Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very likely infection - Windows 10


  • This topic is locked This topic is locked
15 replies to this topic

#1 Js031990

Js031990

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 03 March 2016 - 05:01 PM

Hi.

I believe that I have managed to be a bit careless and open something which has given my laptop a virus of some sort... After restarting recently, I have noticed my default search page has changed to Yahoo and after changing the default back to google, loading sites sometimes works but much slower than usual, sometimes not at all (seems to be trying to get onto any anti-virus site will not load), and finally my VPN software will not work.

I have Windows Defender and completed a scan which showed no issues, and I am running Windows 10.

I would really appreciate it if someone could help me with this.

Many thanks in advance,

Jack

BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 03 March 2016 - 07:13 PM

Hello Js031990 and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Js031990

Js031990
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 04 March 2016 - 05:50 AM

..

Attached Files


Edited by Js031990, 04 March 2016 - 05:52 AM.


#4 Js031990

Js031990
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 04 March 2016 - 05:59 AM

Hi Olgun52

 

Thank you so much for taking the time out to help me with this - it is very commendable and I really appreciate your help with this.

 

Please find addition.txt attached, and a paste of FRST.txt copied below.

 

Many thanks,

 

Jack

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
Ran by Jack (administrator) on SIMPCIII (04-03-2016 10:26:44)
Running from C:\Users\Jack\Downloads
Loaded Profiles: Jack (Available Profiles: Jack)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Pokki) C:\Users\Jack\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Spotify Ltd) C:\Users\Jack\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Pokki) C:\Users\Jack\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Jack\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Jack\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Mozilla Corporation) C:\Users\Jack\Desktop\Tor Browser\Browser\firefox.exe
() C:\Users\Jack\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [402344 2015-12-19] ()
HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2013-12-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-12-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-06-03] (Unified Intents AB)
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe [1074688 2014-09-04] ()
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\...\Run: [GoogleChromeAutoLaunch_5339B587CCA39EC73B64D969310AF985] => C:\Users\Jack\AppData\Local\Chromium\Application\chrome.exe [663552 2015-06-28] (The Chromium Authors)
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\...\Run: [Spotify Web Helper] => C:\Users\Jack\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-02-27] (Spotify Ltd)
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50622080 2016-01-19] (Skype Technologies S.A.)
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\...\Run: [GoogleChromeAutoLaunch_4DCD0A585AE1D27D19F4EB1351CC758F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-18] (Google Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jack\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2016-01-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor 3.lnk [2015-06-08]
ShortcutTarget: Device Monitor 3.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-16]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{42841291-fc37-47ef-9a2d-1afe679b17d3}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{42841291-fc37-47ef-9a2d-1afe679b17d3}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{ac7d3d36-ec15-4a80-9988-2a5fc65e1f64}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{ac7d3d36-ec15-4a80-9988-2a5fc65e1f64}: [DhcpNameServer] 78.46.223.24 162.242.211.137
Tcpip\..\Interfaces\{d84ccdf9-a742-4ebb-9098-25c2634c2167}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{d84ccdf9-a742-4ebb-9098-25c2634c2167}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {CC868CD3-A582-4E9C-A1C3-D8B471EA3CCB} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_36_ch&cd=2XzuyEtN2Y1L1QzuzztByDyC0FtB0Fzz0FtDyEtCyE0DzyyBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyCtB0BzytAtCyEtGyByC0BzytGyEyDyBzztGtAyEtCzytGtDyB0EyBtA0B0C0BtAzyyCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEtD0FzztCyD0BtGzz0EtA0FtGyE0DyCzztGzzzzzy0EtG0FtAtC0DzyyBzzyBzz0EtDzy2Q&cr=959323420&ir=
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = 
SearchScopes: HKLM -> {CC868CD3-A582-4E9C-A1C3-D8B471EA3CCB} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_36_ch&cd=2XzuyEtN2Y1L1QzuzztByDyC0FtB0Fzz0FtDyEtCyE0DzyyBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyCtB0BzytAtCyEtGyByC0BzytGyEyDyBzztGtAyEtCzytGtDyB0EyBtA0B0C0BtAzyyCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEtD0FzztCyD0BtGzz0EtA0FtGyE0DyCzztGzzzzzy0EtG0FtAtC0DzyyBzzyBzz0EtDzy2Q&cr=959323420&ir=
SearchScopes: HKU\S-1-5-21-1224946177-1484164449-2298606979-1001 -> DefaultScope {012E1A31-0A45-11E5-8270-8056F2F8F042} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=hdr_s_15_33_orgnl&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztByDyC0FtB0Fzz0FtDyEtCyE0DzyyBtN0D0Tzu0StCtAtBtDtN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1M1Q1CtDzytN1L1G1B1V1N2Y1L1Qzu2SyDyEzyyE0Dzzzy0AtGtB0FzyyEtGzyyBtC0FtGyDtD0EtCtGyEzztByCtAyC0DtBzzyE0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0CtBtBzz0FtBtGyC0C0A0BtGyEtD0A0DtG0A0DyB0FtG0CtByD0E0EtBtA0BtDyDzzyB2QtN0A0LzuyE%26cr%3D732293167%26a%3Dhdr_s_15_33_orgnl%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1224946177-1484164449-2298606979-1001 -> {012E1A31-0A45-11E5-8270-8056F2F8F042} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=hdr_s_15_33_orgnl&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztByDyC0FtB0Fzz0FtDyEtCyE0DzyyBtN0D0Tzu0StCtAtBtDtN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1M1Q1CtDzytN1L1G1B1V1N2Y1L1Qzu2SyDyEzyyE0Dzzzy0AtGtB0FzyyEtGzyyBtC0FtGyDtD0EtCtGyEzztByCtAyC0DtBzzyE0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0CtBtBzz0FtBtGyC0C0A0BtGyEtD0A0DtG0A0DyB0FtG0CtByD0E0EtBtA0BtDyDzzyB2QtN0A0LzuyE%26cr%3D732293167%26a%3Dhdr_s_15_33_orgnl%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1224946177-1484164449-2298606979-1001 -> {0BA026D1-693D-40A3-AB1F-807FB07E9E2B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1224946177-1484164449-2298606979-1001 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1224946177-1484164449-2298606979-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKU\S-1-5-21-1224946177-1484164449-2298606979-1001 -> {CC868CD3-A582-4E9C-A1C3-D8B471EA3CCB} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_36_ch&cd=2XzuyEtN2Y1L1QzuzztByDyC0FtB0Fzz0FtDyEtCyE0DzyyBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyCtB0BzytAtCyEtGyByC0BzytGyEyDyBzztGtAyEtCzytGtDyB0EyBtA0B0C0BtAzyyCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEtD0FzztCyD0BtGzz0EtA0FtGyE0DyCzztGzzzzzy0EtG0FtAtC0DzyyBzzyBzz0EtDzy2Q&cr=959323420&ir=
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-11-19] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-05] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\bfppd2pj.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://search.yahoo.com/?type=435371&fr=spigot-yhp-ff
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=435371&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-18] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin HKU\S-1-5-21-1224946177-1484164449-2298606979-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-1224946177-1484164449-2298606979-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
FF SearchPlugin: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\bfppd2pj.default\searchplugins\yahoo_ff.xml [2016-01-28]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_36_ch&cd=2XzuyEtN2Y1L1QzuzztByDyC0FtB0Fzz0FtDyEtCyE0DzyyBtN0D0Tzu0SzyyByBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyCtB0BzytAtCyEtGyByC0BzytGyEyDyBzztGtAyEtCzytGtDyB0EyBtA0B0C0BtAzyyCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEtD0FzztCyD0BtGzz0EtA0FtGyE0DyCzztGzzzzzy0EtG0FtAtC0DzyyBzzyBzz0EtDzy2Q&cr=959323420&ir=","hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=hdr_s_15_33_orgnl&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztByDyC0FtB0Fzz0FtDyEtCyE0DzyyBtN0D0Tzu0StCtAtBtDtN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1M1Q1CtDzytN1L1G1B1V1N2Y1L1Qzu2SyDyEzyyE0Dzzzy0AtGtB0FzyyEtGzyyBtC0FtGyDtD0EtCtGyEzztByCtAyC0DtBzzyE0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0CtBtBzz0FtBtGyC0C0A0BtGyEtD0A0DtG0A0DyB0FtG0CtByD0E0EtBtA0BtDyDzzyB2QtN0A0LzuyE%26cr%3D732293167%26a%3Dhdr_s_15_33_orgnl%26os%3DWindows%2B8.1"
CHR DefaultSearchURL: Default -> hxxp://127.0.0.1:4664/search&s=DglL-AZmdhEaGMR_NDv5tGcQzHA?q={searchTerms}
CHR DefaultSearchKeyword: Default -> 127.0.0.1
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-15]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Facebook Disconnect) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-06-30]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-29]
CHR Extension: (AdBlock) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-23]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-12-17]
CHR Extension: (Spell checker and Grammar checker by Ginger) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2016-03-03]
CHR Extension: (Unfriend Alerts) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbeldbnadmemecalekdfnffgobkpafc [2014-03-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-02]
CHR Extension: (Google Mail Checker) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-03-25]
CHR Extension: (Save to Pocket) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Hover Zoom) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2016-03-04]
CHR Extension: (Astromenda New Tab) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-12-02]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-18] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-04 10:26 - 2016-03-04 10:27 - 00027583 _____ C:\Users\Jack\Downloads\FRST.txt
2016-03-04 10:26 - 2016-03-04 10:26 - 00000000 ____D C:\FRST
2016-03-04 10:25 - 2016-03-04 10:26 - 02371584 _____ (Farbar) C:\Users\Jack\Downloads\FRST64.exe
2016-03-03 22:17 - 2016-03-03 22:17 - 00000742 _____ C:\Users\Jack\Downloads\Desktop - Shortcut.lnk
2016-03-03 10:02 - 2016-02-23 11:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-03 10:02 - 2016-02-23 11:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-03 10:02 - 2016-02-23 11:27 - 07475040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-03 10:02 - 2016-02-23 11:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-03 10:02 - 2016-02-23 11:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-03 10:02 - 2016-02-23 11:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-03 10:02 - 2016-02-23 11:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-03 10:02 - 2016-02-23 11:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-03 10:02 - 2016-02-23 11:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-03 10:02 - 2016-02-23 11:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-03 10:02 - 2016-02-23 11:22 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-03 10:02 - 2016-02-23 11:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-03 10:02 - 2016-02-23 11:15 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-03 10:02 - 2016-02-23 11:09 - 01614176 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-03 10:02 - 2016-02-23 11:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-03 10:02 - 2016-02-23 10:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-03 10:02 - 2016-02-23 10:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-03 10:02 - 2016-02-23 10:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-03 10:02 - 2016-02-23 10:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-03 10:02 - 2016-02-23 10:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-03 10:02 - 2016-02-23 10:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-03 10:02 - 2016-02-23 10:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-03 10:02 - 2016-02-23 10:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-03 10:02 - 2016-02-23 10:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-03 10:02 - 2016-02-23 10:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-03 10:02 - 2016-02-23 10:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-03 10:02 - 2016-02-23 10:31 - 00847656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-03 10:02 - 2016-02-23 10:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-03 10:02 - 2016-02-23 10:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-03 10:02 - 2016-02-23 10:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-03 10:02 - 2016-02-23 10:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-03 10:02 - 2016-02-23 10:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-03 10:02 - 2016-02-23 10:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-03 10:02 - 2016-02-23 10:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-03 10:02 - 2016-02-23 10:21 - 06606568 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-03 10:02 - 2016-02-23 10:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-03 10:02 - 2016-02-23 09:49 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-03 10:02 - 2016-02-23 09:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-03 10:02 - 2016-02-23 09:45 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-03 10:02 - 2016-02-23 09:45 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-03 10:02 - 2016-02-23 09:45 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-03 10:02 - 2016-02-23 09:45 - 00259336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-03 10:02 - 2016-02-23 09:44 - 00640984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-03 10:02 - 2016-02-23 09:44 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-03 10:02 - 2016-02-23 09:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-03 10:02 - 2016-02-23 09:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-03 10:02 - 2016-02-23 09:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-03 10:02 - 2016-02-23 09:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-03 10:02 - 2016-02-23 09:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-03 10:02 - 2016-02-23 09:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-03 10:02 - 2016-02-23 09:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-03 10:02 - 2016-02-23 09:38 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-03 10:02 - 2016-02-23 09:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-03 10:02 - 2016-02-23 09:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-03 10:02 - 2016-02-23 09:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-03 10:02 - 2016-02-23 09:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-03 10:02 - 2016-02-23 09:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-03 10:02 - 2016-02-23 09:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-03 10:02 - 2016-02-23 09:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-03 10:02 - 2016-02-23 09:26 - 05241984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-03 10:02 - 2016-02-23 09:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-03 10:02 - 2016-02-23 09:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-03 10:02 - 2016-02-23 09:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-03 10:02 - 2016-02-23 09:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-03 10:02 - 2016-02-23 09:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-03 10:02 - 2016-02-23 09:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-03 10:02 - 2016-02-23 09:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-03 10:02 - 2016-02-23 09:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-03 10:02 - 2016-02-23 09:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-03 10:02 - 2016-02-23 09:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-03 10:02 - 2016-02-23 09:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-03 10:02 - 2016-02-23 09:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-03 10:02 - 2016-02-23 09:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-03 10:02 - 2016-02-23 08:58 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-03 10:02 - 2016-02-23 08:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-03 10:02 - 2016-02-23 08:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-03 10:02 - 2016-02-23 08:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-03 10:02 - 2016-02-23 08:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-03 10:02 - 2016-02-23 08:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-03 10:02 - 2016-02-23 08:55 - 00221600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-03 10:02 - 2016-02-23 08:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-03 10:02 - 2016-02-23 08:54 - 00539256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-03 10:02 - 2016-02-23 08:54 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-03 10:02 - 2016-02-23 08:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-03 10:02 - 2016-02-23 08:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-03 10:02 - 2016-02-23 08:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-03 10:02 - 2016-02-23 08:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-03 10:02 - 2016-02-23 08:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-03 10:02 - 2016-02-23 08:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-03 10:02 - 2016-02-23 08:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-03 10:02 - 2016-02-23 08:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-03 10:02 - 2016-02-23 08:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-03 10:02 - 2016-02-23 08:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-03 10:02 - 2016-02-23 08:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-03 10:02 - 2016-02-23 08:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-03 10:02 - 2016-02-23 08:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-03 10:02 - 2016-02-23 08:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-03 10:02 - 2016-02-23 08:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-03 10:02 - 2016-02-23 08:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-03 10:02 - 2016-02-23 08:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-03 10:02 - 2016-02-23 08:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-03 10:02 - 2016-02-23 08:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-03 10:02 - 2016-02-23 08:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-03 10:02 - 2016-02-23 08:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-03 10:02 - 2016-02-23 08:30 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-03 10:02 - 2016-02-23 08:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-03 10:02 - 2016-02-23 08:28 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-03 10:02 - 2016-02-23 08:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-03 10:02 - 2016-02-23 08:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-03 10:02 - 2016-02-23 08:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-03 10:02 - 2016-02-23 08:25 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-03 10:02 - 2016-02-23 08:25 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-03 10:02 - 2016-02-23 08:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-03 10:02 - 2016-02-23 08:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-03 10:02 - 2016-02-23 08:22 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-03 10:02 - 2016-02-23 08:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-03 10:02 - 2016-02-23 08:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-03 10:02 - 2016-02-23 08:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-03 10:02 - 2016-02-23 08:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-03 10:02 - 2016-02-23 08:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-03 10:02 - 2016-02-23 08:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-03 10:02 - 2016-02-23 08:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-03 10:02 - 2016-02-23 08:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-03 10:02 - 2016-02-23 08:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-03 10:02 - 2016-02-23 08:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-03 10:02 - 2016-02-23 08:13 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-03 10:02 - 2016-02-23 08:13 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-03 10:02 - 2016-02-23 08:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-03 10:02 - 2016-02-23 08:11 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-03 10:02 - 2016-02-23 08:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-03 10:02 - 2016-02-23 08:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-03 10:02 - 2016-02-23 08:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-03 10:02 - 2016-02-23 08:09 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-03 10:02 - 2016-02-23 08:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-03 10:02 - 2016-02-23 08:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-03 10:02 - 2016-02-23 08:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-03 10:02 - 2016-02-23 08:06 - 01848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-03 10:02 - 2016-02-23 08:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-03 10:02 - 2016-02-23 08:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-03 10:02 - 2016-02-23 08:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-03 10:02 - 2016-02-23 08:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-03 10:02 - 2016-02-23 08:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-03 10:02 - 2016-02-23 08:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-03 10:02 - 2016-02-23 08:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-03 10:02 - 2016-02-23 08:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-03 10:02 - 2016-02-23 08:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-03 10:02 - 2016-02-23 08:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-03 10:02 - 2016-02-23 08:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-03 10:02 - 2016-02-23 07:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-03 10:02 - 2016-02-23 07:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-03 10:02 - 2016-02-23 07:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-03 10:02 - 2016-02-23 07:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-03 10:02 - 2016-02-23 07:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-03 10:02 - 2016-02-23 07:54 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-03 10:02 - 2016-02-23 07:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-03 10:02 - 2016-02-23 07:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-03 10:02 - 2016-02-23 07:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-03 10:02 - 2016-02-23 07:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-03 10:02 - 2016-02-23 07:47 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-03 10:02 - 2016-02-23 07:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-03 10:02 - 2016-02-23 07:41 - 03594240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-03 10:02 - 2016-02-23 07:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-03 10:02 - 2016-02-23 07:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-03 10:02 - 2016-02-23 07:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-03 10:02 - 2016-02-23 07:37 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-03 10:02 - 2016-02-23 07:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-03 10:02 - 2016-02-23 07:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-03 10:02 - 2016-02-23 07:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-03 10:02 - 2016-02-23 07:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-03 10:02 - 2016-02-23 07:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-03 10:02 - 2016-02-23 07:31 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-03 10:02 - 2016-02-23 07:30 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-03 10:02 - 2016-02-23 07:30 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-03 10:02 - 2016-02-23 07:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-03 10:02 - 2016-02-23 07:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-03 10:02 - 2016-02-23 07:29 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-03 10:02 - 2016-02-23 07:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-03 10:02 - 2016-02-23 07:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-03 10:02 - 2016-02-23 07:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-03 10:02 - 2016-02-23 07:26 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-03 10:02 - 2016-02-23 07:26 - 01498112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-03 10:02 - 2016-02-23 07:25 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-03 10:02 - 2016-02-23 07:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-03 10:02 - 2016-02-23 07:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-03 10:02 - 2016-02-23 07:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-03 10:02 - 2016-02-23 07:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-03 10:02 - 2016-02-23 07:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-03 10:02 - 2016-02-23 07:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-03 10:02 - 2016-02-23 07:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-03 10:02 - 2016-02-23 07:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-03 10:02 - 2016-02-23 07:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-03 10:02 - 2016-02-23 07:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-03 10:02 - 2016-02-23 07:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-03 10:02 - 2016-02-23 07:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-03 10:02 - 2016-02-23 07:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-03 10:02 - 2016-02-23 06:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-03 10:02 - 2016-02-23 06:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-03 10:02 - 2016-02-23 06:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-03 10:02 - 2016-02-23 06:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-03 10:02 - 2016-02-23 06:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-03 10:02 - 2016-02-23 06:55 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-03 10:02 - 2016-02-23 06:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-03 10:02 - 2016-02-23 06:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-03 10:02 - 2016-02-23 06:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-03 10:02 - 2016-02-23 06:50 - 22396416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-03 10:02 - 2016-02-23 06:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-03 10:02 - 2016-02-23 06:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-03 10:02 - 2016-02-23 06:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-03 10:02 - 2016-02-23 06:40 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-03 10:02 - 2016-02-23 06:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-03 10:02 - 2016-02-23 06:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-03 10:02 - 2016-02-23 06:36 - 19341312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-03 10:02 - 2016-02-23 06:36 - 18680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-03 10:02 - 2016-02-23 06:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-03 10:02 - 2016-02-23 06:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-03 10:02 - 2016-02-23 06:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-03 10:02 - 2016-02-23 06:33 - 14254080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-03 10:02 - 2016-02-23 06:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-03 10:02 - 2016-02-23 06:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-03 10:02 - 2016-02-23 06:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-03 10:02 - 2016-02-23 06:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-03 10:02 - 2016-02-23 06:26 - 12587520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-03 10:02 - 2016-02-09 04:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-03 10:02 - 2016-02-09 04:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-03 10:02 - 2016-02-09 03:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-03 10:02 - 2016-02-09 03:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-03 10:02 - 2016-02-09 03:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-03 10:02 - 2016-02-09 03:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-03 10:02 - 2016-02-09 03:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-03 10:02 - 2016-02-09 03:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-02 19:57 - 2016-03-02 19:57 - 00000000 _____ C:\Users\Jack\Downloads\Fresh Meat S04e02 Hdtv X264 Ri Downloader.rar
2016-02-27 18:30 - 2016-03-03 15:11 - 00000000 ____D C:\Users\Jack\AppData\LocalLow\uTorrent
2016-02-27 12:44 - 2016-02-27 12:44 - 00003392 _____ C:\WINDOWS\System32\Tasks\NordVPN Client auto-start
2016-02-26 16:53 - 2016-02-26 16:54 - 01135723 _____ C:\Users\Jack\Downloads\Statement_1879_Feb-16.pdf
2016-02-26 16:39 - 2016-02-26 16:39 - 00038482 _____ C:\Users\Jack\Downloads\Statement_Feb 2016.pdf
2016-02-26 10:05 - 2016-02-27 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-25 16:43 - 2016-02-25 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-02-23 15:13 - 2016-02-23 15:13 - 00200140 _____ C:\WINDOWS\Minidump\022316-31218-01.dmp
2016-02-23 14:56 - 2016-02-23 14:56 - 01463852 _____ C:\WINDOWS\Minidump\022316-21625-01.dmp
2016-02-10 21:03 - 2016-01-29 06:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 21:03 - 2016-01-29 06:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 21:03 - 2016-01-27 06:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 21:03 - 2016-01-27 06:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 21:03 - 2016-01-27 05:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 21:03 - 2016-01-27 05:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 21:03 - 2016-01-27 05:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 21:03 - 2016-01-27 05:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 21:03 - 2016-01-27 05:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 21:03 - 2016-01-27 05:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 21:03 - 2016-01-27 05:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 21:03 - 2016-01-27 05:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 21:03 - 2016-01-27 05:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 21:03 - 2016-01-27 05:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 21:03 - 2016-01-27 05:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 21:03 - 2016-01-27 05:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 21:03 - 2016-01-27 05:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 21:03 - 2016-01-27 05:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 21:03 - 2016-01-27 05:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 21:03 - 2016-01-27 05:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 21:03 - 2016-01-27 05:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 21:03 - 2016-01-27 05:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 21:03 - 2016-01-27 05:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 21:03 - 2016-01-27 05:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 21:03 - 2016-01-27 04:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 21:03 - 2016-01-27 04:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 21:03 - 2016-01-27 04:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 21:03 - 2016-01-27 04:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 21:03 - 2016-01-27 04:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 21:03 - 2016-01-27 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 21:03 - 2016-01-27 04:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 21:03 - 2016-01-27 04:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 21:03 - 2016-01-27 04:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 21:03 - 2016-01-27 04:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 21:03 - 2016-01-16 06:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-02-10 21:03 - 2016-01-16 06:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-02-10 21:03 - 2016-01-16 06:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-02-10 21:03 - 2016-01-16 06:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-02-10 21:03 - 2016-01-16 06:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-02-10 21:03 - 2016-01-16 06:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-02-10 21:03 - 2016-01-16 06:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-02-10 21:03 - 2016-01-16 06:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-02-10 21:03 - 2016-01-16 06:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-10 21:03 - 2016-01-16 06:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-02-10 21:03 - 2016-01-16 06:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-10 21:03 - 2016-01-16 06:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-02-10 21:03 - 2016-01-16 05:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-02-10 21:03 - 2016-01-16 05:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-02-10 21:03 - 2016-01-16 05:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-02-10 21:03 - 2016-01-16 05:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-02-10 21:03 - 2016-01-16 05:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-02-10 21:03 - 2016-01-16 05:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-02-10 21:03 - 2016-01-16 05:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-02-10 21:03 - 2016-01-16 05:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-02-10 21:03 - 2016-01-16 05:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-02-10 21:03 - 2016-01-16 05:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-02-10 21:03 - 2016-01-16 05:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-02-10 21:03 - 2016-01-16 05:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-02-10 21:03 - 2016-01-16 05:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-02-10 21:03 - 2016-01-16 05:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-02-10 21:03 - 2016-01-16 05:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-02-10 21:03 - 2016-01-16 05:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-02-10 21:03 - 2016-01-16 05:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-02-10 21:03 - 2016-01-16 05:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-02-10 21:03 - 2016-01-16 05:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-02-10 21:03 - 2016-01-16 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-02-10 21:03 - 2016-01-16 05:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-02-10 21:03 - 2016-01-16 05:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-02-10 21:03 - 2016-01-16 05:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-02-10 21:03 - 2016-01-16 05:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-02-10 21:03 - 2016-01-16 05:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-02-10 21:03 - 2016-01-16 05:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-02-10 21:03 - 2016-01-16 05:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-02-10 21:03 - 2016-01-16 05:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-02-10 21:03 - 2016-01-16 05:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-02-10 21:03 - 2016-01-16 05:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-02-10 21:03 - 2016-01-16 05:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-02-10 21:03 - 2016-01-16 05:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-02-10 21:03 - 2016-01-16 05:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-02-10 21:03 - 2016-01-16 05:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-02-10 21:03 - 2016-01-16 05:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-02-10 21:03 - 2016-01-16 05:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-02-10 21:03 - 2016-01-16 05:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-02-10 21:03 - 2016-01-16 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-02-10 21:03 - 2016-01-16 05:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-02-10 21:03 - 2016-01-16 05:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-02-10 21:03 - 2016-01-16 05:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-02-10 21:03 - 2016-01-16 05:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-02-10 21:03 - 2016-01-16 05:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-02-10 21:03 - 2016-01-16 05:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-02-10 21:03 - 2016-01-16 05:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-02-10 21:03 - 2016-01-16 05:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-02-10 21:03 - 2016-01-16 05:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-02-10 21:03 - 2016-01-16 05:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-02-10 21:03 - 2016-01-16 05:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-02-10 21:03 - 2016-01-16 05:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-02-10 21:03 - 2016-01-16 05:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-02-10 21:03 - 2016-01-16 05:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-02-10 21:03 - 2016-01-16 05:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-02-10 21:03 - 2016-01-16 05:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-02-10 21:03 - 2016-01-16 05:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-02-10 21:03 - 2016-01-16 05:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-02-10 21:03 - 2016-01-16 05:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-02-10 21:03 - 2016-01-16 05:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-02-10 21:03 - 2016-01-16 05:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-02-10 21:03 - 2016-01-16 05:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-02-10 21:03 - 2016-01-16 05:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-02-10 21:03 - 2016-01-16 05:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-02-10 21:03 - 2016-01-16 05:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-02-10 21:03 - 2016-01-16 05:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-02-10 21:03 - 2016-01-16 05:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-02-10 21:03 - 2016-01-16 05:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-02-10 21:03 - 2016-01-16 05:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-02-10 21:03 - 2016-01-16 05:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-02-10 15:00 - 2016-02-10 15:01 - 08682859 _____ C:\Users\Jack\Downloads\latest_usb_driver_windows.zip
2016-02-08 05:41 - 2016-02-08 08:22 - 471295202 ____R C:\Users\Jack\Downloads\Walking the Himalayas S01E03 HDTV.mp4
2016-02-07 18:39 - 2016-02-08 00:23 - 579029350 ____R C:\Users\Jack\Downloads\Walking the Himalayas S01E02 HDTV.mp4
2016-02-07 18:15 - 2016-02-08 08:14 - 00000000 ____D C:\Users\Jack\Downloads\Walking.The.Himalayas.S01E04.HDTV.x264-C4TV[rarbg]
2016-02-07 18:13 - 2016-02-07 23:41 - 582620617 ____R C:\Users\Jack\Downloads\Walking the Himalayas S01E01 HDTV.mp4
2016-02-07 18:11 - 2016-02-07 18:13 - 1117768353 _____ C:\Users\Jack\Downloads\Walking.The.Himalayas.Series.1.1of5.Afghanistan.720p.x264.HDTV[eztv].mp4
2016-02-07 03:49 - 2016-02-23 15:13 - 582840049 _____ C:\WINDOWS\MEMORY.DMP
2016-02-07 03:49 - 2016-02-23 15:13 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-07 03:49 - 2016-02-07 03:49 - 00220356 _____ C:\WINDOWS\Minidump\020716-54484-01.dmp
2016-02-06 06:51 - 2016-02-06 07:02 - 00000000 ____D C:\Users\Jack\Desktop\Photos
2016-02-06 06:35 - 2016-02-06 07:45 - 00000000 ____D C:\Users\Jack\Downloads\The Wire Season 1, 2, 3, 4 & 5 Complete Collection DVD Box Set HDTV + Extras (Interviews, Commentaries, Bonus Features etc.)
2016-02-06 06:34 - 2016-02-06 06:34 - 00144497 _____ C:\Users\Jack\Downloads\The+Wire+Season+1%2C+2%2C+3%2C+4+%26amp%3B+5+Complete+Collection+DVD+Box+Set+H.torrent
2016-02-05 13:07 - 2016-02-22 18:06 - 00000000 ____D C:\Users\Jack\Desktop\Tor Browser
2016-02-05 13:07 - 2016-02-05 13:07 - 00000957 _____ C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-02-05 13:07 - 2016-02-05 13:07 - 00000909 _____ C:\Users\Jack\Desktop\Start Tor Browser.lnk
2016-02-05 07:51 - 2016-02-05 13:07 - 44082264 _____ C:\Users\Jack\Downloads\torbrowser-install-5.5_en-US.exe
2016-02-05 06:43 - 2016-02-04 20:27 - 03911293 ____N C:\Users\Jack\Desktop\Ali Shephard - Bedroom - 15 Boots of Spanish Leather (Dylan).m4a
2016-02-05 06:43 - 2016-02-04 20:27 - 02887484 ____N C:\Users\Jack\Desktop\Ali Shephard - Bedroom - 13 Dream December.m4a
2016-02-04 20:27 - 2016-02-04 20:49 - 60983003 _____ C:\Users\Jack\Downloads\Ali Shephard - Bedroom (1).zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-04 10:23 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-04 10:09 - 2014-03-25 20:53 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-04 09:54 - 2015-08-13 19:54 - 00000284 _____ C:\WINDOWS\Tasks\UpdateTask.job
2016-03-04 09:47 - 2015-12-21 00:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-04 09:47 - 2014-09-04 09:47 - 00000306 _____ C:\WINDOWS\Tasks\WSE_Astromenda.job
2016-03-04 06:15 - 2014-03-25 20:46 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E8644AD1-F578-46CC-B40D-659748261F31}
2016-03-04 04:02 - 2014-03-25 20:31 - 00000000 ____D C:\Users\Jack\AppData\Local\SweetLabs App Platform
2016-03-03 19:09 - 2014-03-25 20:53 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-03 18:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-03 17:59 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-03 16:56 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-03 16:04 - 2016-01-06 17:19 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-03 16:04 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-03 16:00 - 2016-01-06 17:34 - 00000000 __SHD C:\Users\Jack\IntelGraphicsProfiles
2016-03-03 16:00 - 2016-01-06 16:58 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-03 15:59 - 2016-01-06 17:02 - 00000000 ____D C:\Users\Jack
2016-03-03 15:57 - 2016-01-06 17:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-03 15:56 - 2015-10-30 06:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-03 15:40 - 2014-03-26 11:11 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-03 15:17 - 2016-01-06 16:53 - 00422160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-03 15:15 - 2015-10-30 09:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-03 15:15 - 2015-10-30 07:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-03 15:15 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-03 15:15 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-03 15:15 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-03 15:15 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-03 15:15 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-03 15:15 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-03 15:15 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-03 15:15 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-03 15:15 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-03 15:15 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-03 15:15 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-03 15:12 - 2016-01-28 19:06 - 00000000 ____D C:\Users\Jack\AppData\Roaming\uTorrent
2016-03-01 16:36 - 2014-03-25 21:27 - 00000000 ____D C:\Users\Jack\AppData\Local\Spotify
2016-03-01 16:36 - 2014-03-25 21:25 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Spotify
2016-03-01 16:03 - 2014-04-09 14:07 - 00003488 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-02-27 16:51 - 2014-12-07 20:29 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Skype
2016-02-27 12:44 - 2016-01-06 17:43 - 00001036 _____ C:\Users\Public\Desktop\NordVPN.lnk
2016-02-27 12:44 - 2016-01-06 17:43 - 00000000 ____D C:\Program Files\NordVPN
2016-02-27 10:24 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-27 10:21 - 2015-08-16 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-27 10:20 - 2014-04-10 23:44 - 00000260 _____ C:\Users\Jack\Desktop\New Text Document.txt
2016-02-26 12:16 - 2014-03-25 20:37 - 00002514 _____ C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2016-02-26 04:11 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-26 04:11 - 2014-04-29 12:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-25 16:43 - 2015-11-29 21:51 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-25 16:43 - 2015-08-21 10:21 - 00002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-02-23 15:52 - 2015-11-21 04:49 - 00003380 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2016-02-21 22:42 - 2016-01-18 19:28 - 00000000 ____D C:\Users\Jack\AppData\Local\ElevatedDiagnostics
2016-02-21 22:18 - 2014-03-25 20:54 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 22:18 - 2014-03-25 20:54 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-10 22:00 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-10 22:00 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-10 22:00 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-10 21:25 - 2014-03-27 00:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 21:22 - 2014-03-27 00:00 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-05 13:45 - 2014-04-25 20:36 - 00000000 ____D C:\Users\Jack\AppData\Local\Adobe
2016-02-05 07:09 - 2015-07-21 23:29 - 06845671 _____ C:\Users\Jack\Desktop\Date(Wed, 22 Jul 2015 01_29_48 +0100)_Video.MOV
2016-02-03 19:04 - 2014-03-25 20:53 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-03 19:04 - 2014-03-25 20:53 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-03 19:01 - 2015-10-30 07:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 19:01 - 2015-10-30 07:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2014-09-04 15:47 - 2015-10-10 23:47 - 0000304 _____ () C:\Users\Jack\AppData\Roaming\WB.CFG
2015-06-12 10:35 - 2015-06-12 10:42 - 0006144 _____ () C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 20:47 - 2014-12-17 00:47 - 0000010 _____ () C:\Users\Jack\AppData\Local\DSI.DAT
2014-12-02 20:47 - 2014-12-02 20:47 - 0022528 _____ () C:\Users\Jack\AppData\Local\dsisetup35565782.exe
2014-12-17 00:47 - 2014-12-17 00:47 - 0022528 _____ () C:\Users\Jack\AppData\Local\dsisetup7932696562.exe
2016-01-06 16:58 - 2016-01-06 16:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Jack\AppData\Local\Temp\oct219D.tmp.exe
C:\Users\Jack\AppData\Local\Temp\oct2FF.tmp.exe
C:\Users\Jack\AppData\Local\Temp\oct355D.tmp.exe
C:\Users\Jack\AppData\Local\Temp\oct85CF.tmp.exe
C:\Users\Jack\AppData\Local\Temp\offer-CB3F5FB1-EA07-47AD-83C0-A978A737E2E3.exe
C:\Users\Jack\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-29 18:58
 
==================== End of FRST.txt ============================


#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 04 March 2016 - 05:48 PM

Hi Js031990,

 

We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Astromenda
  • Yahoo
  • Pokki
  • McAfee Security Scan Plus

After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.
Note: If you are unable to uninstall all programs, please inform me, but continue with other steps.

=================================================================================================

 

Free Easy M4A to MP3 Converter 4.8.1

Review the comments of these programs and decide if you want to keep them.
http://www.shouldiremoveit.com/DVDVideoSoft-5052-publisher.aspx
They can be removed via the Control panel > Programs and Freatures applet.

==================================================================================================

Going over your logs I noticed that you have µTorrent and Bittorent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
********************************************************************************************************
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Js031990

Js031990
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 05 March 2016 - 05:00 AM

Thanks again Olgun52

 

I uninstalled the programs as instructed, however, there was no programs from 'Yahoo' installed.

 

Please find the report from the scan below. 

 

Thanks,

 

Jack

 

Zemana AntiMalware 2.19.2.904 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/3/5
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-4200M CPU @ 2.50GHz
BIOS Mode              : UEFI
CUID                   : 005A9E8139ACD54C711AAB
Scan Type              : Smart Scan
Duration               : 13m 7s
Scanned Objects        : 39646
Detected Objects       : 14
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Internet Explorer Search
Status             : Scanned
Object             : Astromenda - http://astromenda.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Search
 
Internet Explorer Search
Status             : Scanned
Object             : Astromenda - http://astromenda.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Search
 
Internet Explorer Search
Status             : Scanned
Object             : Web Search - http://search.homepage-web.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Search
 
Chrome Shortcut
Status             : Scanned
Object             : --incognito
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Chrome Shortcut
 
Chrome Search
Status             : Scanned
Object             : Google Desktop - http://127.0.0.1
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Chrome Search
 
Chrome Startup Url
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Chrome Startup Url
 
Astromenda New Tab
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Traces             :
                Browser Extension - Astromenda New Tab
 
Wi-Fi
Status             : Scanned
Object             : Wi-Fi 78.46.223.24
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : DNS Hijack
Cleaning Action    : Repair
Traces             :
                DNS Server - Wi-Fi : 78.46.223.24
 
winzip18-home.exe
Status             : Scanned
Object             : %userprofile%\downloads\winzip18-home.exe
MD5                : C554E77A64BA9C17755135CFC2F3AC10
Publisher          : WinZip Computing
Size               : 873680
Version            : 0.0.0.0
Detection          : Adware:Win32/InstallCore.Variant!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\winzip18-home.exe
 
Download_Hot_Natured_-_Different_Sides_Of_The_Sun_(2013)_Torrent_-_KickassTorrents.exe
Status             : Scanned
Object             : %userprofile%\downloads\download_hot_natured_-_different_sides_of_the_sun_(2013)_torrent_-_kickasstorrents.exe
MD5                : 7B79A48895D3A01499195B227361D4C9
Publisher          : Kantida Chanudrum
Size               : 378576
Version            : -
Detection          : Downloader:Win32/Generic
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\download_hot_natured_-_different_sides_of_the_sun_(2013)_torrent_-_kickasstorrents.exe
 
Download_Hot_Natured_-_Different_Sides_Of_The_Sun_(2013)_Torrent_-_KickassTorrents (2).exe
Status             : Scanned
Object             : %userprofile%\downloads\download_hot_natured_-_different_sides_of_the_sun_(2013)_torrent_-_kickasstorrents (2).exe
MD5                : 7B79A48895D3A01499195B227361D4C9
Publisher          : Kantida Chanudrum
Size               : 378576
Version            : -
Detection          : Downloader:Win32/Generic
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\download_hot_natured_-_different_sides_of_the_sun_(2013)_torrent_-_kickasstorrents (2).exe
 
Download_Hot_Natured_-_Different_Sides_Of_The_Sun_(2013)_Torrent_-_KickassTorrents (1).exe
Status             : Scanned
Object             : %userprofile%\downloads\download_hot_natured_-_different_sides_of_the_sun_(2013)_torrent_-_kickasstorrents (1).exe
MD5                : 7B79A48895D3A01499195B227361D4C9
Publisher          : Kantida Chanudrum
Size               : 378576
Version            : -
Detection          : Downloader:Win32/Generic
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\download_hot_natured_-_different_sides_of_the_sun_(2013)_torrent_-_kickasstorrents (1).exe
 
Fatboy Slim Praise You Maribou State Remix.exe
Status             : Scanned
Object             : %userprofile%\downloads\fatboy slim praise you maribou state remix.exe
MD5                : 1829FC8C8A44BFFDB3FC1314B2561008
Publisher          : Bogdan Didenko
Size               : 335784
Version            : 2014.5.8.1202
Detection          : Adware:Win32/BulkHeur2.43e719!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\fatboy slim praise you maribou state remix.exe
 
uninstall.exe
Status             : Scanned
Object             : %localappdata%\{143a2266-3092-4ede-5d0a-6b36796297ae}\uninstall.exe
MD5                : 9C649D2144EF997DD497A97C3E3D54DE
Publisher          : -
Size               : 531968
Version            : -
Detection          : Adware:Win32/DealPly
Cleaning Action    : Quarantine
Traces             :
                File - %localappdata%\{143a2266-3092-4ede-5d0a-6b36796297ae}\uninstall.exe
                Scheduled Task - C:\WINDOWS\System32\Tasks\UpdateTask
                Scheduled Task - UpdateTask.job
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 14
Reported as safe      : 0
Failed                : 0


#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 05 March 2016 - 04:49 PM

Hi Js031990,

 

Step 1:

FRST Script:

Please download this attached  Attached File  Fixlist.txt   9.5KB   12 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 3:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 4:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 5:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Js031990

Js031990
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 06 March 2016 - 04:17 PM

Thanks Olgun52

 

Unfortunately, I can't find the log for ADWCLEANER. I scanned and it removed a few things, the log appeared, but my laptop has restarted since, and I can't find the file in the directory stated in the instructions, or through searching on the laptop. Any idea on what to do here?
 

Please find logs for the others below - I have attached them too if thats easier to deal with than a long post of them all together!

 

FIXLOG.EXE
 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Jack (2016-03-06 19:54:45) Run:1
Running from C:\Users\Jack\Downloads
Loaded Profiles: Jack (Available Profiles: Jack)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
CustomCLSID: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {2177749D-DBA4-4807-9A7A-585E1433D5C4} - System32\Tasks\SetmemUpdateTaskMachine => C:\Program Files (x86)\YouTube Downloader\SetmemUpdate.exe
Task: {4DA2D0B6-557B-49BE-A9AA-EE3D007B8EAD} - System32\Tasks\{76136223-CFEF-4498-A320-E772A48761E5} => pcalua.exe -a "C:\Users\David\Downloads\Nero Plat 2014 v15.0.2400 Incl Crack\Nero Burning ROM 2014 v15.0.2400 Incl Crack - [MUMBAI]\Nero_BurningROM2014-15.0.02700_trial.exe" -d "C:\Users\David\Downloads\Nero Plat 2014 v15.0.2400 Incl Crack\Nero Burning ROM 2014 v15.0.2400 Incl Crack - [MUMBAI]"
Task: {69B86FE5-083E-4D71-9673-40063E78098E} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {301412E7-4667-45ED-8C0E-4ED7092E2167} - System32\Tasks\{B287B424-0EE2-434C-BE66-B0AC2F86BE8D} => pcalua.exe -a "C:\Users\David\Downloads\Nero 12 Platinum HD 12.5.01400 Retail + ContentPack [ChingLiu]\Nero.Platinum.v12.5.01400\ind\Nero Clean Tool\Nero-General.CleanTool.exe" -d "C:\Users\David\Downloads\Nero 12 Platinum HD 12.5.01400 Retail + ContentPack [ChingLiu]\Nero.Platinum.v12.5.01400\ind\Nero Clean T (the data entry has 4 more characters).
IE trusted site: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001\...\ynhh.org -> hxxps://citrix.ynhh.org
FirewallRules: [{55055E7C-CA87-46D1-AFD7-3B17696C1E2E}] => (Allow) C:\Users\David\AppData\Local\Temp\nsw5DEA.tmp\CnetInstaller-75959791.exe
FirewallRules: [{F8EC73C3-78F6-4614-87CD-E4AB2B0833AC}] => (Allow) C:\Users\David\AppData\Local\Temp\nsw5DEA.tmp\CnetInstaller-75959791.exe
HKLM-x32\...\Run: [Easy Dock] => [X]
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001\...\Run: [Easy Dock] => [X]
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001\...\Policies\system: [DisableLockWorkstation] 0
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyEnable: [S-1-5-20] => Proxy is enabled
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7015A14A-76AA-4CFB-A680-79E5B14BF92B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> DefaultScope {F00CCC29-1FF2-43BF-916F-EA4450279F2A} URL = hxxp://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {4E50E380-DD07-475F-9F51-47C4A1A152F9} URL = hxxp://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {F00CCC29-1FF2-43BF-916F-EA4450279F2A} URL = hxxp://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001 -> {4E50E380-DD07-475F-9F51-47C4A1A152F9} URL = hxxp://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001 -> {F00CCC29-1FF2-43BF-916F-EA4450279F2A} URL = hxxp://u-search.net/?a=1&e=1&q={searchTerms}
Toolbar: HKU\S-1-5-21-2804123257-2569719226-3130761859-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.ynhh.org/CACHE/stc/2/binaries/vpnweb.cab
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tpb786d1.default-1441713238277
FF NetworkProxy: "autoconfig_url", "http://127.0.0.1:5050/pac"
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 2
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Save Session - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tpb786d1.default-1441713238277\extensions\savesession@noasobi.net.xpi [2015-09-08]
FF Extension: Session Manager - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tpb786d1.default-1441713238277\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-02-07]
FF Extension: Video DownloadHelper - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tpb786d1.default-1441713238277\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-31]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\David\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
2016-02-28 10:55 - 2013-01-29 11:00 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2804123257-2569719226-3130761859-1001Core.job
2016-02-26 21:58 - 2010-10-03 19:33 - 00000000 ____D C:\Users\David\AppData\Roaming\uTorrent
2016-02-22 21:24 - 2013-01-29 19:12 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
2016-02-21 10:12 - 2013-02-01 08:57 - 00000000 ____D C:\Users\David\AppData\Roaming\dvdcss
2010-11-13 10:00 - 2015-05-12 12:50 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-02-23 22:29 - 2012-02-23 22:29 - 0000000 _____ () C:\Users\David\AppData\Roaming\gd.db
2012-02-23 22:29 - 2012-02-23 22:36 - 0000283 _____ () C:\Users\David\AppData\Roaming\groovedown.settings
2012-03-11 15:03 - 2012-03-11 15:03 - 0017408 _____ () C:\Users\David\AppData\Local\WebpageIcons.db
2010-10-03 21:07 - 2010-10-03 21:08 - 0000025 ____H () C:\ProgramData\.811261211181235583101118113995
2011-01-16 16:56 - 2011-01-16 16:56 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-07-20 22:41 - 2014-07-20 22:52 - 0001128 _____ () C:\ProgramData\hpzinstall.log
C:\Users\David\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
C:\Users\David\AppData\Local\Temp\is-90EF7.tmp$$.exe
C:\Users\David\AppData\Local\Temp\is-90EF7.tmpB__1257.exe
C:\Users\David\AppData\Local\Temp\lowproc.exe
C:\Users\David\AppData\Local\Temp\stubhelper.dll
C:\Users\David\AppData\Local\Temp\wusetup.exe
Emptytemp:
end
 
*****************
 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2177749D-DBA4-4807-9A7A-585E1433D5C4} => key not found. 
C:\WINDOWS\System32\Tasks\SetmemUpdateTaskMachine => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SetmemUpdateTaskMachine => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DA2D0B6-557B-49BE-A9AA-EE3D007B8EAD} => key not found. 
C:\WINDOWS\System32\Tasks\{76136223-CFEF-4498-A320-E772A48761E5} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{76136223-CFEF-4498-A320-E772A48761E5} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69B86FE5-083E-4D71-9673-40063E78098E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{301412E7-4667-45ED-8C0E-4ED7092E2167} => key not found. 
C:\WINDOWS\System32\Tasks\{B287B424-0EE2-434C-BE66-B0AC2F86BE8D} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B287B424-0EE2-434C-BE66-B0AC2F86BE8D} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ynhh.org => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{55055E7C-CA87-46D1-AFD7-3B17696C1E2E} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8EC73C3-78F6-4614-87CD-E4AB2B0833AC} => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Easy Dock => value not found.
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Easy Dock => value not found.
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7015A14A-76AA-4CFB-A680-79E5B14BF92B} => key not found. 
HKCR\CLSID\{7015A14A-76AA-4CFB-A680-79E5B14BF92B} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4E50E380-DD07-475F-9F51-47C4A1A152F9} => key not found. 
HKCR\Wow6432Node\CLSID\{4E50E380-DD07-475F-9F51-47C4A1A152F9} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F00CCC29-1FF2-43BF-916F-EA4450279F2A} => key not found. 
HKCR\Wow6432Node\CLSID\{F00CCC29-1FF2-43BF-916F-EA4450279F2A} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E50E380-DD07-475F-9F51-47C4A1A152F9} => key not found. 
HKCR\CLSID\{4E50E380-DD07-475F-9F51-47C4A1A152F9} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F00CCC29-1FF2-43BF-916F-EA4450279F2A} => key not found. 
HKCR\CLSID\{F00CCC29-1FF2-43BF-916F-EA4450279F2A} => key not found. 
HKU\S-1-5-21-2804123257-2569719226-3130761859-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value not found.
HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{538793D5-659C-4639-A56C-A179AD87ED44} => key not found. 
HKCR\Wow6432Node\CLSID\{538793D5-659C-4639-A56C-A179AD87ED44} => key not found. 
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tpb786d1.default-1441713238277 => FRST is scripted not to move this directory.
FF NetworkProxy: "autoconfig_url", "http://127.0.0.1:5050/pac" => not found
FF NetworkProxy: "no_proxies_on", "" => not found
FF NetworkProxy: "type", 2 => not found
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tpb786d1.default-1441713238277\extensions\savesession@noasobi.net.xpi => not found.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tpb786d1.default-1441713238277\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi => not found.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tpb786d1.default-1441713238277\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru => value not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => not found.
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
Chrome DefaultSuggestURL => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => not found.
C:\Users\David\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => not found.
C:\windows\system32\Adobe\Director\np32dsw.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
"C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2804123257-2569719226-3130761859-1001Core.job" => not found.
"C:\Users\David\AppData\Roaming\uTorrent" => not found.
"C:\Users\David\AppData\Roaming\vlc" => not found.
"C:\Users\David\AppData\Roaming\dvdcss" => not found.
"C:\Users\David\AppData\Roaming\Adobe PNG Format CS5 Prefs" => not found.
"C:\Users\David\AppData\Roaming\gd.db" => not found.
"C:\Users\David\AppData\Roaming\groovedown.settings" => not found.
"C:\Users\David\AppData\Local\WebpageIcons.db" => not found.
"C:\ProgramData\.811261211181235583101118113995" => not found.
"C:\ProgramData\ezsidmv.dat" => not found.
"C:\ProgramData\hpzinstall.log" => not found.
"C:\Users\David\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe" => not found.
"C:\Users\David\AppData\Local\Temp\is-90EF7.tmp$$.exe" => not found.
"C:\Users\David\AppData\Local\Temp\is-90EF7.tmpB__1257.exe" => not found.
"C:\Users\David\AppData\Local\Temp\lowproc.exe" => not found.
"C:\Users\David\AppData\Local\Temp\stubhelper.dll" => not found.
"C:\Users\David\AppData\Local\Temp\wusetup.exe" => not found.
EmptyTemp: => 1.9 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:55:23 ====
 
Malwarebytes
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 06/03/2016
Scan Time: 20:06
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.06.03
Rootkit Database: v2016.02.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Jack
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366340
Time Elapsed: 20 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [e9a23054f1a864d22b52b13aa45fcd33], 
PUP.Optional.InstallCore, HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\SOFTWARE\InstallCore, Quarantined, [4e3d87fd8b0eef4796d4bb4a90740ef2], 
PUP.Optional.WinYahoo, HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\SOFTWARE\wincy, Quarantined, [721985ff7a1f280e8d6c1afb38cb7c84], 
PUP.Optional.Astromenda, HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [deadfc88a8f1f2444632c922aa596799], 
PUP.Optional.Spigot, HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0BA026D1-693D-40A3-AB1F-807FB07E9E2B}, Quarantined, [8ffcd2b28118da5c87f9839b49bb9b65], 
 
Registry Values: 2
PUP.Optional.Spigot, HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0BA026D1-693D-40A3-AB1F-807FB07E9E2B}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}, Quarantined, [8ffcd2b28118da5c87f9839b49bb9b65]
PUP.Optional.NotChromeRun, HKU\S-1-5-21-1224946177-1484164449-2298606979-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleChromeAutoLaunch_5339B587CCA39EC73B64D969310AF985, "C:\Users\Jack\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session, Quarantined, [5e2df29283169d9952d4af6146be3fc1]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Astromenda, C:\Users\Jack\AppData\Local\Astromenda, Quarantined, [acdf20641d7c73c38f94d208a260a35d], 
 
Files: 8
PUP.Optional.DsiLoad, C:\Users\Jack\AppData\Local\dsisetup35565782.exe, Quarantined, [8dfe03811b7ebe784dcd29ed60a1bc44], 
PUP.Optional.DsiLoad, C:\Users\Jack\AppData\Local\dsisetup7932696562.exe, Quarantined, [f992afd5920781b59b7f5bbb926f916f], 
PUP.Optional.Spigot, C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\bfppd2pj.default\searchplugins\yahoo_ff.xml, Quarantined, [03886024851458de235949d5f0142fd1], 
PUP.Optional.WinYahoo, C:\Users\Jack\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico, Quarantined, [6f1ce59fafea88ae53e11123e71db848], 
PUP.Optional.Astromenda, C:\Users\Jack\AppData\Local\Astromenda\astcnfg.dat, Quarantined, [acdf20641d7c73c38f94d208a260a35d], 
PUP.Optional.Astromenda, C:\Users\Jack\AppData\Local\Astromenda\data, Quarantined, [acdf20641d7c73c38f94d208a260a35d], 
PUP.Optional.Spigot, C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\bfppd2pj.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=435371&p=");), Replaced,[7e0d9de78c0de353db5ab07fa164d52b]
PUP.Optional.Spigot, C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\bfppd2pj.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "https://search.yahoo.com/?type=435371&fr=spigot-), Replaced,[414a92f2aaefcc6a42bc89adcd384fb1]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64 
Ran by Jack (Administrator) on 06/03/2016 at 20:42:57.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Jack\AppData\Roaming\getrighttogo (Folder) 
 
 
 
Registry: 4 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_4DCD0A585AE1D27D19F4EB1351CC758F (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1b31c9d2-7135-442b-bb93-7c002172adc6} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC868CD3-A582-4E9C-A1C3-D8B471EA3CCB} (Registry Key)
 
 
 
Attached File  malwarebytes_log.txt   3.92KB   2 downloadsAttached File  Fixlog.txt   18.69KB   1 downloadsAttached File  JRT.txt   1.14KB   1 downloadsAttached File  zoek-results.txt   11.59KB   5 downloads
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/03/2016 at 20:45:13.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Many thanks.
 
Jack
 


#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 06 March 2016 - 07:05 PM

Hi again,

Thank you for Logs.

 

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

Please download and run RogueKiller  32/64 bit to your desktop
Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Js031990

Js031990
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 09 March 2016 - 01:04 PM

Thank you Olgun52 for your continued help with this

Please find the logs attachedAttached File  system-log.txt   25.15KB   3 downloadsAttached File  mbar-log-2016-03-08 (19-18-40).txt   2.06KB   2 downloads

 

Jack

Attached Files



#11 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 10 March 2016 - 12:55 PM

Logs is clean.

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

=========================================================================

How is the machine running now and any issues ? Please let me know.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Js031990

Js031990
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 11 March 2016 - 09:03 AM

Hi Olgun52

Thanks again for your quick reply.

Please find the log attached.

I still think I am experiencing some issues.

 

Two I notice

- Windows crashing from time to time

- Unable to sign into my VPN Client (NordVPN) - or even access the website!
- Intermittent prolonged 'pauses' in functionality.
 

Best,

 

Jack

Attached Files



#13 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 12 March 2016 - 05:28 AM

I still think I am experiencing some issues.
 
Two I notice
- Windows crashing from time to time
- Unable to sign into my VPN Client (NordVPN) - or even access the website!
- Intermittent prolonged 'pauses' in functionality.

Okay.
We do the cleaning until now.
Now,we check the system with  FRST reports. Then start some repairs. And let's run the VPN setup file repair.
--------------
1- Please post a fresh FRST Logs for my review..
2- Windows Repair
3- VPN repair and settings check.

 

Download Windows Repair (All in One) from this site
Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

 

Go to Step 2  by clicking  on the Open Pre-scan button

Ashampoo_Snap_2016.02.19_13h52m48s_003__
Now, go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.
Ashampoo_Snap_2016.02.19_13h53m11s_004__
Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.
Ashampoo_Snap_2016.02.19_13h53m34s_005__
Go to Step 5 and under"System Restore" click on Create button.

Ashampoo_Snap_2016.02.19_13h53m58s_006__

Go to Start Repairs tab and click the Start button.
Ashampoo_Snap_2016.02.20_19h38m24s_003__
Leave the check marks as they are.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.
Click on Start Repairs button.
Ashampoo_Snap_2016.02.19_15h57m21s_001__
After the repair finished, you may be prompted to restart the computer. Please allow it to do so.

Please post the Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Js031990

Js031990
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 14 March 2016 - 02:45 PM

Hi Olgun52

Thanks again!

 

Please find the logs attached (note I had to run CHKDSK and fixed a couple of issues in the pre-scan too)

 

Many thanks,

 

Jack

 

Attached File  FRST.txt   72.38KB   1 downloadsAttached File  Tweaking.com - Windows Repair - Pre-Scan.txt   12.41KB   1 downloads

 

Attached File  _Windows_Repair_Log.txt   12.84KB   2 downloads



#15 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:31 AM

Posted 15 March 2016 - 02:18 PM

Please run the VPN setup file and repair


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users