2016-01-28 1403304]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-29 1011200]
"GoogleChromeAutoLaunch_70D8B263224B29A79F4A1182BC875E7A"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-02-18 746648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-22 292088]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-10-13 60688]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
"WDAppManager"="c:\program files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe" [2015-09-10 14688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2016-01-28 1403304]
.
c:\users\Marcella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneDrive for Business.lnk - c:\program files\Microsoft Office 15\root\office15\groove.exe /RunFolderSync /TrayOnly [2016-2-23 13939456]
Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\frst\Quarantine\C\Users\Marcella\AppData\Roaming\VERIZON\UA_ar\UA.exe [2016-2-14 1297584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSyncr.lnk - c:\windows\Installer\{3A65FA92-8688-432C-9A24-6F99818BAAB2}\_E9582272BEF1788D305739.exe [2015-8-14 66339]
Outlook 2013.lnk - c:\program files\Microsoft Office 15\root\office15\OUTLOOK.EXE [2016-2-23 27128008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe  [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-20 14:02 1088664 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-02-23 13:45 2348336 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-02-23 13:45 2348336 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-02-23 13:45 2348336 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-28 7191768]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-06-28 1321176]
"RtHDVBg_PushButton"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-06-28 1321176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-16 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-16 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-16 441888]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-06-01 11406640]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-10-16 170256]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2016-02-19 12831984]
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: dell.com
Trusted Zone: sharepoint.com\secureservernet
Trusted Zone: sharepoint.com\secureservernet-my
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Marcella\AppData\Roaming\Mozilla\Firefox\Profiles\94i5ztvp.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{0733d53f-b41d-47cc-b336-d95751c4b2cb} - c:\programdata\Package Cache\{0733d53f-b41d-47cc-b336-d95751c4b2cb}\GarminExpressInstaller.exe
AddRemove-{2E55EEFD-2162-4A7D-9158-EDB0305603A6} - c:\programdata\{010DD54D-6F97-418D-BC47-2089F30A0075}\DDV.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{d754cb4c-5acb-4fd1-8e64-a3b76455885d} - c:\programdata\Package Cache\{d754cb4c-5acb-4fd1-8e64-a3b76455885d}\WD Sync Setup.exe
AddRemove-{deff5bea-aa8c-46fb-b17d-1cc69b242494} - c:\programdata\Package Cache\{deff5bea-aa8c-46fb-b17d-1cc69b242494}\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-02-24  23:00:33
ComboFix-quarantined-files.txt  2016-02-25 06:00
.
Pre-Run: 784,096,112,640 bytes free
Post-Run: 783,665,291,264 bytes free
.
- - End Of File - - 94045FA9B3FD1E320C65C00B6B18C7CC
5C616939100B85E558DA92B899A0FC36
 
RogueKiller V11.0.13.0 [Feb 22 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Marcella [Administrator]
Started from : C:\Users\Marcella\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/26/2016 08:43:56
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BridgeMP (system32\DRIVERS\bridge.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\ComboFix\catchme.sys) -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA ST1000LM024 HN-M SCSI Disk Device +++++
--- User ---
[MBR] f191adb8354c374a0104ebed58dc9bc6
[BSP] c7f26583a4ec2bdb0569461826e49c07 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 45518848 | Size: 931642 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 


#10 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 27 February 2016 - 10:29 AM

Good job :thumbup2:

 

''C:\Program Files (x86)32''

 

Can you see this folder ? But, It may have been deleted !

=========================================================

Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 73
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

===================================================================================

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

=========================================================================

How is the machine running now and any issues ? Please let me know.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 chhines

chhines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 28 February 2016 - 06:55 AM

Machine is running about the same pace it was at the start of this... constant "not responding" in Chrome, general slowness in everything else.  Pasting the one line of text for the ESET result hung for 3-4 seconds.

 

Java was updated, ESET only found something I'd already quarantined.  

 

C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\SPPD.sys.vir a variant of Win64/Conduit.SearchProtect.C potentially unwanted application cleaned by deleting


#12 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 28 February 2016 - 08:35 PM

''C:\Program Files (x86)32''

 

Can you see this folder ?

==========================================================

 

Step 1:

 

For Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings

https://support.google.com/chrome/answer/3296214?hl=en

 

Please chrome check and  remove all extensions

 

Step 2:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   108 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

How is Chrome browser now and any issue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 chhines

chhines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 04 March 2016 - 02:48 PM

Done.  But the issue isn't just Chrome.. the whole computer is sluggish all the time.  Followed the steps, here's the Zeok report

 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Marcella on Fri 03/04/2016 at  9:15:48.30.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcella\Desktop\zoek.exe [Scan all users]  
Script used: C:\Users\Marcella\Downloads\zoekscript.txt
 
==== System Restore Info ======================
 
3/4/2016 9:18:32 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Zemana AntiMalware deleted successfully
C:\PROGRA~2\COMMON~1\AltrixSoft deleted successfully
C:\Program Files\office.tmp deleted successfully
C:\Users\Marcella\AppData\Roaming\JRT Studio deleted successfully
C:\Users\Marcella\AppData\Local\Intel WiDi deleted successfully
C:\Users\Marcella\AppData\Local\Skype deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Marcella\AppData\Roaming\Mozilla\Firefox\Profiles\94i5ztvp.default\prefs.js:
 
Added to C:\Users\Marcella\AppData\Roaming\Mozilla\Firefox\Profiles\94i5ztvp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
ProfilePath: C:\Users\Marcella\AppData\Roaming\Mozilla\Firefox\Profiles\94i5ztvp.default
 
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20160304_0930_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Zemana AntiMalware not found
C:\Users\Marcella\Downloads\CatalinaSavingsPrinter.exe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Marcella\AppData\Roaming\Mozilla\Firefox\Profiles\94i5ztvp.default\Yahoo Inc deleted
"C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\yahoo.xml" deleted
 
==== Orphaned Tasks deleted from Registry ======================
 
Carbonite Installer - Start Carbonite UI deleted
Dell Digital Delivery Service One-Time Delayed Start deleted
SystemToolsDailyTest_once deleted
tmpA1BB deleted
{52CF4EF4-80D7-450F-B9AA-2C36A38F928B} deleted
{6E8DC80A-1C69-43AB-BDCF-2F4A22DE99EC} deleted
{FC721AA9-E0B8-41DD-8A06-747E46DACB3F} deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Marcella\AppData\Roaming\Mozilla\Firefox\Profiles\94i5ztvp.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/08/2016 10:47 AM]
 
The Weather Channel for Chrome - Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop
Window Resizer - Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{435E622A-9146-4C26-B116-01FD096DFE79}"
HKLM\SearchScopes\{435E622A-9146-4C26-B116-01FD096DFE79} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{435E622A-9146-4C26-B116-01FD096DFE79}"
HKLM\Wow6432Node\SearchScopes\{435E622A-9146-4C26-B116-01FD096DFE79} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
 
==== Reset Google Chrome ======================
 
C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully
C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bak was reset successfully
C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=6 folders=2 3873132 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Marcella\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Marcella\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
 
==== EOF on Fri 03/04/2016 at  9:44:41.46 ======================
 


#14 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 04 March 2016 - 07:48 PM

But the issue isn't just Chrome.. the whole computer is sluggish all the time.

 

Please post a fresh FRST.Logs for my check


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 chhines

chhines
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 09 March 2016 - 11:49 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Marcella (administrator) on MLAPTOP (09-03-2016 09:09:44)
Running from C:\Users\Marcella\Desktop
Loaded Profiles: Marcella (Available Profiles: Marcella)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Cisco) C:\Users\Marcella\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Octoshape ApS) C:\Users\Marcella\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Users\Marcella\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(JRT Studio LLC) C:\Program Files (x86)\JRT Studio\iSyncr\iSyncr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Sync\App\WDSyncService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-09-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [PCShowServer] => C:\Users\Marcella\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631520 2015-05-21] (Cisco)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Marcella\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk [2015-08-14]
ShortcutTarget: iSyncr.lnk -> C:\Windows\Installer\{3A65FA92-8688-432C-9A24-6F99818BAAB2}\_E9582272BEF1788D305739.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk [2013-11-27]
ShortcutTarget: Outlook 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation)
Startup: C:\Users\Marcella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2015-04-28]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{28560466-6F7A-4645-8CF1-78B22E8823B9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EBA351CA-E83A-4BA5-BBE0-DBC647A4EA11}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2437430253-643367097-1623690150-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2437430253-643367097-1623690150-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-27] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-27] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-06-07] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Marcella\AppData\Roaming\Mozilla\Firefox\Profiles\94i5ztvp.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-07] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-06-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2437430253-643367097-1623690150-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Marcella\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2437430253-643367097-1623690150-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Marcella\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2437430253-643367097-1623690150-1001: @talk.google.com/O1DPlugin -> C:\Users\Marcella\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2437430253-643367097-1623690150-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2437430253-643367097-1623690150-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Marcella\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Marcella\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Marcella\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-09-19] (Octoshape ApS)
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
 
Chrome: 
=======
CHR Profile: C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-04]
CHR Extension: (Google Docs) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-04]
CHR Extension: (Google Drive) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Google Search) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04]
CHR Extension: (Google Sheets) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-04]
CHR Extension: (Skype) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-04]
CHR Extension: (Gmail) - C:\Users\Marcella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [745224 2015-12-07] (DEVGURU Co., LTD.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-12] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-26] ()
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 09:09 - 2016-03-09 09:20 - 00025737 _____ C:\Users\Marcella\Desktop\FRST.txt
2016-03-09 09:09 - 2016-03-09 09:09 - 02374144 _____ (Farbar) C:\Users\Marcella\Desktop\FRST64.exe
2016-03-09 09:09 - 2016-03-09 09:09 - 00000000 ____D C:\Users\Marcella\Desktop\FRST-OlderVersion
2016-03-09 09:08 - 2016-03-09 09:08 - 02374144 _____ (Farbar) C:\Users\Marcella\Downloads\FRST64 (1).exe
2016-03-09 06:25 - 2016-03-09 06:33 - 24088652 _____ C:\Users\Marcella\Desktop\HinesBoys.zip
2016-03-04 12:46 - 2016-03-04 12:46 - 00000188 _____ C:\Users\Marcella\Downloads\zoekscript.txt
2016-03-04 09:46 - 2016-03-04 09:46 - 00000000 ____D C:\Users\Marcella\AppData\Roaming\JRT Studio
2016-03-04 09:33 - 2016-03-04 09:15 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-03-04 09:09 - 2016-03-04 09:42 - 00000000 ____D C:\zoek_backup
2016-03-02 09:29 - 2016-03-02 09:29 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-03-02 09:29 - 2016-03-02 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-02 09:28 - 2016-03-02 09:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-03-02 09:24 - 2016-03-02 09:24 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-02 09:24 - 2016-03-02 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-02 09:21 - 2016-03-02 09:24 - 00000000 ____D C:\Program Files\iTunes
2016-03-02 09:21 - 2016-03-02 09:21 - 00000000 ____D C:\Program Files\iPod
2016-03-02 09:21 - 2016-03-02 09:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-02 09:02 - 2016-03-02 09:02 - 00054953 _____ C:\Users\Marcella\Downloads\Food Guide and Schedule.pdf
2016-03-01 06:45 - 2016-03-01 06:45 - 00023302 _____ C:\Users\Marcella\Downloads\Hines-Song1 (3).pdf
2016-03-01 06:45 - 2016-03-01 06:45 - 00022900 _____ C:\Users\Marcella\Downloads\Hines-Song2 (2).pdf
2016-02-28 05:52 - 2016-02-28 05:52 - 00003472 ____N C:\bootsqm.dat
2016-02-28 04:54 - 2016-02-28 04:54 - 00003260 _____ C:\Windows\System32\Tasks\{442C4F30-AFA8-4CA2-BB88-ED9051ABB74F}
2016-02-27 10:19 - 2016-02-27 10:19 - 02870984 _____ (ESET) C:\Users\Marcella\Downloads\esetsmartinstaller_enu.exe
2016-02-27 10:16 - 2016-02-27 10:16 - 00000000 ____D C:\Users\Marcella\AppData\Roaming\Sun
2016-02-27 10:16 - 2016-02-27 10:16 - 00000000 ____D C:\Users\Marcella\.oracle_jre_usage
2016-02-27 10:12 - 2016-02-27 10:12 - 00734816 _____ (Oracle Corporation) C:\Users\Marcella\Downloads\jre-8u73-windows-i586-iftw.exe
2016-02-27 10:12 - 2016-02-27 10:12 - 00000000 ____D C:\Users\Marcella\AppData\LocalLow\Oracle
2016-02-26 12:57 - 2016-02-26 12:57 - 00000000 ____D C:\Users\Marcella\AppData\Local\CrashDumps
2016-02-24 23:00 - 2016-02-24 23:00 - 00039350 _____ C:\ComboFix.txt
2016-02-24 22:30 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2016-02-24 22:30 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2016-02-24 22:30 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-02-24 22:30 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-02-24 22:30 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-02-24 22:30 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2016-02-24 22:30 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2016-02-24 22:30 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2016-02-24 22:28 - 2016-02-24 23:00 - 00000000 ____D C:\Qoobox
2016-02-24 22:26 - 2016-02-24 22:58 - 00000000 ____D C:\Windows\erdnt
2016-02-24 19:55 - 2016-02-26 06:53 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-24 19:55 - 2016-02-24 22:11 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-21 14:32 - 2016-02-21 14:32 - 00058788 _____ C:\Users\Marcella\Downloads\Art and Sensory Ideas.pdf
2016-02-21 09:02 - 2016-02-21 09:02 - 00022900 _____ C:\Users\Marcella\Downloads\Hines-Song2 (1).pdf
2016-02-20 12:55 - 2016-03-08 12:59 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-02-20 10:26 - 2016-02-20 10:26 - 22908888 _____ (Malwarebytes ) C:\Users\Marcella\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-20 10:07 - 2016-02-20 10:13 - 00000000 ____D C:\AdwCleaner
2016-02-20 10:00 - 2016-03-09 06:34 - 00303104 ___SH C:\Users\Marcella\Desktop\Thumbs.db
2016-02-20 10:00 - 2016-02-28 04:59 - 00000000 ____D C:\Users\Marcella\AppData\Roaming\VERIZON
2016-02-20 09:40 - 2016-02-20 09:40 - 00006503 _____ C:\Users\Marcella\Downloads\Fixlist.txt
2016-02-20 09:27 - 2016-02-20 09:27 - 00134774 _____ C:\Users\Marcella\Downloads\hosts.zip
2016-02-18 18:02 - 2016-02-18 18:02 - 00000746 _____ C:\Users\Marcella\Downloads\Reminder.ics
2016-02-18 16:47 - 2016-02-28 04:57 - 00004317 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-02-18 16:47 - 2016-02-28 02:02 - 00003901 _____ C:\Windows\ZAM.krnl.trace
2016-02-18 16:47 - 2016-02-18 16:47 - 00000000 ____D C:\Users\Marcella\AppData\Local\Zemana
2016-02-18 16:15 - 2016-02-18 16:15 - 00000000 ____D C:\Users\Marcella\Documents\Custom Office Templates
2016-02-17 17:32 - 2016-03-09 09:09 - 00000000 ____D C:\FRST
2016-02-17 17:31 - 2016-02-17 17:32 - 02371072 _____ (Farbar) C:\Users\Marcella\Downloads\FRST64.exe
2016-02-17 16:49 - 2016-02-17 16:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marcella\Downloads\HijackThis.exe
2016-02-14 20:32 - 2016-02-14 20:32 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-14 20:03 - 2016-02-14 20:03 - 00000000 ____D C:\ProgramData\AltrixSoft
2016-02-14 19:57 - 2016-02-14 20:02 - 02782144 _____ (AltrixSoft) C:\Users\Marcella\Downloads\hddinsp.exe
2016-02-14 19:56 - 2016-02-14 19:56 - 01735313 _____ C:\Users\Marcella\Downloads\Hutil210_iso_for_CDROM_drive.zip
2016-02-12 08:43 - 2016-02-12 08:44 - 00000000 ____D C:\Users\Marcella\Documents\Remedia Publications_Former Work2
2016-02-12 06:55 - 2016-02-13 06:32 - 00000000 ____D C:\Users\Marcella\Documents\Remedia Publications_Former Work
2016-02-10 00:14 - 2016-02-06 03:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 00:14 - 2016-02-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 00:14 - 2016-02-06 03:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 00:14 - 2016-02-06 03:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 00:14 - 2016-02-06 03:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 00:14 - 2016-02-06 03:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 00:14 - 2016-02-06 02:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 00:14 - 2016-02-06 02:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 00:14 - 2016-02-06 02:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 00:14 - 2016-02-06 02:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 00:14 - 2016-02-06 02:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 00:14 - 2016-02-06 02:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 00:14 - 2016-02-06 02:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 00:14 - 2016-02-06 01:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 00:14 - 2016-01-16 12:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 00:14 - 2016-01-16 11:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 00:14 - 2016-01-11 07:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 00:14 - 2016-01-11 07:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 00:14 - 2016-01-11 07:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 00:14 - 2016-01-11 07:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 00:14 - 2016-01-11 07:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 00:14 - 2016-01-06 12:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 00:14 - 2016-01-06 12:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-10 00:14 - 2016-01-06 11:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 00:13 - 2016-01-22 13:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 00:13 - 2016-01-22 13:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 00:13 - 2016-01-21 23:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 00:13 - 2016-01-21 23:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 00:13 - 2016-01-21 23:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 00:13 - 2016-01-21 23:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 00:13 - 2016-01-21 23:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 00:13 - 2016-01-21 23:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 00:13 - 2016-01-21 23:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 00:13 - 2016-01-21 23:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 00:13 - 2016-01-21 23:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 00:13 - 2016-01-21 23:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 00:13 - 2016-01-21 23:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 00:13 - 2016-01-21 23:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 00:13 - 2016-01-21 23:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 00:13 - 2016-01-21 23:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 00:13 - 2016-01-21 23:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 00:13 - 2016-01-21 23:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 00:13 - 2016-01-21 23:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 00:13 - 2016-01-21 23:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 00:13 - 2016-01-21 23:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 00:13 - 2016-01-21 23:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 00:13 - 2016-01-21 23:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 00:13 - 2016-01-21 23:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 00:13 - 2016-01-21 23:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 00:13 - 2016-01-21 23:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 00:13 - 2016-01-21 23:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 00:13 - 2016-01-21 22:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 00:13 - 2016-01-21 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 00:13 - 2016-01-21 22:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 00:13 - 2016-01-21 22:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 00:13 - 2016-01-21 22:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 00:13 - 2016-01-21 22:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 00:13 - 2016-01-21 22:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 00:13 - 2016-01-21 22:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 00:13 - 2016-01-21 22:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 00:13 - 2016-01-21 22:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 00:13 - 2016-01-21 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 00:13 - 2016-01-21 22:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 00:13 - 2016-01-21 22:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 00:13 - 2016-01-21 22:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 00:13 - 2016-01-21 22:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 00:13 - 2016-01-21 22:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 00:13 - 2016-01-21 22:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 00:13 - 2016-01-21 22:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 00:13 - 2016-01-21 22:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 00:13 - 2016-01-21 22:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 00:13 - 2016-01-21 22:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 00:13 - 2016-01-21 22:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 00:13 - 2016-01-21 22:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 00:13 - 2016-01-21 22:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 00:13 - 2016-01-21 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 00:12 - 2016-01-11 12:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 00:12 - 2016-01-11 12:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 00:12 - 2016-01-11 12:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 00:12 - 2016-01-11 11:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-10 00:12 - 2016-01-11 11:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 00:12 - 2016-01-11 11:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 00:12 - 2016-01-11 11:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 00:12 - 2016-01-11 11:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 00:12 - 2016-01-11 11:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-10 00:12 - 2016-01-11 11:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 00:12 - 2016-01-11 11:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-10 00:12 - 2016-01-11 11:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-10 00:12 - 2016-01-11 11:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 00:12 - 2016-01-11 11:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 00:12 - 2016-01-11 11:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 00:12 - 2016-01-11 11:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-10 00:12 - 2016-01-07 10:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 00:12 - 2016-01-07 10:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 00:12 - 2015-12-20 11:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-10 00:12 - 2015-12-20 11:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 00:12 - 2015-12-20 07:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 00:11 - 2016-01-21 23:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 00:11 - 2016-01-21 23:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 00:11 - 2016-01-21 23:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 00:11 - 2016-01-21 23:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 00:11 - 2016-01-21 23:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 00:11 - 2016-01-21 23:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 00:11 - 2016-01-21 23:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 00:11 - 2016-01-21 23:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 00:11 - 2016-01-21 23:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 00:11 - 2016-01-21 23:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 00:11 - 2016-01-21 23:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 00:11 - 2016-01-21 23:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 00:11 - 2016-01-21 23:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 00:11 - 2016-01-21 23:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 00:11 - 2016-01-21 23:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 00:11 - 2016-01-21 23:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 00:11 - 2016-01-21 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 00:11 - 2016-01-21 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 00:11 - 2016-01-21 23:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 00:11 - 2016-01-21 23:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 00:11 - 2016-01-21 23:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 00:11 - 2016-01-21 23:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 00:11 - 2016-01-21 23:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 00:11 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 00:11 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 00:11 - 2016-01-21 23:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 23:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 00:11 - 2016-01-21 23:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 00:11 - 2016-01-21 23:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 00:11 - 2016-01-21 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 00:11 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 00:11 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 00:11 - 2016-01-21 23:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 00:11 - 2016-01-21 22:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 00:11 - 2016-01-21 22:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 00:11 - 2016-01-21 22:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 00:11 - 2016-01-21 21:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 00:11 - 2016-01-21 21:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 00:11 - 2016-01-21 21:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 00:11 - 2016-01-21 21:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 00:11 - 2016-01-21 21:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 00:11 - 2016-01-21 21:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 00:11 - 2016-01-21 21:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 00:11 - 2016-01-21 21:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 00:11 - 2016-01-21 21:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 00:11 - 2016-01-21 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 00:11 - 2016-01-21 21:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 21:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 21:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 00:11 - 2016-01-21 21:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 00:11 - 2016-01-16 12:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 00:11 - 2016-01-16 11:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 00:10 - 2016-01-21 23:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-10 00:10 - 2016-01-21 23:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 00:10 - 2016-01-21 23:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 00:10 - 2016-01-21 23:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-10 00:10 - 2016-01-21 22:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 00:10 - 2016-01-21 22:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 00:10 - 2016-01-21 22:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 09:07 - 2013-12-02 16:32 - 00000000 ____D C:\Users\Marcella\Documents\Outlook Files
2016-03-09 06:36 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-09 06:36 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-09 06:28 - 2013-11-27 22:06 - 00000000 ____D C:\Users\Marcella\Documents\Groceries
2016-03-09 06:15 - 2013-12-01 08:35 - 00000000 ____D C:\Users\Marcella\Documents\JRT Studio
2016-03-09 06:11 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-06 10:01 - 2013-11-27 22:07 - 00000000 ____D C:\Users\Marcella\Documents\Misc
2016-03-05 15:42 - 2009-07-13 22:13 - 00826198 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-05 15:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-03-04 09:10 - 2013-12-26 20:49 - 00000000 ____D C:\Users\Marcella\SkyDrive @ Go Daddy.com, LLC, A Delaware Company
2016-03-04 09:08 - 2003-01-24 00:11 - 01309184 _____ C:\Users\Marcella\Desktop\zoek.exe
2016-03-03 08:00 - 2015-10-30 02:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-03 07:22 - 2011-02-10 07:02 - 00000000 ____D C:\Windows\panther
2016-03-02 09:21 - 2013-11-30 19:48 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-02-28 05:05 - 2014-01-27 16:22 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-02-28 05:01 - 2014-01-27 16:31 - 00000000 ____D C:\Program Files (x86)\Logitech
2016-02-27 10:19 - 2015-01-08 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-27 10:19 - 2015-01-08 23:06 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-27 10:16 - 2013-11-27 16:23 - 00000000 ____D C:\Users\Marcella
2016-02-27 10:15 - 2015-01-08 23:06 - 00278624 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-02-27 10:15 - 2015-01-08 23:06 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-27 10:14 - 2014-01-01 14:34 - 00000000 ____D C:\ProgramData\Oracle
2016-02-26 03:04 - 2015-04-04 14:39 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-26 03:03 - 2015-04-04 14:39 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 22:55 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2016-02-23 07:44 - 2014-06-07 14:21 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-23 07:35 - 2014-06-07 14:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-20 09:44 - 2015-08-30 15:23 - 00000000 ____D C:\Users\Marcella\AppData\LocalLow\Temp
2016-02-20 07:23 - 2013-11-30 19:01 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-18 06:01 - 2014-06-01 07:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-17 17:30 - 2014-06-01 07:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-17 09:56 - 2016-01-12 08:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-16 09:36 - 2013-11-27 22:06 - 00000000 ____D C:\Users\Marcella\Documents\Work
2016-02-16 09:26 - 2014-09-28 19:04 - 00000000 ____D C:\Users\Marcella\Documents\The Tagalongs
2016-02-16 09:23 - 2013-11-27 22:07 - 00000000 ____D C:\Users\Marcella\Documents\Job Docs
2016-02-16 09:20 - 2013-11-27 22:06 - 00000000 ____D C:\Users\Marcella\Documents\House
2016-02-16 09:19 - 2013-11-27 22:06 - 00000000 ____D C:\Users\Marcella\Documents\Health
2016-02-16 06:57 - 2013-11-27 22:18 - 00000000 ____D C:\Users\Marcella\Documents\Fitness
2016-02-16 06:55 - 2013-11-27 22:05 - 00000000 ____D C:\Users\Marcella\Documents\Central Christian Church
2016-02-16 06:53 - 2013-11-27 22:05 - 00000000 ____D C:\Users\Marcella\Documents\Celebrations & Holidays
2016-02-14 21:34 - 2014-06-07 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-14 20:28 - 2013-12-01 17:34 - 00000000 ____D C:\Users\Marcella\AppData\Local\Windows Live
2016-02-14 20:27 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-14 20:13 - 2014-11-02 10:36 - 00000000 ____D C:\Program Files (x86)\Swapper
2016-02-13 19:20 - 2016-01-02 10:22 - 00000000 ____D C:\.WDTemp
2016-02-12 06:48 - 2013-11-27 22:07 - 00000000 ____D C:\Users\Marcella\Documents\Money Stuff
2016-02-12 06:48 - 2013-11-27 22:06 - 00000000 ____D C:\Users\Marcella\Documents\Letters, Essays, & Speeches
2016-02-10 05:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-02-10 03:39 - 2009-07-13 21:45 - 00437872 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 03:35 - 2014-12-12 18:55 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 03:35 - 2014-05-06 17:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 03:35 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 03:20 - 2013-11-27 17:12 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 03:10 - 2013-11-27 17:12 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-09 21:36 - 2013-11-12 12:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 21:35 - 2013-11-12 12:59 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 21:35 - 2013-11-12 12:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-20 11:07
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Marcella (2016-03-09 09:20:45)
Running from C:\Users\Marcella\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-27 23:23:15)
Boot Mode: Normal
==========================================================
 
 
===========
 
========= Accounts: =============================
 
Administrator (S-1-5-21-2437430253-643367097-1623690150-500 - Administrator - Disabled)
Guest (S-1-5-21-2437430253-643367097-1623690150-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2437430253-643367097-1623690150-1005 - Limited - Enabled)
Marcella (S-1-5-21-2437430253-643367097-1623690150-1001 - Administrator - Enabled) => C:\Users\Marcella
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dell Custom Help (Version: 15.08.0000.0172 - Intel Corporation) Hidden
Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
DIRECTV Player (HKLM-x32\...\{d5698223-16c2-4651-a518-092994329493}) (Version: 12.1 - DIRECTV)
Dropbox (HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Apps Migration For Microsoft Outlook® 4.0.27.0 (HKLM\...\{041086FE-FF02-47FD-A0E7-F8B5AB23773A}) (Version: 4.0.27.0 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.8.440.1250 (HKLM\...\{F73DF121-B04F-4709-B2B6-7E8B13999AF8}) (Version: 3.8.440.1250 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Infinite HD™ App (HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{B9EE2364-A67C-40DD-8413-495E2C7FBCD0}) (Version: 2.1.2.0206 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{deff5bea-aa8c-46fb-b17d-1cc69b242494}) (Version: 15.8.0 - Intel Corporation)
iSyncr (HKLM-x32\...\{3A65FA92-8688-432C-9A24-6F99818BAAB2}) (Version: 5.0.9 - JRT Studio)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.58.0 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SyncFileSetup (x86) (x32 Version: 1.1.5731.17046 - Western Digital Technologies, Inc) Hidden
WD Sync (HKLM-x32\...\{d754cb4c-5acb-4fd1-8e64-a3b76455885d}) (Version: 1.1.5731.17046 - Western Digital Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marcella\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marcella\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2437430253-643367097-1623690150-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcella\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {043AFBF6-FA05-4FA2-BA5E-B7AD1294D111} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1528C307-9506-44F2-B97A-3B435DE7689F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2722953D-8D21-4783-8255-4219616CF2D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {2806D0B7-76D7-4306-8EC7-4714D7A3B24F} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {3477663C-F842-49CA-A6CE-FC333158DF02} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {4A7D23BC-3955-4EC3-946B-3DF51EB2A4C3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {4B50D6B8-9458-443C-B8B8-CB00C5641E50} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation)
Task: {5C1DF4C9-152C-46FA-B3CC-D866668A31D7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6F1363DF-955A-44BD-AD33-24EA9DDE5ECE} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {74D73891-E3BD-454F-8F5B-5834466ADC80} - System32\Tasks\{442C4F30-AFA8-4CA2-BB88-ED9051ABB74F} => pcalua.exe -a "C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe" -d "C:\Program Files (x86)\ESET\ESET Online Scanner"
Task: {7CB72736-6BF2-494F-B336-A52B15CCC164} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {807968E0-5928-42BA-8B04-F2E151068D23} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {875ADAC5-4E75-4B32-9F9B-B7CE264D4F20} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
Task: {88BD7D30-27EC-42BD-871C-0175C25AC450} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {94CD78B3-2B5E-46E5-8CAF-C47F745748EF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-23] (Microsoft Corporation)
Task: {A29E6711-EA01-42D0-AEF6-DE29D197A25A} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {A38078AE-7F1B-4399-AE7B-95662E1C9611} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {B7D7FA62-80C7-4B7A-994C-469F617F5678} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MLaptop-Marcella MLaptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2016-02-23] (Microsoft Corporation)
Task: {BBE750E7-7456-402A-8C3D-872AFB36C112} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation)
Task: {C1D5CEA2-3C24-45F8-ADD6-D9B92F588FD0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {C8B845F8-950B-446D-A2C3-366A9226DF97} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {CF20B312-C80A-4603-87CB-1434752DF573} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {E728F910-26DF-4623-BCC0-E1765EF5D2B5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-12 14:20 - 2012-10-16 03:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-21 19:09 - 2015-05-21 19:09 - 01383192 _____ () C:\Users\Marcella\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2014-06-07 14:17 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-02-23 06:41 - 2016-02-23 06:41 - 00402624 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream64.dll
2014-08-26 17:58 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
2014-08-26 17:58 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-05-21 19:09 - 2015-05-21 19:09 - 11422992 _____ () C:\Users\Marcella\AppData\Local\DIRECTV Player\PCShowServer.dll
2015-05-21 19:09 - 2015-05-21 19:09 - 03300112 _____ () C:\Users\Marcella\AppData\Local\DIRECTV Player\DrmSingleton.dll
2015-05-21 19:10 - 2015-05-21 19:10 - 00339216 _____ () C:\Users\Marcella\AppData\Local\DIRECTV Player\ndsLogStore.dll
2015-05-21 19:09 - 2015-05-21 19:09 - 02099992 _____ () C:\Users\Marcella\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2015-05-21 19:09 - 2015-05-21 19:09 - 08345872 _____ () C:\Users\Marcella\AppData\Local\DIRECTV Player\gsttspplugin.dll
2015-05-21 19:09 - 2015-05-21 19:09 - 00688920 _____ () C:\Users\Marcella\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2015-05-21 19:10 - 2015-05-21 19:10 - 01403144 _____ () C:\Users\Marcella\AppData\Local\DIRECTV Player\libxml2-2.dll
2015-05-21 19:10 - 2015-05-21 19:10 - 00091896 _____ () C:\Users\Marcella\AppData\Local\DIRECTV Player\z.dll
2016-02-10 03:11 - 2016-02-10 03:11 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\8007d6b71ab229e6600edb7590eacde9\PSIClient.ni.dll
2013-11-12 13:06 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-08-26 17:58 - 2015-09-01 05:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-02-20 07:20 - 2016-02-17 21:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-20 07:20 - 2016-02-17 21:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more sites.
 
IE trusted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\sharepoint.com -> hxxps://secureservernet.sharepoint.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2437430253-643367097-1623690150-1001\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2016-02-24 22:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2437430253-643367097-1623690150-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcella\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4F2FD1D9-4303-434B-9C6C-E570FAF20DED}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{693AB381-244F-4F69-A1C1-E77D2F137331}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{6BF4C3B0-4691-491B-83EC-9E63953265D5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CC307F50-0C9B-4F26-9646-A1ADB9763E55}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Allow) C:\program files (x86)\jrt studio\isyncr\isyncr.exe
FirewallRules: [UDP Query User{0AAAD26C-4EB3-4566-BFA5-F03D63FE56D8}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Allow) C:\program files (x86)\jrt studio\isyncr\isyncr.exe
FirewallRules: [{BC143D76-5BAD-4F3C-8985-C6412AB3AB11}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe
FirewallRules: [{35CD802D-DEDE-4BA3-909B-F4768C9B5159}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe
FirewallRules: [{F85BFF66-3EF3-433E-9F82-729BB0A8C8CB}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe
FirewallRules: [{EAA41CB9-7F97-4841-8EC8-2708FE007DBA}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe
FirewallRules: [{557386E0-6F41-4C20-8A14-D203F1FF52A8}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{94571C6A-B900-4BC2-86C5-7D493975D6B9}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{F53D7D68-42EB-4CBC-A44A-78503E38BC0C}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Block) C:\program files (x86)\jrt studio\isyncr\isyncr.exe
FirewallRules: [UDP Query User{02A95908-0417-40EE-9BCC-71ED60CDD61F}C:\program files (x86)\jrt studio\isyncr\isyncr.exe] => (Block) C:\program files (x86)\jrt studio\isyncr\isyncr.exe
FirewallRules: [{8A8756A1-A41C-4C5C-AA75-24CF50CF7270}] => (Allow) C:\Users\Marcella\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EB145DE9-4669-4AD9-BD03-06B06F3106C8}] => (Allow) C:\Users\Marcella\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3A67BBBB-8DE8-429A-BBE6-25530D8FEFD5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{C9307A86-E0CD-44B9-8C66-0F914F035955}C:\users\marcella\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\marcella\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C76CACCB-EF2E-4066-A0F1-A26B0970B9CC}C:\users\marcella\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\marcella\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{CFFDE126-9549-40DB-ACE7-3A511D5DFE71}C:\program files (x86)\swapper\swapper.exe] => (Allow) C:\program files (x86)\swapper\swapper.exe
FirewallRules: [UDP Query User{228EC78B-B66D-49CB-8742-4C0400F628A4}C:\program files (x86)\swapper\swapper.exe] => (Allow) C:\program files (x86)\swapper\swapper.exe
FirewallRules: [{A595903F-269E-488D-8930-2853DEE194A6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{8D73C5C3-54FB-43F2-B635-E9E5A3D4EF6A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F4952755-6465-4BDC-8076-33820259AF8D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{3BC2F1C3-09F0-45FC-8EF7-E90D4F6CA973}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EDC6AB8D-01AA-4134-9DF6-9F975BB9F4B6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D83978B-92F2-4A29-B15C-F5F5467A0A7D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D250BCED-7296-43C7-B13A-A17C9B37F49A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2AB49C73-29E0-4186-A532-ECA39C1906E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15B41771-D79E-4155-8AC4-30C5BFF6D652}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A2DC8670-2056-4678-A832-D1D891B83139}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
26-02-2016 03:00:21 Windows Update
01-03-2016 06:43:21 Windows Update
04-03-2016 07:21:02 Windows Update
04-03-2016 09:18:22 zoek.exe restore point
08-03-2016 06:40:22 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2016 09:08:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/09/2016 07:36:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (03/09/2016 06:58:26 AM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Outlook has detected a problem with the existing NormalEmail.dotm.  Would you like to create a new NormalEmail.dotm?.
Accepted Safe Mode action : Microsoft Outlook.
 
Error: (03/09/2016 06:34:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.19135 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 624
 
Start Time: 01d17a053ca9ae0e
 
Termination Time: 14
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 984c9c81-e5fb-11e5-bf69-606c66d952d7
 
Error: (03/09/2016 06:27:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/09/2016 06:15:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 15.8.0.0, time stamp: 0x51709701
Faulting module name: MurocApi.dll, version: 15.8.0.0, time stamp: 0x5170961c
Exception code: 0xc0000005
Fault offset: 0x0000000000026990
Faulting process id: 0xc80
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
 
Error: (03/09/2016 06:15:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/08/2016 06:53:20 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (03/08/2016 06:09:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2016 09:57:20 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (03/09/2016 06:24:39 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (03/09/2016 06:18:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/09/2016 06:14:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error: 
%%1053
 
Error: (03/09/2016 06:14:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
 
Error: (03/08/2016 08:39:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (03/08/2016 06:42:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.215.699.0).
 
Error: (03/08/2016 06:17:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (03/08/2016 06:09:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error: 
%%1053
 
Error: (03/08/2016 06:09:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
 
Error: (03/07/2016 06:17:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
 
CodeIntegrity:
===================================
  Date: 2016-02-24 22:52:57.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-24 22:52:57.883
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 8079.36 MB
Available physical RAM: 4321.48 MB
Total Virtual: 16156.92 MB
Available Virtual: 12107.61 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:718.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 4B97ADB2)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by chhines, 09 March 2016 - 11:50 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users