Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think my computer is infected


  • This topic is locked This topic is locked
41 replies to this topic

#1 slikk24

slikk24

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 03 March 2016 - 05:43 PM

Toshiba windows 7 operating system.  My computer is running super slow and locks up constantly.  Also, it will not take windows updates without failing. What should I do?



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 03 March 2016 - 06:44 PM

Hello slikk24 and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here
Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Sincerely  . :hello:

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 04 March 2016 - 09:39 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by John Moore (2016-03-04 08:16:50)
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) (2010-02-12 17:57:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-926204724-1831859192-4147195393-500 - Administrator - Disabled)
Guest (S-1-5-21-926204724-1831859192-4147195393-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-926204724-1831859192-4147195393-1002 - Limited - Enabled)
John Moore (S-1-5-21-926204724-1831859192-4147195393-1000 - Administrator - Enabled) => C:\Users\John Moore

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
ATI Catalyst Install Manager (HKLM\...\{A0880F03-8480-482E-1606-BC91669B0882}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
ccc-core-static (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DriverUpdate (HKLM-x32\...\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}) (Version: 2.2.43335 - SlimWare Utilities, Inc.)
DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-300 Series Printer Uninstall (HKLM\...\EPSON XP-300 Series) (Version: - SEIKO EPSON Corporation)
Glary Utilities 5.26 (HKLM-x32\...\Glary Utilities 5) (Version: 5.26.0.45 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hoyle Card Games 2003 (HKLM-x32\...\InstallShield_{9ABA26E1-843A-4A72-95AF-C72474E191F6}) (Version: 1.0.0.0 - Sierra)
Hoyle Card Games 2003 (x32 Version: 1.0.0.0 - Sierra) Hidden
Hoyle Casino 2003 (HKLM-x32\...\InstallShield_{5F5FA055-84C1-459B-B0B6-D48D210AE50A}) (Version: 1.0.0.0 - Sierra)
Hoyle Casino 2003 (x32 Version: 1.0.0.0 - Sierra) Hidden
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MR97316 (HKLM-x32\...\{5F30715C-3B02-4096-A9EB-1D9CD8B51D90}) (Version: 0.90.0000 - Mars Semiconductor Corp.)
NetZero Launcher (HKLM-x32\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Winmail Reader 1.1.12 (HKLM-x32\...\Winmail Reader_is1) (Version: - Kopf)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {148312DE-830F-4FAF-9116-88899250AA5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {16D00A23-19ED-4076-B00A-CD05B75DB49B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-26] (AVAST Software)
Task: {412B36EA-CA0F-4633-BB12-063483098CFC} - System32\Tasks\DriverCure => C:\Program Files (x86)\ParetoLogic\DriverCure\DriverCure.exe
Task: {6758D701-E5B5-4252-9407-F1CE4458C9D9} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {95AF64D3-C951-4B2F-B7E7-DAC6DDE03411} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11] (Adobe Systems Incorporated)
Task: {9C229169-B3FB-4834-B99F-906D42F4B002} - System32\Tasks\{BC22BBF8-890A-49AE-AF8C-F77190769BE5} => pcalua.exe -a "C:\Users\John Moore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4LHCJUG\winmail-reader-setup[1].exe" -d "C:\Users\John Moore\Desktop"
Task: {BA44F300-8A34-45B9-85B3-EA0F275534D1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-26] (AVAST Software)
Task: {BE03F789-9D40-4859-9304-5B6B0C558E84} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-05-25] (Glarysoft Ltd)
Task: {C8705F54-37AC-4AB8-87B3-9D53A9FB0E8C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-05-25] (Glarysoft Ltd)
Task: {C8ED8E8C-EA35-4086-BD95-C241EEAC75FF} - System32\Tasks\FileCure => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
Task: {E424B0D3-E5D7-44F6-B6C4-13BDE852E7AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {E67612FF-329A-47C3-B88F-7599B74E64A9} - System32\Tasks\{44BFC38C-9E39-46EA-93C0-819731DC4FBF} => pcalua.exe -a E:\OFFICE12\setup.exe -d E:\OFFICE12
Task: {FCAE4274-E6E2-4F96-B300-0CF5440A3754} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DriverCure.job => C:\Program Files (x86)\ParetoLogic\DriverCure\DriverCure.exe
Task: C:\windows\Tasks\FileCure.job => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-26 12:29 - 2016-02-26 12:29 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-26 12:29 - 2016-02-26 12:29 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-03 15:00 - 2016-03-03 15:00 - 02838016 _____ () C:\Program Files\AVAST Software\Avast\defs\16030301\algo.dll
2016-02-26 12:29 - 2016-02-26 12:29 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-04 08:12 - 2016-03-04 08:12 - 02838016 _____ () C:\Program Files\AVAST Software\Avast\defs\16030400\algo.dll
2015-05-25 00:22 - 2015-05-25 00:22 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2016-02-26 12:30 - 2016-02-26 12:30 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-926204724-1831859192-4147195393-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John Moore\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B4A81F56-03A0-4550-80CF-85BE4DFBC7CE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{A14E50A6-48AA-4AF6-ADD1-6F93BDAACFE1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E056C31E-8C80-4072-A6CE-3276216F8E93}] => (Allow) svchost.exe
FirewallRules: [{8C9D7700-DAA9-40D3-9849-6B4F7ACEF005}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{613DC496-FB17-4793-B3AE-4962C5665B33}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1659EFBE-4EF6-4E78-A9A0-77E3D58C1555}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{636FD2A4-C5F3-45BD-A976-984B7060F752}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{451EFBD8-2C89-4381-BA98-545890F262A0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{42DF4973-BA36-4298-8231-638A72F54EC6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-02-2016 19:00:25 Windows Update
28-02-2016 19:00:25 Windows Update
01-03-2016 13:23:02 Windows Update
03-03-2016 11:15:45 Windows Update
03-03-2016 12:21:59 Windows Update
03-03-2016 16:15:36 Windows Update
03-03-2016 16:51:38 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2016 04:57:50 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\msiexec.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows® installer because of this error.

Program: Windows® installer
File: C:\Windows\SysWOW64\msiexec.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (03/03/2016 04:57:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.18896, time stamp: 0x557f3924
Faulting module name: MsiExec.exe, version: 5.0.7601.18896, time stamp: 0x557f3924
Exception code: 0xc0000006
Fault offset: 0x000027af
Faulting process id: 0x1208
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3

Error: (03/03/2016 04:44:22 PM) (Source: MsiInstaller) (EventID: 11719) (User: JohnMoore-PC)
Description: Product: Hoyle Card Games 2003 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (03/03/2016 04:43:19 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\msiexec.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows® installer because of this error.

Program: Windows® installer
File: C:\Windows\SysWOW64\msiexec.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (03/03/2016 04:43:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.18896, time stamp: 0x557f3924
Faulting module name: MsiExec.exe, version: 5.0.7601.18896, time stamp: 0x557f3924
Exception code: 0xc0000006
Fault offset: 0x000027af
Faulting process id: 0xe04
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3

Error: (03/03/2016 04:24:00 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB3114429) 32-Bit Edition ' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (03/03/2016 04:24:00 PM) (Source: MsiInstaller) (EventID: 11719) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (03/03/2016 04:23:51 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\msiexec.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows® installer because of this error.

Program: Windows® installer
File: C:\Windows\SysWOW64\msiexec.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (03/03/2016 04:23:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.18896, time stamp: 0x557f3924
Faulting module name: MsiExec.exe, version: 5.0.7601.18896, time stamp: 0x557f3924
Exception code: 0xc0000006
Fault offset: 0x000027af
Faulting process id: 0x103c
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3

Error: (03/03/2016 04:19:58 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\msiexec.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows® installer because of this error.

Program: Windows® installer
File: C:\Windows\SysWOW64\msiexec.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3


System errors:
=============
Error: (03/04/2016 08:16:37 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/04/2016 08:15:38 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/04/2016 08:15:26 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/04/2016 08:15:22 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/04/2016 08:15:18 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/04/2016 08:15:14 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/04/2016 08:15:10 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/04/2016 08:15:06 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/04/2016 08:15:02 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/04/2016 08:14:58 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


==================== Memory info ===========================

Processor: AMD Turion™ II Ultra Dual-Core Mobile M620
Percentage of memory in use: 36%
Total physical RAM: 3836.17 MB
Available physical RAM: 2451.75 MB
Total Virtual: 7670.54 MB
Available Virtual: 6275.83 MB

==================== Drives ================================

Drive c: (TI105744W0B) (Fixed) (Total:584.87 GB) (Free:509.63 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP c310w) (Removable) (Total:3.81 GB) (Free:3.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 0B0B3C76)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=584.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=17)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0C)

==================== End of Addition.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
Ran by John Moore (administrator) on JOHNMOORE-PC (04-03-2016 08:12:31)
Running from E:\
Loaded Profiles: John Moore (Available Profiles: John Moore)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-26] (AVAST Software)
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-05-25] (Glarysoft Ltd)
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: {1923c29d-19f5-11df-aab3-00266c3f9dfa} - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: {1923c2ea-19f5-11df-aab3-00266c3f9dfa} - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-26] (AVAST Software)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7AD1A3ED-F998-46D5-8620-7C30E7428867}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
URLSearchHook: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
SearchScopes: HKLM -> DefaultScope {5A35403A-FBCF-4054-98F4-2E0770360865} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5A35403A-FBCF-4054-98F4-2E0770360865} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enDE366
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {3CCBC11A-2435-498E-B3A8-62FB149FE177} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {5A35403A-FBCF-4054-98F4-2E0770360865} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-26] (AVAST Software)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-26] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-11-18] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-26]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\John Moore\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\John Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-26] (AVAST Software)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 msiserver; C:\windows\SysWOW64\msiexec.exe [73216 2015-06-15] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-26] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-05-26] (Glarysoft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-03-01] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-04 08:12 - 2016-03-04 08:12 - 00000000 ____D C:\FRST
2016-03-03 11:16 - 2016-03-03 11:58 - 00000000 ____D C:\19f37c3308318fd835d3
2016-02-29 22:49 - 2016-03-01 07:59 - 00000000 ____D C:\776efec3994dc65a8135c13f425eb39a
2016-02-29 08:05 - 2016-02-29 10:49 - 00000000 ____D C:\AdwCleaner
2016-02-29 07:59 - 2016-03-03 12:00 - 00002042 _____ C:\Users\John Moore\Desktop\Rkill.txt
2016-02-28 20:48 - 2016-02-28 21:32 - 00000000 ____D C:\87191b87ec821b9a35e29a4d7cea4a28
2016-02-28 19:12 - 2016-02-28 19:58 - 00000000 ____D C:\a5536ae8fbf3557930dd5a61f753
2016-02-27 20:46 - 2016-02-27 21:30 - 00000000 ____D C:\75a4ce58b6a8ad0491fb380013b5
2016-02-27 19:12 - 2016-02-27 19:56 - 00000000 ____D C:\ba10273c2ca3807f927931
2016-02-26 18:23 - 2016-02-26 18:52 - 00000000 ____D C:\0fc28fcba1efd5f48e794d16d42629e6
2016-02-26 17:19 - 2016-02-26 17:50 - 00000000 ____D C:\0212b3a2baaf4e902f178b
2016-02-26 15:34 - 2016-03-01 13:41 - 00495236 _____ C:\windows\ntbtlog.txt
2016-02-26 12:35 - 2016-02-26 12:35 - 00000000 ____D C:\Users\John Moore\AppData\Roaming\AVAST Software
2016-02-26 12:33 - 2016-02-26 12:33 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-26 12:33 - 2016-02-26 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-02-26 12:32 - 2016-03-04 08:10 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-02-26 12:32 - 2016-02-26 12:32 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-02-26 12:32 - 2016-02-26 12:32 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-26 12:31 - 2016-03-01 14:12 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-02-26 12:31 - 2016-02-29 14:07 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-26 12:31 - 2016-02-26 12:32 - 00463744 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-02-26 12:31 - 2016-02-26 12:32 - 00287016 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-02-26 12:31 - 2016-02-26 12:30 - 00165344 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-02-26 12:30 - 2016-02-26 12:30 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-02-26 12:30 - 2016-02-26 12:30 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-02-26 12:30 - 2016-02-26 12:30 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-02-26 12:30 - 2016-02-26 12:30 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-02-26 12:30 - 2016-02-26 12:30 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-02-26 12:30 - 2016-02-26 12:29 - 01065720 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2016-02-26 12:29 - 2016-02-26 12:29 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-02-26 12:26 - 2016-02-26 12:26 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-26 12:26 - 2016-02-26 12:26 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-26 12:08 - 2016-02-26 12:08 - 00307200 _____ (Secure By Design Inc.) C:\Users\John Moore\Downloads\Ninite Avast Installer.exe
2016-02-26 09:53 - 2016-02-26 09:55 - 00000000 ____D C:\8aa76afeaa92d860819584
2016-02-26 09:47 - 2016-02-26 09:50 - 00000000 ____D C:\04245fb0e3c8d50095e4818ad3
2016-02-26 08:48 - 2016-02-26 09:04 - 00000000 ____D C:\9d656bb0b2f7cae9a1beebc4374e
2016-02-26 08:13 - 2016-02-26 08:28 - 00000000 ____D C:\dbb0005e37e0ce89dfbf3a01
2016-02-25 19:12 - 2016-02-25 19:25 - 00000000 ____D C:\75d7e1a9b7aa52f14620dc0117aa
2016-02-25 19:01 - 2016-02-25 19:07 - 00000000 ____D C:\65c667b1daa48aa82f513ce5f896
2016-02-25 18:18 - 2016-02-25 18:37 - 00000000 ____D C:\c783248dc7c8690ab17d703fc77d2d17
2016-02-25 17:16 - 2016-02-25 17:32 - 00000000 ____D C:\e23b03d002d4d19e0de97b
2016-02-24 19:00 - 2016-02-24 19:00 - 00000000 __SHD C:\found.000
2016-02-24 16:53 - 2016-02-24 17:09 - 00000000 ____D C:\f116aa7a7557b6ed8fb5
2016-02-24 11:08 - 2016-02-24 11:11 - 00000000 ____D C:\51ff9977ee369f8f9776
2016-02-24 10:25 - 2016-02-24 10:25 - 00002167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-02-24 09:53 - 2016-02-24 09:55 - 00000000 ____D C:\f1afc6d4b76d4ae15525
2016-02-24 09:27 - 2016-02-24 09:50 - 00000000 ____D C:\479fa64ee73271e0608ba11e6098672d
2016-02-23 19:01 - 2016-02-23 19:02 - 00000000 ____D C:\abaaff42768034fd63bd1d95
2016-02-23 15:21 - 2016-02-23 15:37 - 00000000 ____D C:\346c57920aad8c74f2b36977d0
2016-02-22 19:40 - 2016-02-22 19:52 - 00000000 ____D C:\cd6b8fd0387767095891ae4a8413
2016-02-22 19:03 - 2016-02-22 19:18 - 00000000 ____D C:\3f6c2bc26110800dc8f0fdf9321e8e5c
2016-02-22 12:27 - 2016-02-22 12:45 - 00000000 ____D C:\dc4c75133c0524fe6ed4c2e9ae
2016-02-21 19:25 - 2016-02-21 19:31 - 00000000 ____D C:\3e90b6d0854e08111e4ab177b4b35e
2016-02-21 19:01 - 2016-02-21 19:13 - 00000000 ____D C:\826c23857e76457d2f8181
2016-02-20 20:39 - 2016-02-20 20:39 - 00000000 ____D C:\cf12c74d6b1be81bbbc569cbaccedd81
2016-02-20 19:33 - 2016-02-20 19:41 - 00000000 ____D C:\09eb9f63d5b44f116eba
2016-02-20 19:25 - 2016-02-20 19:29 - 00000000 ____D C:\ad44be6304a15e3c9ca8dde6cc73
2016-02-20 14:06 - 2016-02-20 14:13 - 00000000 ____D C:\a5e630a195673dc8294e47f8ac24
2016-02-20 11:43 - 2016-02-20 11:46 - 00000000 ____D C:\5ca7a7db0c3f108616620fb235
2016-02-20 11:34 - 2016-02-20 11:41 - 00000000 ____D C:\1406b2ed98107f1a7b71628e28
2016-02-19 20:04 - 2016-02-19 20:11 - 00000000 ____D C:\473492a503fd7c0caf0a1c1e7b47de8b
2016-02-18 18:43 - 2016-02-18 18:56 - 00000000 ____D C:\09ecba1ec6f111c91c49
2016-02-18 18:19 - 2016-02-18 18:25 - 00000000 ____D C:\32bd800444cf112e47ba81
2016-02-17 19:59 - 2016-02-17 20:17 - 00000000 ____D C:\9f76b6b4dd2f43e69c11b6861bbeee6b
2016-02-17 19:22 - 2016-02-17 19:40 - 00000000 ____D C:\a4ea4e9eb48b74957574d58eef
2016-02-16 19:50 - 2016-02-16 19:52 - 00000000 ____D C:\02cd9ca0e4310c1715ae64
2016-02-16 19:43 - 2016-02-16 19:47 - 00000000 ____D C:\d0a269d1098f541e48
2016-02-16 19:25 - 2016-02-16 19:25 - 00000000 ____D C:\12c8607c583f7eb81027f3
2016-02-16 19:01 - 2016-02-16 19:18 - 00000000 ____D C:\c7902f7810844c46f7f1b9ff93a72bf3
2016-02-16 15:46 - 2016-02-16 16:01 - 00000000 ____D C:\06553ca4da1747e515426d42ba2649
2016-02-16 15:10 - 2016-02-16 15:27 - 00000000 ____D C:\f59e7e3460aac45654debc660356
2016-02-16 11:04 - 2016-02-16 11:07 - 00000000 ____D C:\dbc6e35d186c8517c7b77603
2016-02-16 10:56 - 2016-02-16 11:01 - 00000000 ____D C:\1a2c54eed226b44c70a8db
2016-02-15 14:37 - 2016-02-15 14:52 - 00000000 ____D C:\ba23523692e67fe56cd78e
2016-02-15 14:07 - 2016-02-15 14:19 - 00000000 ____D C:\f7434acc7b4f84e4d29a24d366a196e2
2016-02-15 13:17 - 2016-02-15 13:20 - 00000000 ____D C:\789de38b6972b1a99b
2016-02-15 13:08 - 2016-02-15 13:13 - 00000000 ____D C:\e119c67e530c99c22349
2016-02-13 17:29 - 2016-02-13 17:44 - 00000000 ____D C:\af26485365bd7ac5e7a15c06111a3b5d
2016-02-13 16:59 - 2016-02-13 17:06 - 00000000 ____D C:\b1214771c3ea448c807a
2016-02-12 19:38 - 2016-02-12 19:41 - 00000000 ____D C:\122593e5461b6fc1917635
2016-02-12 19:31 - 2016-02-12 19:35 - 00000000 ____D C:\3a63027f6cd272969aafa5
2016-02-12 16:28 - 2016-02-12 16:31 - 00000000 ____D C:\783e752c4d2992d7d6
2016-02-12 16:21 - 2016-02-12 16:25 - 00000000 ____D C:\1be3552f2fafdc33bf364c34
2016-02-11 19:31 - 2016-02-11 19:31 - 00000000 ____D C:\c02f856f9dd7947e04
2016-02-11 19:01 - 2016-02-11 19:15 - 00000000 ____D C:\d5583e78138f71b333d5105bca90
2016-02-11 12:50 - 2016-02-11 13:10 - 00000000 ____D C:\25e90316cd0738c8e7df90c9f3a8
2016-02-11 12:21 - 2016-02-11 12:36 - 00000000 ____D C:\7299151bdae94637c4a97b
2016-02-11 11:29 - 2016-02-11 11:31 - 00000000 ____D C:\1baab67eee774fed538eeb61
2016-02-10 20:12 - 2016-01-22 14:31 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-02-10 20:12 - 2016-01-22 14:10 - 00341200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-02-10 20:12 - 2016-01-22 00:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-02-10 20:12 - 2016-01-22 00:41 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-02-10 20:12 - 2016-01-22 00:40 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-02-10 20:12 - 2016-01-22 00:40 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-02-10 20:12 - 2016-01-22 00:40 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-02-10 20:12 - 2016-01-22 00:40 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-02-10 20:12 - 2016-01-22 00:33 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-02-10 20:12 - 2016-01-22 00:32 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-02-10 20:12 - 2016-01-22 00:29 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-02-10 20:12 - 2016-01-22 00:27 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-02-10 20:12 - 2016-01-22 00:27 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-02-10 20:12 - 2016-01-22 00:27 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-02-10 20:12 - 2016-01-22 00:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-02-10 20:12 - 2016-01-22 00:17 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-02-10 20:12 - 2016-01-22 00:09 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 20:12 - 2016-01-22 00:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-02-10 20:12 - 2016-01-22 00:05 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-02-10 20:12 - 2016-01-22 00:04 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-02-10 20:12 - 2016-01-22 00:02 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-02-10 20:12 - 2016-01-22 00:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-02-10 20:12 - 2016-01-22 00:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-02-10 20:12 - 2016-01-22 00:01 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-02-10 20:12 - 2016-01-22 00:01 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-02-10 20:12 - 2016-01-22 00:00 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-02-10 20:12 - 2016-01-22 00:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-02-10 20:12 - 2016-01-21 23:55 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-02-10 20:12 - 2016-01-21 23:55 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-02-10 20:12 - 2016-01-21 23:51 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-02-10 20:12 - 2016-01-21 23:51 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-02-10 20:12 - 2016-01-21 23:50 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-02-10 20:12 - 2016-01-21 23:48 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-02-10 20:12 - 2016-01-21 23:47 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-02-10 20:12 - 2016-01-21 23:46 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-02-10 20:12 - 2016-01-21 23:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-02-10 20:12 - 2016-01-21 23:43 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-02-10 20:12 - 2016-01-21 23:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 20:12 - 2016-01-21 23:38 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-02-10 20:12 - 2016-01-21 23:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-02-10 20:12 - 2016-01-21 23:35 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-02-10 20:12 - 2016-01-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-02-10 20:12 - 2016-01-21 23:34 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-02-10 20:12 - 2016-01-21 23:33 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-02-10 20:12 - 2016-01-21 23:31 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-02-10 20:12 - 2016-01-21 23:27 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-02-10 20:12 - 2016-01-21 23:25 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-02-10 20:12 - 2016-01-21 23:24 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-02-10 20:12 - 2016-01-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-02-10 20:12 - 2016-01-21 23:08 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-02-10 20:12 - 2016-01-21 23:07 - 02120704 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-02-10 20:12 - 2016-01-21 23:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-02-10 19:22 - 2016-02-06 04:48 - 25839104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-02-10 19:22 - 2016-02-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-02-10 19:22 - 2016-02-06 04:24 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-02-10 19:22 - 2016-02-06 04:11 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-02-10 19:22 - 2016-02-06 04:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-02-10 19:22 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-02-10 19:22 - 2016-02-06 03:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-02-10 19:22 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-02-10 19:22 - 2016-02-06 03:38 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-02-10 19:22 - 2016-02-06 03:37 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-02-10 19:22 - 2016-02-06 03:32 - 14458368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-02-10 19:22 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-02-10 19:22 - 2016-02-06 03:09 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-02-10 19:22 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-02-10 19:20 - 2016-02-10 19:27 - 00000000 ____D C:\b5d02b8f74bbd2594eb98527e4fc
2016-02-10 19:05 - 2016-02-10 19:09 - 00000000 ____D C:\2f5751edecae60d103dcdad17d0f482a
2016-02-10 19:04 - 2016-01-16 13:06 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-02-10 19:04 - 2016-01-16 12:54 - 01162240 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-02-10 19:04 - 2016-01-11 08:08 - 01362944 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-02-10 19:04 - 2016-01-11 08:08 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-02-10 19:04 - 2016-01-11 08:08 - 00677376 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-02-10 19:04 - 2016-01-11 08:08 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-02-10 19:04 - 2016-01-11 08:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-02-10 19:04 - 2016-01-06 13:02 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-02-10 19:04 - 2016-01-06 13:02 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-02-10 19:04 - 2016-01-06 12:41 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-02-09 20:06 - 2016-01-22 00:27 - 05573056 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-02-09 20:06 - 2016-01-22 00:24 - 01733592 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-02-09 20:06 - 2016-01-22 00:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-02-09 20:06 - 2016-01-22 00:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-02-09 20:06 - 2016-01-22 00:17 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-02-09 20:06 - 2016-01-22 00:15 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-02-09 20:06 - 2016-01-22 00:15 - 00730112 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-02-09 20:06 - 2016-01-22 00:15 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-02-09 20:06 - 2016-01-22 00:13 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-02-09 20:06 - 2016-01-22 00:13 - 03938752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-02-09 20:06 - 2016-01-22 00:12 - 00880128 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-02-09 20:06 - 2016-01-22 00:09 - 01314328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-02-09 20:06 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-02-09 20:06 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-02-09 20:06 - 2016-01-22 00:02 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-02-09 20:06 - 2016-01-22 00:02 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-02-09 20:06 - 2016-01-22 00:02 - 00114176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-02-09 20:06 - 2016-01-21 23:59 - 00642560 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-02-09 20:06 - 2016-01-16 13:01 - 02085888 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-02-09 20:06 - 2016-01-16 12:36 - 01413632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-02-09 20:06 - 2016-01-11 13:05 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-02-09 20:06 - 2016-01-11 13:05 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-02-09 20:06 - 2016-01-11 13:05 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-02-09 20:06 - 2016-01-11 12:52 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-02-09 20:06 - 2016-01-11 12:47 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-02-09 20:06 - 2016-01-11 12:26 - 02610176 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-02-09 20:06 - 2016-01-11 12:24 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-02-09 20:06 - 2016-01-11 12:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-02-09 20:06 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-02-09 20:06 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-02-09 20:06 - 2016-01-11 12:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-02-09 20:06 - 2016-01-11 12:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-02-09 20:06 - 2016-01-11 12:14 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-02-09 20:06 - 2016-01-11 12:14 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-02-09 20:06 - 2016-01-11 12:14 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-02-09 20:06 - 2016-01-11 12:14 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-02-09 20:06 - 2016-01-07 11:53 - 03211776 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-02-09 20:06 - 2016-01-07 11:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-02-09 20:05 - 2016-01-22 00:27 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-02-09 20:05 - 2016-01-22 00:27 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-02-09 20:05 - 2016-01-22 00:20 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-02-09 20:05 - 2016-01-22 00:19 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-02-09 20:05 - 2016-01-22 00:19 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-02-09 20:05 - 2016-01-22 00:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-02-09 20:05 - 2016-01-22 00:18 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-02-09 20:05 - 2016-01-22 00:17 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-02-09 20:05 - 2016-01-22 00:17 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-02-09 20:05 - 2016-01-22 00:16 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-02-09 20:05 - 2016-01-22 00:16 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-02-09 20:05 - 2016-01-22 00:16 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-02-09 20:05 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-02-09 20:05 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-02-09 20:05 - 2016-01-22 00:13 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-02-09 20:05 - 2016-01-22 00:05 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-02-09 20:05 - 2016-01-22 00:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-02-09 20:05 - 2016-01-22 00:02 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-02-09 20:05 - 2016-01-22 00:02 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-02-09 20:05 - 2016-01-22 00:02 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-02-09 20:05 - 2016-01-22 00:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-02-09 20:05 - 2016-01-21 23:07 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-02-09 20:05 - 2016-01-21 23:07 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-02-09 20:05 - 2016-01-21 23:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-02-09 20:05 - 2016-01-21 22:59 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-02-09 20:05 - 2016-01-21 22:58 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-02-09 20:05 - 2016-01-21 22:58 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-02-09 20:05 - 2016-01-21 22:57 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-02-09 20:05 - 2016-01-21 22:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-02-09 20:05 - 2016-01-21 22:53 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-02-09 20:05 - 2016-01-21 22:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-02-09 20:05 - 2016-01-21 22:53 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-02-09 20:05 - 2016-01-21 22:53 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-02-09 20:05 - 2016-01-21 22:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-02-09 20:05 - 2016-01-21 22:51 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 22:51 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 22:51 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 22:51 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 20:04 - 2016-01-22 00:19 - 14179840 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-02-09 20:04 - 2016-01-22 00:15 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-02-09 20:04 - 2016-01-22 00:12 - 01940992 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-02-09 20:04 - 2016-01-22 00:05 - 12877824 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-02-09 20:04 - 2016-01-22 00:00 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-02-09 20:04 - 2016-01-21 23:59 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-02-09 20:04 - 2016-01-21 23:19 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-02-09 20:04 - 2016-01-21 23:12 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-04 08:08 - 2015-02-17 09:50 - 00000438 _____ C:\windows\system32\Drivers\etc\hosts.ics
2016-03-04 08:06 - 2010-02-12 11:57 - 00000000 ____D C:\Users\John Moore
2016-03-04 08:05 - 2012-07-14 08:07 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-04 08:05 - 2010-02-15 22:56 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-04 08:05 - 2010-02-15 22:56 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-04 08:05 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-03 16:50 - 2010-01-11 04:20 - 00000000 ____D C:\ProgramData\WildTangent
2016-03-03 16:50 - 2010-01-11 04:20 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2016-03-03 16:50 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-03 16:43 - 2013-11-12 14:29 - 00000000 ____D C:\Users\John Moore\AppData\Local\CrashDumps
2016-03-03 16:30 - 2010-02-15 22:56 - 00003906 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-03 16:30 - 2010-02-15 22:56 - 00003654 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-03 16:28 - 2014-12-26 14:17 - 00003888 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-03-03 16:28 - 2012-07-14 08:07 - 00003770 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-03-03 16:28 - 2010-01-11 04:17 - 00003494 _____ C:\windows\System32\Tasks\ConfigFree Startup Programs
2016-03-03 16:24 - 2015-02-13 13:15 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-03-03 13:05 - 2009-07-13 22:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-03 13:05 - 2009-07-13 22:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-01 13:40 - 2015-05-26 15:18 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-29 03:11 - 2010-02-15 00:41 - 00000398 _____ C:\windows\Tasks\FileCure.job
2016-02-28 03:11 - 2010-02-15 05:42 - 00000414 _____ C:\windows\Tasks\DriverCure.job
2016-02-27 06:03 - 2015-07-10 07:39 - 00000000 ___HD C:\$Windows.~BT
2016-02-26 20:20 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2016-02-26 20:14 - 2014-12-12 19:28 - 00000000 ____D C:\Users\John Moore\AppData\Local\ElevatedDiagnostics
2016-02-26 18:12 - 2015-04-04 14:51 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-02-26 18:12 - 2015-04-04 14:51 - 00000000 ___SD C:\windows\system32\GWX
2016-02-26 09:33 - 2009-07-13 23:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-26 09:33 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2016-02-26 09:19 - 2015-05-26 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-26 09:19 - 2015-05-26 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-26 09:19 - 2014-02-19 09:19 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-24 10:30 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2016-02-19 14:28 - 2010-05-13 02:06 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 14:28 - 2010-05-13 02:06 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-11 11:17 - 2012-07-14 08:07 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-02-11 11:17 - 2012-07-14 08:07 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-10 20:13 - 2009-07-14 01:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 20:12 - 2014-12-12 15:35 - 00000000 ____D C:\windows\system32\appraiser
2016-02-10 20:12 - 2014-05-03 12:39 - 00000000 ___SD C:\windows\system32\CompatTel
2016-02-10 19:54 - 2009-07-13 22:45 - 00360896 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-10 19:32 - 2014-02-19 13:55 - 146614896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-02-10 19:32 - 2014-02-19 13:55 - 00000000 ____D C:\windows\system32\MRT
2016-02-09 18:53 - 2009-07-13 23:09 - 00000000 ____D C:\windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2010-04-03 06:46 - 2010-04-03 06:46 - 0000000 _____ () C:\Users\John Moore\AppData\Roaming\wklnhst.dat
2016-01-23 20:14 - 2016-01-23 20:14 - 0000000 ____H () C:\Users\John Moore\AppData\Local\BITECFC.tmp
2016-01-23 20:13 - 2016-01-23 20:13 - 0000000 _____ () C:\Users\John Moore\AppData\Local\{520FACC7-9001-404E-B7FA-27B1D6113F59}

Some files in TEMP:
====================
C:\Users\John Moore\AppData\Local\Temp\dllnt_dump.dll
C:\Users\John Moore\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 00:09

==================== End of FRST.txt ============================

#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 04 March 2016 - 06:20 PM

Hi slikk24,

 

Please Uninstall:

ParetoLogic
Glary Utilities
C:\Program Files (x86)\ParetoLogic

======================================================================================
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 07 March 2016 - 09:43 AM

***Sorry accidently canceled the first run but it did find one infection. Second scan found no other detections.***


Zemana AntiMalware 2.19.179.904 (Installed)

-------------------------------------------------------
Scan Result : Terminated
Scan Date : 2016/3/7
Operating System : Windows 7 64-bit
Processor : 2X AMD Turion™ II Ultra Dual-Core Mobile M620
BIOS Mode : Legacy
CUID : 00CAAEF36D25B144CB63CF
Scan Type : Smart Scan
Duration : 0m 45s
Scanned Objects : 9638
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Yes
Include All Extensions : No
Scan Documents : No
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Internet Explorer Shortcut
Status : Scanned
Object : -extoff
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Traces :
Browser Setting - Internet Explorer Shortcut


Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0
Zemana AntiMalware 2.19.179.904 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/3/7
Operating System : Windows 7 64-bit
Processor : 2X AMD Turion™ II Ultra Dual-Core Mobile M620
BIOS Mode : Legacy
CUID : 00CAAEF36D25B144CB63CF
Scan Type : Smart Scan
Duration : 2m 18s
Scanned Objects : 9244
Detected Objects : 0
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Yes
Include All Extensions : No
Scan Documents : No
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects

#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 07 March 2016 - 03:37 PM

Okay,thank you.

Step1:

FRST Script run:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
Task: {BE03F789-9D40-4859-9304-5B6B0C558E84} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-05-25] (Glarysoft Ltd)
Task: {C8705F54-37AC-4AB8-87B3-9D53A9FB0E8C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-05-25] (Glarysoft Ltd)
Task: C:\windows\Tasks\DriverCure.job => C:\Program Files (x86)\ParetoLogic\DriverCure\DriverCure.exe
Task: C:\windows\Tasks\FileCure.job => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-05-25] (Glarysoft Ltd)
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: {1923c29d-19f5-11df-aab3-00266c3f9dfa} - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: {1923c2ea-19f5-11df-aab3-00266c3f9dfa} - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
SearchScopes: HKLM -> DefaultScope {5A35403A-FBCF-4054-98F4-2E0770360865} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5A35403A-FBCF-4054-98F4-2E0770360865} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enDE366
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {3CCBC11A-2435-498E-B3A8-62FB149FE177} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {5A35403A-FBCF-4054-98F4-2E0770360865} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-11-18] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-05-26] (Glarysoft Ltd)
2016-03-03 11:16 - 2016-03-03 11:58 - 00000000 ____D C:\19f37c3308318fd835d3
2016-02-29 22:49 - 2016-03-01 07:59 - 00000000 ____D C:\776efec3994dc65a8135c13f425eb39a
2016-02-28 20:48 - 2016-02-28 21:32 - 00000000 ____D C:\87191b87ec821b9a35e29a4d7cea4a28
2016-02-28 19:12 - 2016-02-28 19:58 - 00000000 ____D C:\a5536ae8fbf3557930dd5a61f753
2016-02-27 20:46 - 2016-02-27 21:30 - 00000000 ____D C:\75a4ce58b6a8ad0491fb380013b5
2016-02-27 19:12 - 2016-02-27 19:56 - 00000000 ____D C:\ba10273c2ca3807f927931
2016-02-26 18:23 - 2016-02-26 18:52 - 00000000 ____D C:\0fc28fcba1efd5f48e794d16d42629e6
2016-02-26 17:19 - 2016-02-26 17:50 - 00000000 ____D C:\0212b3a2baaf4e902f178b
2016-02-26 09:53 - 2016-02-26 09:55 - 00000000 ____D C:\8aa76afeaa92d860819584
2016-02-26 09:47 - 2016-02-26 09:50 - 00000000 ____D C:\04245fb0e3c8d50095e4818ad3
2016-02-26 08:48 - 2016-02-26 09:04 - 00000000 ____D C:\9d656bb0b2f7cae9a1beebc4374e
2016-02-26 08:13 - 2016-02-26 08:28 - 00000000 ____D C:\dbb0005e37e0ce89dfbf3a01
2016-02-25 19:12 - 2016-02-25 19:25 - 00000000 ____D C:\75d7e1a9b7aa52f14620dc0117aa
2016-02-25 19:01 - 2016-02-25 19:07 - 00000000 ____D C:\65c667b1daa48aa82f513ce5f896
2016-02-25 18:18 - 2016-02-25 18:37 - 00000000 ____D C:\c783248dc7c8690ab17d703fc77d2d17
2016-02-25 17:16 - 2016-02-25 17:32 - 00000000 ____D C:\e23b03d002d4d19e0de97b
2016-02-24 16:53 - 2016-02-24 17:09 - 00000000 ____D C:\f116aa7a7557b6ed8fb5
2016-02-24 11:08 - 2016-02-24 11:11 - 00000000 ____D C:\51ff9977ee369f8f9776
2016-02-24 09:53 - 2016-02-24 09:55 - 00000000 ____D C:\f1afc6d4b76d4ae15525
2016-02-24 09:27 - 2016-02-24 09:50 - 00000000 ____D C:\479fa64ee73271e0608ba11e6098672d
2016-02-23 19:01 - 2016-02-23 19:02 - 00000000 ____D C:\abaaff42768034fd63bd1d95
2016-02-23 15:21 - 2016-02-23 15:37 - 00000000 ____D C:\346c57920aad8c74f2b36977d0
2016-02-22 19:40 - 2016-02-22 19:52 - 00000000 ____D C:\cd6b8fd0387767095891ae4a8413
2016-02-22 19:03 - 2016-02-22 19:18 - 00000000 ____D C:\3f6c2bc26110800dc8f0fdf9321e8e5c
2016-02-22 12:27 - 2016-02-22 12:45 - 00000000 ____D C:\dc4c75133c0524fe6ed4c2e9ae
2016-02-21 19:25 - 2016-02-21 19:31 - 00000000 ____D C:\3e90b6d0854e08111e4ab177b4b35e
2016-02-21 19:01 - 2016-02-21 19:13 - 00000000 ____D C:\826c23857e76457d2f8181
2016-02-20 20:39 - 2016-02-20 20:39 - 00000000 ____D C:\cf12c74d6b1be81bbbc569cbaccedd81
2016-02-20 19:33 - 2016-02-20 19:41 - 00000000 ____D C:\09eb9f63d5b44f116eba
2016-02-20 19:25 - 2016-02-20 19:29 - 00000000 ____D C:\ad44be6304a15e3c9ca8dde6cc73
2016-02-20 14:06 - 2016-02-20 14:13 - 00000000 ____D C:\a5e630a195673dc8294e47f8ac24
2016-02-20 11:43 - 2016-02-20 11:46 - 00000000 ____D C:\5ca7a7db0c3f108616620fb235
2016-02-20 11:34 - 2016-02-20 11:41 - 00000000 ____D C:\1406b2ed98107f1a7b71628e28
2016-02-19 20:04 - 2016-02-19 20:11 - 00000000 ____D C:\473492a503fd7c0caf0a1c1e7b47de8b
2016-02-18 18:43 - 2016-02-18 18:56 - 00000000 ____D C:\09ecba1ec6f111c91c49
2016-02-18 18:19 - 2016-02-18 18:25 - 00000000 ____D C:\32bd800444cf112e47ba81
2016-02-17 19:59 - 2016-02-17 20:17 - 00000000 ____D C:\9f76b6b4dd2f43e69c11b6861bbeee6b
2016-02-17 19:22 - 2016-02-17 19:40 - 00000000 ____D C:\a4ea4e9eb48b74957574d58eef
2016-02-16 19:50 - 2016-02-16 19:52 - 00000000 ____D C:\02cd9ca0e4310c1715ae64
2016-02-16 19:43 - 2016-02-16 19:47 - 00000000 ____D C:\d0a269d1098f541e48
2016-02-16 19:25 - 2016-02-16 19:25 - 00000000 ____D C:\12c8607c583f7eb81027f3
2016-02-16 19:01 - 2016-02-16 19:18 - 00000000 ____D C:\c7902f7810844c46f7f1b9ff93a72bf3
2016-02-16 15:46 - 2016-02-16 16:01 - 00000000 ____D C:\06553ca4da1747e515426d42ba2649
2016-02-16 15:10 - 2016-02-16 15:27 - 00000000 ____D C:\f59e7e3460aac45654debc660356
2016-02-16 11:04 - 2016-02-16 11:07 - 00000000 ____D C:\dbc6e35d186c8517c7b77603
2016-02-16 10:56 - 2016-02-16 11:01 - 00000000 ____D C:\1a2c54eed226b44c70a8db
2016-02-15 14:37 - 2016-02-15 14:52 - 00000000 ____D C:\ba23523692e67fe56cd78e
2016-02-15 14:07 - 2016-02-15 14:19 - 00000000 ____D C:\f7434acc7b4f84e4d29a24d366a196e2
2016-02-15 13:17 - 2016-02-15 13:20 - 00000000 ____D C:\789de38b6972b1a99b
2016-02-15 13:08 - 2016-02-15 13:13 - 00000000 ____D C:\e119c67e530c99c22349
2016-02-13 17:29 - 2016-02-13 17:44 - 00000000 ____D C:\af26485365bd7ac5e7a15c06111a3b5d
2016-02-13 16:59 - 2016-02-13 17:06 - 00000000 ____D C:\b1214771c3ea448c807a
2016-02-12 19:38 - 2016-02-12 19:41 - 00000000 ____D C:\122593e5461b6fc1917635
2016-02-12 19:31 - 2016-02-12 19:35 - 00000000 ____D C:\3a63027f6cd272969aafa5
2016-02-12 16:28 - 2016-02-12 16:31 - 00000000 ____D C:\783e752c4d2992d7d6
2016-02-12 16:21 - 2016-02-12 16:25 - 00000000 ____D C:\1be3552f2fafdc33bf364c34
2016-02-11 19:31 - 2016-02-11 19:31 - 00000000 ____D C:\c02f856f9dd7947e04
2016-02-11 19:01 - 2016-02-11 19:15 - 00000000 ____D C:\d5583e78138f71b333d5105bca90
2016-02-11 12:50 - 2016-02-11 13:10 - 00000000 ____D C:\25e90316cd0738c8e7df90c9f3a8
2016-02-11 12:21 - 2016-02-11 12:36 - 00000000 ____D C:\7299151bdae94637c4a97b
2016-02-11 11:29 - 2016-02-11 11:31 - 00000000 ____D C:\1baab67eee774fed538eeb61
2016-02-10 19:20 - 2016-02-10 19:27 - 00000000 ____D C:\b5d02b8f74bbd2594eb98527e4fc
2016-02-10 19:05 - 2016-02-10 19:09 - 00000000 ____D C:\2f5751edecae60d103dcdad17d0f482a
2016-03-04 08:08 - 2015-02-17 09:50 - 00000438 _____ C:\windows\system32\Drivers\etc\hosts.ics
C:\Program Files (x86)\Glary Utilities 5
2016-02-29 03:11 - 2010-02-15 00:41 - 00000398 _____ C:\windows\Tasks\FileCure.job
2016-02-28 03:11 - 2010-02-15 05:42 - 00000414 _____ C:\windows\Tasks\DriverCure.job
2016-02-26 20:14 - 2014-12-12 19:28 - 00000000 ____D C:\Users\John Moore\AppData\Local\ElevatedDiagnostics
2010-04-03 06:46 - 2010-04-03 06:46 - 0000000 _____ () C:\Users\John Moore\AppData\Roaming\wklnhst.dat
2016-01-23 20:14 - 2016-01-23 20:14 - 0000000 ____H () C:\Users\John Moore\AppData\Local\BITECFC.tmp
2016-01-23 20:13 - 2016-01-23 20:13 - 0000000 _____ () C:\Users\John Moore\AppData\Local\{520FACC7-9001-404E-B7FA-27B1D6113F59}
C:\Users\John Moore\AppData\Local\Temp\dllnt_dump.dll
C:\Users\John Moore\AppData\Local\Temp\sqlite3.dll
Emptytemp:
end

Close Notepad.
NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

 

Step2:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step3:
ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 08 March 2016 - 08:54 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/7/2016
Scan Time: 4:58 PM
Logfile: malware bytes scan.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.07.08
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John Moore

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375618
Time Elapsed: 19 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.MindSpark, C:\ProgramData\RogueKiller\Quarantine\0878E2E8B5A01D5D.vir, Quarantined, [cc2871131683ac8a47995fce0ef72ad6],
PUP.Optional.MindSpark, C:\ProgramData\RogueKiller\Quarantine\97B3C688BD5DB050.vir, Quarantined, [04f0f391712870c615cb72bbbb4a1ae6],
PUP.Optional.MindSpark, C:\ProgramData\RogueKiller\Quarantine\9D215276119C99B2.vir, Quarantined, [4ba9651fcecb5fd76b75cb6244c1a957],
PUP.Optional.MindSpark, C:\ProgramData\RogueKiller\Quarantine\B0EF0E0E28F7E4FF.vir, Quarantined, [1ed6661e4059290d1fc19d9092731ae6],
PUP.Optional.MindSpark, C:\ProgramData\RogueKiller\Quarantine\2839B89894BA27B4.vir, Quarantined, [d61e364e9affde582fb18ba243c2cc34],

Physical Sectors: 0
(No malicious items detected)


(end)ComboFix 16-03-07.01 - John Moore 03/07/2016 15:44:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1424 [GMT -6:00]
Running from: c:\users\John Moore\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2016-02-07 to 2016-03-07 )))))))))))))))))))))))))))))))
.
.
2016-03-07 22:36 . 2016-03-07 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-07 14:12 . 2016-03-07 14:13 202144 ----a-w- c:\windows\system32\drivers\zam64.sys
2016-03-07 14:12 . 2016-03-07 14:13 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2016-03-07 14:12 . 2016-03-07 14:13 202144 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2016-03-07 14:12 . 2016-03-07 14:12 -------- d-----w- c:\users\John Moore\AppData\Local\Zemana
2016-03-07 01:47 . 2016-03-07 02:06 -------- d-----w- C:\e96c3aa97f2f8dce4b7e
2016-03-07 01:01 . 2016-03-07 01:23 -------- d-----w- C:\b25540800d3bf352944996
2016-03-06 01:51 . 2016-03-06 02:11 -------- d-----w- C:\686361ebd6dcf4a6b2
2016-03-06 01:01 . 2016-03-06 01:23 -------- d-----w- C:\3be94e095c1bd6de016f5c63
2016-03-05 10:27 . 2016-03-05 10:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC86FFF6-4587-403B-80CB-263FACCCF37D}\offreg.2700.dll
2016-03-05 01:25 . 2016-03-05 01:46 -------- d-----w- C:\bbba97b994a07a1be031462f
2016-03-05 01:01 . 2016-03-05 01:05 -------- d-----w- C:\31fa6aa80c752f54d4d4
2016-03-04 14:39 . 2016-02-19 01:53 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC86FFF6-4587-403B-80CB-263FACCCF37D}\mpengine.dll
2016-03-04 14:30 . 2016-03-04 14:35 -------- d-----w- C:\cc8645b3e8e54dd05f61bf5875
2016-03-04 14:19 . 2016-03-04 14:23 -------- d-----w- C:\c449d64c4ebae3a23bcfb3ecf1
2016-03-04 14:12 . 2016-03-04 14:18 -------- d-----w- C:\FRST
2016-03-03 17:16 . 2016-03-03 17:58 -------- d-----w- C:\19f37c3308318fd835d3
2016-03-01 04:49 . 2016-03-01 13:59 -------- d-----w- C:\776efec3994dc65a8135c13f425eb39a
2016-02-29 14:05 . 2016-02-29 16:49 -------- d-----w- C:\AdwCleaner
2016-02-29 02:48 . 2016-02-29 03:32 -------- d-----w- C:\87191b87ec821b9a35e29a4d7cea4a28
2016-02-29 01:12 . 2016-02-29 01:58 -------- d-----w- C:\a5536ae8fbf3557930dd5a61f753
2016-02-28 02:46 . 2016-02-28 03:30 -------- d-----w- C:\75a4ce58b6a8ad0491fb380013b5
2016-02-28 01:12 . 2016-02-28 01:56 -------- d-----w- C:\ba10273c2ca3807f927931
2016-02-27 00:23 . 2016-02-27 00:52 -------- d-----w- C:\0fc28fcba1efd5f48e794d16d42629e6
2016-02-26 23:19 . 2016-02-26 23:50 -------- d-----w- C:\0212b3a2baaf4e902f178b
2016-02-26 18:35 . 2016-02-26 18:35 -------- d-----w- c:\users\John Moore\AppData\Roaming\AVAST Software
2016-02-26 18:32 . 2016-02-26 18:32 -------- d-----w- c:\program files\Common Files\AV
2016-02-26 18:32 . 2016-02-26 18:32 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-02-26 18:31 . 2016-03-01 20:12 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-26 18:31 . 2016-02-29 20:07 -------- d-----w- c:\programdata\RogueKiller
2016-02-26 18:31 . 2016-02-26 18:32 287016 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-02-26 18:31 . 2016-02-26 18:30 165344 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-02-26 18:31 . 2016-02-26 18:32 463744 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-02-26 18:30 . 2016-02-26 18:30 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-02-26 18:30 . 2016-02-26 18:30 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-02-26 18:30 . 2016-02-26 18:30 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-02-26 18:30 . 2016-02-26 18:30 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-02-26 18:30 . 2016-02-26 18:29 1065720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-02-26 18:30 . 2016-02-26 18:30 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-02-26 18:29 . 2016-02-26 18:29 52184 ----a-w- c:\windows\avastSS.scr
2016-02-26 18:26 . 2016-02-26 18:26 -------- d-----w- c:\program files\AVAST Software
2016-02-26 18:26 . 2016-02-26 18:26 -------- d-----w- c:\programdata\AVAST Software
2016-02-26 15:53 . 2016-02-26 15:55 -------- d-----w- C:\8aa76afeaa92d860819584
2016-02-26 15:47 . 2016-02-26 15:50 -------- d-----w- C:\04245fb0e3c8d50095e4818ad3
2016-02-26 14:48 . 2016-02-26 15:04 -------- d-----w- C:\9d656bb0b2f7cae9a1beebc4374e
2016-02-26 14:13 . 2016-02-26 14:28 -------- d-----w- C:\dbb0005e37e0ce89dfbf3a01
2016-02-26 01:12 . 2016-02-26 01:25 -------- d-----w- C:\75d7e1a9b7aa52f14620dc0117aa
2016-02-26 01:01 . 2016-02-26 01:07 -------- d-----w- C:\65c667b1daa48aa82f513ce5f896
2016-02-26 00:18 . 2016-02-26 00:37 -------- d-----w- C:\c783248dc7c8690ab17d703fc77d2d17
2016-02-25 23:16 . 2016-02-25 23:32 -------- d-----w- C:\e23b03d002d4d19e0de97b
2016-02-25 01:00 . 2016-02-25 01:00 -------- d-----w- C:\found.000
2016-02-24 22:53 . 2016-02-24 23:09 -------- d-----w- C:\f116aa7a7557b6ed8fb5
2016-02-24 17:08 . 2016-02-24 17:11 -------- d-----w- C:\51ff9977ee369f8f9776
2016-02-24 15:53 . 2016-02-24 15:55 -------- d-----w- C:\f1afc6d4b76d4ae15525
2016-02-24 15:27 . 2016-02-24 15:50 -------- d-----w- C:\479fa64ee73271e0608ba11e6098672d
2016-02-24 01:01 . 2016-02-24 01:02 -------- d-----w- C:\abaaff42768034fd63bd1d95
2016-02-23 21:21 . 2016-02-23 21:37 -------- d-----w- C:\346c57920aad8c74f2b36977d0
2016-02-23 01:40 . 2016-02-23 01:52 -------- d-----w- C:\cd6b8fd0387767095891ae4a8413
2016-02-23 01:03 . 2016-02-23 01:18 -------- d-----w- C:\3f6c2bc26110800dc8f0fdf9321e8e5c
2016-02-22 18:27 . 2016-02-22 18:45 -------- d-----w- C:\dc4c75133c0524fe6ed4c2e9ae
2016-02-22 01:25 . 2016-02-22 01:31 -------- d-----w- C:\3e90b6d0854e08111e4ab177b4b35e
2016-02-22 01:01 . 2016-02-22 01:13 -------- d-----w- C:\826c23857e76457d2f8181
2016-02-21 02:39 . 2016-02-21 02:39 -------- d-----w- C:\cf12c74d6b1be81bbbc569cbaccedd81
2016-02-21 01:33 . 2016-02-21 01:41 -------- d-----w- C:\09eb9f63d5b44f116eba
2016-02-21 01:25 . 2016-02-21 01:29 -------- d-----w- C:\ad44be6304a15e3c9ca8dde6cc73
2016-02-20 20:06 . 2016-02-20 20:13 -------- d-----w- C:\a5e630a195673dc8294e47f8ac24
2016-02-20 17:43 . 2016-02-20 17:46 -------- d-----w- C:\5ca7a7db0c3f108616620fb235
2016-02-20 17:34 . 2016-02-20 17:41 -------- d-----w- C:\1406b2ed98107f1a7b71628e28
2016-02-20 02:04 . 2016-02-20 02:11 -------- d-----w- C:\473492a503fd7c0caf0a1c1e7b47de8b
2016-02-19 00:43 . 2016-02-19 00:56 -------- d-----w- C:\09ecba1ec6f111c91c49
2016-02-19 00:19 . 2016-02-19 00:25 -------- d-----w- C:\32bd800444cf112e47ba81
2016-02-18 01:59 . 2016-02-18 02:17 -------- d-----w- C:\9f76b6b4dd2f43e69c11b6861bbeee6b
2016-02-18 01:22 . 2016-02-18 01:40 -------- d-----w- C:\a4ea4e9eb48b74957574d58eef
2016-02-17 01:50 . 2016-02-17 01:52 -------- d-----w- C:\02cd9ca0e4310c1715ae64
2016-02-17 01:43 . 2016-02-17 01:47 -------- d-----w- C:\d0a269d1098f541e48
2016-02-17 01:25 . 2016-02-17 01:25 -------- d-----w- C:\12c8607c583f7eb81027f3
2016-02-17 01:01 . 2016-02-17 01:18 -------- d-----w- C:\c7902f7810844c46f7f1b9ff93a72bf3
2016-02-16 21:46 . 2016-02-16 22:01 -------- d-----w- C:\06553ca4da1747e515426d42ba2649
2016-02-16 21:10 . 2016-02-16 21:27 -------- d-----w- C:\f59e7e3460aac45654debc660356
2016-02-16 17:04 . 2016-02-16 17:07 -------- d-----w- C:\dbc6e35d186c8517c7b77603
2016-02-16 16:56 . 2016-02-16 17:01 -------- d-----w- C:\1a2c54eed226b44c70a8db
2016-02-15 20:37 . 2016-02-15 20:52 -------- d-----w- C:\ba23523692e67fe56cd78e
2016-02-15 20:07 . 2016-02-15 20:19 -------- d-----w- C:\f7434acc7b4f84e4d29a24d366a196e2
2016-02-15 19:17 . 2016-02-15 19:20 -------- d-----w- C:\789de38b6972b1a99b
2016-02-15 19:08 . 2016-02-15 19:13 -------- d-----w- C:\e119c67e530c99c22349
2016-02-13 23:29 . 2016-02-13 23:44 -------- d-----w- C:\af26485365bd7ac5e7a15c06111a3b5d
2016-02-13 22:59 . 2016-02-13 23:06 -------- d-----w- C:\b1214771c3ea448c807a
2016-02-13 01:38 . 2016-02-13 01:41 -------- d-----w- C:\122593e5461b6fc1917635
2016-02-13 01:31 . 2016-02-13 01:35 -------- d-----w- C:\3a63027f6cd272969aafa5
2016-02-12 22:28 . 2016-02-12 22:31 -------- d-----w- C:\783e752c4d2992d7d6
2016-02-12 22:21 . 2016-02-12 22:25 -------- d-----w- C:\1be3552f2fafdc33bf364c34
2016-02-12 01:31 . 2016-02-12 01:31 -------- d-----w- C:\c02f856f9dd7947e04
2016-02-12 01:01 . 2016-02-12 01:15 -------- d-----w- C:\d5583e78138f71b333d5105bca90
2016-02-11 18:50 . 2016-02-11 19:10 -------- d-----w- C:\25e90316cd0738c8e7df90c9f3a8
2016-02-11 18:21 . 2016-02-11 18:36 -------- d-----w- C:\7299151bdae94637c4a97b
2016-02-11 17:29 . 2016-02-11 17:31 -------- d-----w- C:\1baab67eee774fed538eeb61
2016-02-11 01:22 . 2016-02-06 10:24 2887680 ----a-w- c:\windows\system32\iertutil.dll
2016-02-11 01:20 . 2016-02-11 01:27 -------- d-----w- C:\b5d02b8f74bbd2594eb98527e4fc
2016-02-11 01:05 . 2016-02-11 01:09 -------- d-----w- C:\2f5751edecae60d103dcdad17d0f482a
2016-02-10 02:06 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-10 02:05 . 2016-01-22 06:27 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-02-10 02:04 . 2016-01-22 06:19 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-02-10 02:04 . 2016-01-22 05:19 3231232 ----a-w- c:\windows\explorer.exe
2016-02-10 02:04 . 2016-01-22 06:15 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-10 02:04 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-02-10 02:04 . 2016-01-22 06:12 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-10 02:04 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-02-10 02:04 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\SysWow64\authui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-07 21:35 . 2015-05-26 21:18 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-11 17:17 . 2012-07-14 14:07 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-11 17:17 . 2012-07-14 14:07 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-11 01:32 . 2014-02-19 19:55 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-01-24 02:14 . 2016-01-24 02:14 0 ---ha-w- c:\users\John Moore\AppData\Local\BITECFC.tmp
2016-01-22 05:59 . 2016-02-10 02:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-05-25 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-02-26 7139768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
"TotalRecipeSearch_14 Browser Plugin Loader 64"="c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon64.exe"
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe"/startup
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - ZAM
*NewlyCreated* - ZAM_GUARD
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-19 20:28 1088664 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 17:17]
.
2016-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 17:59]
.
2016-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-02-26 18:30 905248 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2016-02-19 12831984]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-03-07 16:43:01
ComboFix-quarantined-files.txt 2016-03-07 22:43
.
Pre-Run: 546,659,885,056 bytes free
Post-Run: 551,884,726,272 bytes free
.
- - End Of File - - 1D1A509123FE1DE4A4A1C340C5D5E248
5B5E648D12FCADC244C1EC30318E1EB9

#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 08 March 2016 - 04:29 PM

 Did you run ? [Step1 FRST script run]

 

Transactions need to be done,  in order

 

as step by step (Step1, step2,step 3)


Edited by olgun52, 08 March 2016 - 04:31 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 08 March 2016 - 04:45 PM

Yes I ran FRST, Malware Bytes, and, then combofix

#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 08 March 2016 - 04:52 PM

Yes I ran FRST

I do not see the report. Do you see


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 08 March 2016 - 06:21 PM

FRST would not run. So I ran FRST64 only. I ran everything again.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by John Moore (administrator) on JOHNMOORE-PC (08-03-2016 15:43:06)
Running from C:\Users\John Moore\Desktop
Loaded Profiles: John Moore (Available Profiles: John Moore)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12831984 2016-02-18] (Zemana Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-26] (AVAST Software)
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-05-25] (Glarysoft Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-26] (AVAST Software)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7AD1A3ED-F998-46D5-8620-7C30E7428867}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> DefaultScope {5A35403A-FBCF-4054-98F4-2E0770360865} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5A35403A-FBCF-4054-98F4-2E0770360865} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enDE366
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {3CCBC11A-2435-498E-B3A8-62FB149FE177} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {5A35403A-FBCF-4054-98F4-2E0770360865} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-26] (AVAST Software)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-26] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-11-18] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-26]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\John Moore\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\John Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-26] (AVAST Software)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 msiserver; C:\windows\SysWOW64\msiexec.exe [73216 2015-06-15] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12831984 2016-02-18] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-26] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-05-26] (Glarysoft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-03-01] ()
R1 ZAM; C:\windows\System32\drivers\zam64.sys [202144 2016-03-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [202144 2016-03-07] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 15:43 - 2016-03-08 15:43 - 00012331 _____ C:\Users\John Moore\Desktop\FRST.txt
2016-03-08 15:41 - 2016-03-08 15:41 - 02374144 _____ (Farbar) C:\Users\John Moore\Desktop\FRST64.exe
2016-03-08 15:40 - 2016-03-08 15:41 - 01725440 _____ (Farbar) C:\Users\John Moore\Desktop\FRST.exe
2016-03-08 12:32 - 2016-03-08 12:54 - 00000000 ____D C:\5d277e8514431573290ae81aa977
2016-03-08 11:53 - 2016-03-08 12:13 - 00000000 ____D C:\657dbc507b367d423ce505917b44
2016-03-08 07:53 - 2016-03-08 07:53 - 00001711 _____ C:\Users\John Moore\Desktop\malware bytes scan.txt
2016-03-08 07:52 - 2016-03-08 07:52 - 00000235 _____ C:\Users\John Moore\Desktop\Malwarebytes Anti-Malware.txt
2016-03-07 19:57 - 2016-03-07 20:21 - 00000000 ____D C:\0ca870530a7b8146e3a1fb2593
2016-03-07 19:05 - 2016-03-07 19:29 - 00000000 ____D C:\f9268954411198146eed
2016-03-07 16:43 - 2016-03-07 16:43 - 00025068 _____ C:\ComboFix.txt
2016-03-07 15:41 - 2016-03-07 16:43 - 00000000 ____D C:\Qoobox
2016-03-07 15:41 - 2016-03-07 16:43 - 00000000 ____D C:\ComboFix
2016-03-07 15:41 - 2011-06-26 00:45 - 00256000 _____ C:\windows\PEV.exe
2016-03-07 15:41 - 2010-11-07 11:20 - 00208896 _____ C:\windows\MBR.exe
2016-03-07 15:41 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2016-03-07 15:41 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2016-03-07 15:41 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2016-03-07 15:41 - 2000-08-30 18:00 - 00098816 _____ C:\windows\sed.exe
2016-03-07 15:41 - 2000-08-30 18:00 - 00080412 _____ C:\windows\grep.exe
2016-03-07 15:41 - 2000-08-30 18:00 - 00068096 _____ C:\windows\zip.exe
2016-03-07 15:40 - 2016-03-07 16:40 - 00000000 ____D C:\windows\erdnt
2016-03-07 15:38 - 2016-03-07 15:38 - 05658088 ____R (Swearware) C:\Users\John Moore\Desktop\ComboFix.exe
2016-03-07 15:32 - 2016-03-07 15:32 - 00009877 _____ C:\Users\John Moore\Desktop\fixlist.txt
2016-03-07 08:13 - 2016-03-08 15:30 - 00000620 _____ C:\windows\ZAM.krnl.trace
2016-03-07 08:13 - 2016-03-08 15:30 - 00000119 _____ C:\windows\ZAM_Guard.krnl.trace
2016-03-07 08:13 - 2016-03-07 08:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-03-07 08:12 - 2016-03-07 08:13 - 00202144 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2016-03-07 08:12 - 2016-03-07 08:13 - 00202144 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zam64.sys
2016-03-07 08:12 - 2016-03-07 08:13 - 00001047 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-03-07 08:12 - 2016-03-07 08:13 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-03-07 08:12 - 2016-03-07 08:12 - 00000000 ____D C:\Users\John Moore\AppData\Local\Zemana
2016-03-06 19:47 - 2016-03-06 20:06 - 00000000 ____D C:\e96c3aa97f2f8dce4b7e
2016-03-06 19:01 - 2016-03-06 19:23 - 00000000 ____D C:\b25540800d3bf352944996
2016-03-05 19:51 - 2016-03-05 20:11 - 00000000 ____D C:\686361ebd6dcf4a6b2
2016-03-05 19:01 - 2016-03-05 19:23 - 00000000 ____D C:\3be94e095c1bd6de016f5c63
2016-03-04 19:25 - 2016-03-04 19:46 - 00000000 ____D C:\bbba97b994a07a1be031462f
2016-03-04 19:01 - 2016-03-04 19:05 - 00000000 ____D C:\31fa6aa80c752f54d4d4
2016-03-04 08:30 - 2016-03-04 08:35 - 00000000 ____D C:\cc8645b3e8e54dd05f61bf5875
2016-03-04 08:19 - 2016-03-04 08:23 - 00000000 ____D C:\c449d64c4ebae3a23bcfb3ecf1
2016-03-04 08:12 - 2016-03-08 15:43 - 00000000 ____D C:\FRST
2016-03-03 11:16 - 2016-03-03 11:58 - 00000000 ____D C:\19f37c3308318fd835d3
2016-02-29 22:49 - 2016-03-01 07:59 - 00000000 ____D C:\776efec3994dc65a8135c13f425eb39a
2016-02-29 08:05 - 2016-02-29 10:49 - 00000000 ____D C:\AdwCleaner
2016-02-29 07:59 - 2016-03-03 12:00 - 00002042 _____ C:\Users\John Moore\Desktop\Rkill.txt
2016-02-28 20:48 - 2016-02-28 21:32 - 00000000 ____D C:\87191b87ec821b9a35e29a4d7cea4a28
2016-02-28 19:12 - 2016-02-28 19:58 - 00000000 ____D C:\a5536ae8fbf3557930dd5a61f753
2016-02-27 20:46 - 2016-02-27 21:30 - 00000000 ____D C:\75a4ce58b6a8ad0491fb380013b5
2016-02-27 19:12 - 2016-02-27 19:56 - 00000000 ____D C:\ba10273c2ca3807f927931
2016-02-26 18:23 - 2016-02-26 18:52 - 00000000 ____D C:\0fc28fcba1efd5f48e794d16d42629e6
2016-02-26 17:19 - 2016-02-26 17:50 - 00000000 ____D C:\0212b3a2baaf4e902f178b
2016-02-26 15:34 - 2016-03-01 13:41 - 00495236 _____ C:\windows\ntbtlog.txt
2016-02-26 12:35 - 2016-02-26 12:35 - 00000000 ____D C:\Users\John Moore\AppData\Roaming\AVAST Software
2016-02-26 12:33 - 2016-02-26 12:33 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-26 12:33 - 2016-02-26 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-02-26 12:32 - 2016-03-04 08:10 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-02-26 12:32 - 2016-02-26 12:32 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-02-26 12:32 - 2016-02-26 12:32 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-26 12:31 - 2016-03-01 14:12 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-02-26 12:31 - 2016-02-29 14:07 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-26 12:31 - 2016-02-26 12:32 - 00463744 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-02-26 12:31 - 2016-02-26 12:32 - 00287016 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-02-26 12:31 - 2016-02-26 12:30 - 00165344 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-02-26 12:30 - 2016-02-26 12:30 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-02-26 12:30 - 2016-02-26 12:30 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-02-26 12:30 - 2016-02-26 12:30 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-02-26 12:30 - 2016-02-26 12:30 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-02-26 12:30 - 2016-02-26 12:30 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-02-26 12:30 - 2016-02-26 12:29 - 01065720 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2016-02-26 12:29 - 2016-02-26 12:29 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-02-26 12:26 - 2016-02-26 12:26 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-26 12:26 - 2016-02-26 12:26 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-26 12:08 - 2016-02-26 12:08 - 00307200 _____ (Secure By Design Inc.) C:\Users\John Moore\Downloads\Ninite Avast Installer.exe
2016-02-26 09:53 - 2016-02-26 09:55 - 00000000 ____D C:\8aa76afeaa92d860819584
2016-02-26 09:47 - 2016-02-26 09:50 - 00000000 ____D C:\04245fb0e3c8d50095e4818ad3
2016-02-26 08:48 - 2016-02-26 09:04 - 00000000 ____D C:\9d656bb0b2f7cae9a1beebc4374e
2016-02-26 08:13 - 2016-02-26 08:28 - 00000000 ____D C:\dbb0005e37e0ce89dfbf3a01
2016-02-25 19:12 - 2016-02-25 19:25 - 00000000 ____D C:\75d7e1a9b7aa52f14620dc0117aa
2016-02-25 19:01 - 2016-02-25 19:07 - 00000000 ____D C:\65c667b1daa48aa82f513ce5f896
2016-02-25 18:18 - 2016-02-25 18:37 - 00000000 ____D C:\c783248dc7c8690ab17d703fc77d2d17
2016-02-25 17:16 - 2016-02-25 17:32 - 00000000 ____D C:\e23b03d002d4d19e0de97b
2016-02-24 19:00 - 2016-02-24 19:00 - 00000000 ____D C:\found.000
2016-02-24 16:53 - 2016-02-24 17:09 - 00000000 ____D C:\f116aa7a7557b6ed8fb5
2016-02-24 11:08 - 2016-02-24 11:11 - 00000000 ____D C:\51ff9977ee369f8f9776
2016-02-24 10:25 - 2016-02-24 10:25 - 00002167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-02-24 09:53 - 2016-02-24 09:55 - 00000000 ____D C:\f1afc6d4b76d4ae15525
2016-02-24 09:27 - 2016-02-24 09:50 - 00000000 ____D C:\479fa64ee73271e0608ba11e6098672d
2016-02-23 19:01 - 2016-02-23 19:02 - 00000000 ____D C:\abaaff42768034fd63bd1d95
2016-02-23 15:21 - 2016-02-23 15:37 - 00000000 ____D C:\346c57920aad8c74f2b36977d0
2016-02-22 19:40 - 2016-02-22 19:52 - 00000000 ____D C:\cd6b8fd0387767095891ae4a8413
2016-02-22 19:03 - 2016-02-22 19:18 - 00000000 ____D C:\3f6c2bc26110800dc8f0fdf9321e8e5c
2016-02-22 12:27 - 2016-02-22 12:45 - 00000000 ____D C:\dc4c75133c0524fe6ed4c2e9ae
2016-02-21 19:25 - 2016-02-21 19:31 - 00000000 ____D C:\3e90b6d0854e08111e4ab177b4b35e
2016-02-21 19:01 - 2016-02-21 19:13 - 00000000 ____D C:\826c23857e76457d2f8181
2016-02-20 20:39 - 2016-02-20 20:39 - 00000000 ____D C:\cf12c74d6b1be81bbbc569cbaccedd81
2016-02-20 19:33 - 2016-02-20 19:41 - 00000000 ____D C:\09eb9f63d5b44f116eba
2016-02-20 19:25 - 2016-02-20 19:29 - 00000000 ____D C:\ad44be6304a15e3c9ca8dde6cc73
2016-02-20 14:06 - 2016-02-20 14:13 - 00000000 ____D C:\a5e630a195673dc8294e47f8ac24
2016-02-20 11:43 - 2016-02-20 11:46 - 00000000 ____D C:\5ca7a7db0c3f108616620fb235
2016-02-20 11:34 - 2016-02-20 11:41 - 00000000 ____D C:\1406b2ed98107f1a7b71628e28
2016-02-19 20:04 - 2016-02-19 20:11 - 00000000 ____D C:\473492a503fd7c0caf0a1c1e7b47de8b
2016-02-18 18:43 - 2016-02-18 18:56 - 00000000 ____D C:\09ecba1ec6f111c91c49
2016-02-18 18:19 - 2016-02-18 18:25 - 00000000 ____D C:\32bd800444cf112e47ba81
2016-02-17 19:59 - 2016-02-17 20:17 - 00000000 ____D C:\9f76b6b4dd2f43e69c11b6861bbeee6b
2016-02-17 19:22 - 2016-02-17 19:40 - 00000000 ____D C:\a4ea4e9eb48b74957574d58eef
2016-02-16 19:50 - 2016-02-16 19:52 - 00000000 ____D C:\02cd9ca0e4310c1715ae64
2016-02-16 19:43 - 2016-02-16 19:47 - 00000000 ____D C:\d0a269d1098f541e48
2016-02-16 19:25 - 2016-02-16 19:25 - 00000000 ____D C:\12c8607c583f7eb81027f3
2016-02-16 19:01 - 2016-02-16 19:18 - 00000000 ____D C:\c7902f7810844c46f7f1b9ff93a72bf3
2016-02-16 15:46 - 2016-02-16 16:01 - 00000000 ____D C:\06553ca4da1747e515426d42ba2649
2016-02-16 15:10 - 2016-02-16 15:27 - 00000000 ____D C:\f59e7e3460aac45654debc660356
2016-02-16 11:04 - 2016-02-16 11:07 - 00000000 ____D C:\dbc6e35d186c8517c7b77603
2016-02-16 10:56 - 2016-02-16 11:01 - 00000000 ____D C:\1a2c54eed226b44c70a8db
2016-02-15 14:37 - 2016-02-15 14:52 - 00000000 ____D C:\ba23523692e67fe56cd78e
2016-02-15 14:07 - 2016-02-15 14:19 - 00000000 ____D C:\f7434acc7b4f84e4d29a24d366a196e2
2016-02-15 13:17 - 2016-02-15 13:20 - 00000000 ____D C:\789de38b6972b1a99b
2016-02-15 13:08 - 2016-02-15 13:13 - 00000000 ____D C:\e119c67e530c99c22349
2016-02-13 17:29 - 2016-02-13 17:44 - 00000000 ____D C:\af26485365bd7ac5e7a15c06111a3b5d
2016-02-13 16:59 - 2016-02-13 17:06 - 00000000 ____D C:\b1214771c3ea448c807a
2016-02-12 19:38 - 2016-02-12 19:41 - 00000000 ____D C:\122593e5461b6fc1917635
2016-02-12 19:31 - 2016-02-12 19:35 - 00000000 ____D C:\3a63027f6cd272969aafa5
2016-02-12 16:28 - 2016-02-12 16:31 - 00000000 ____D C:\783e752c4d2992d7d6
2016-02-12 16:21 - 2016-02-12 16:25 - 00000000 ____D C:\1be3552f2fafdc33bf364c34
2016-02-11 19:31 - 2016-02-11 19:31 - 00000000 ____D C:\c02f856f9dd7947e04
2016-02-11 19:01 - 2016-02-11 19:15 - 00000000 ____D C:\d5583e78138f71b333d5105bca90
2016-02-11 12:50 - 2016-02-11 13:10 - 00000000 ____D C:\25e90316cd0738c8e7df90c9f3a8
2016-02-11 12:21 - 2016-02-11 12:36 - 00000000 ____D C:\7299151bdae94637c4a97b
2016-02-11 11:29 - 2016-02-11 11:31 - 00000000 ____D C:\1baab67eee774fed538eeb61
2016-02-10 20:12 - 2016-01-22 14:31 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-02-10 20:12 - 2016-01-22 14:10 - 00341200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-02-10 20:12 - 2016-01-22 00:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-02-10 20:12 - 2016-01-22 00:41 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-02-10 20:12 - 2016-01-22 00:40 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-02-10 20:12 - 2016-01-22 00:40 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-02-10 20:12 - 2016-01-22 00:40 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-02-10 20:12 - 2016-01-22 00:40 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-02-10 20:12 - 2016-01-22 00:33 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-02-10 20:12 - 2016-01-22 00:32 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-02-10 20:12 - 2016-01-22 00:29 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-02-10 20:12 - 2016-01-22 00:27 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-02-10 20:12 - 2016-01-22 00:27 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-02-10 20:12 - 2016-01-22 00:27 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-02-10 20:12 - 2016-01-22 00:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-02-10 20:12 - 2016-01-22 00:17 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-02-10 20:12 - 2016-01-22 00:09 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 20:12 - 2016-01-22 00:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-02-10 20:12 - 2016-01-22 00:05 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-02-10 20:12 - 2016-01-22 00:04 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-02-10 20:12 - 2016-01-22 00:02 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-02-10 20:12 - 2016-01-22 00:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-02-10 20:12 - 2016-01-22 00:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-02-10 20:12 - 2016-01-22 00:01 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-02-10 20:12 - 2016-01-22 00:01 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-02-10 20:12 - 2016-01-22 00:00 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-02-10 20:12 - 2016-01-22 00:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-02-10 20:12 - 2016-01-21 23:55 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-02-10 20:12 - 2016-01-21 23:55 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-02-10 20:12 - 2016-01-21 23:51 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-02-10 20:12 - 2016-01-21 23:51 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-02-10 20:12 - 2016-01-21 23:50 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-02-10 20:12 - 2016-01-21 23:48 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-02-10 20:12 - 2016-01-21 23:47 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-02-10 20:12 - 2016-01-21 23:46 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-02-10 20:12 - 2016-01-21 23:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-02-10 20:12 - 2016-01-21 23:43 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-02-10 20:12 - 2016-01-21 23:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 20:12 - 2016-01-21 23:38 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-02-10 20:12 - 2016-01-21 23:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-02-10 20:12 - 2016-01-21 23:35 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-02-10 20:12 - 2016-01-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-02-10 20:12 - 2016-01-21 23:34 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-02-10 20:12 - 2016-01-21 23:33 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-02-10 20:12 - 2016-01-21 23:31 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-02-10 20:12 - 2016-01-21 23:27 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-02-10 20:12 - 2016-01-21 23:25 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-02-10 20:12 - 2016-01-21 23:24 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-02-10 20:12 - 2016-01-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-02-10 20:12 - 2016-01-21 23:08 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-02-10 20:12 - 2016-01-21 23:07 - 02120704 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-02-10 20:12 - 2016-01-21 23:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-02-10 19:22 - 2016-02-06 04:48 - 25839104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-02-10 19:22 - 2016-02-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-02-10 19:22 - 2016-02-06 04:24 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-02-10 19:22 - 2016-02-06 04:11 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-02-10 19:22 - 2016-02-06 04:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-02-10 19:22 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-02-10 19:22 - 2016-02-06 03:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-02-10 19:22 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-02-10 19:22 - 2016-02-06 03:38 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-02-10 19:22 - 2016-02-06 03:37 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-02-10 19:22 - 2016-02-06 03:32 - 14458368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-02-10 19:22 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-02-10 19:22 - 2016-02-06 03:09 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-02-10 19:22 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-02-10 19:20 - 2016-02-10 19:27 - 00000000 ____D C:\b5d02b8f74bbd2594eb98527e4fc
2016-02-10 19:05 - 2016-02-10 19:09 - 00000000 ____D C:\2f5751edecae60d103dcdad17d0f482a
2016-02-10 19:04 - 2016-01-16 13:06 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-02-10 19:04 - 2016-01-16 12:54 - 01162240 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-02-10 19:04 - 2016-01-11 08:08 - 01362944 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-02-10 19:04 - 2016-01-11 08:08 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-02-10 19:04 - 2016-01-11 08:08 - 00677376 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-02-10 19:04 - 2016-01-11 08:08 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-02-10 19:04 - 2016-01-11 08:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-02-10 19:04 - 2016-01-06 13:02 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-02-10 19:04 - 2016-01-06 13:02 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-02-10 19:04 - 2016-01-06 12:41 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-02-09 20:06 - 2016-01-22 00:27 - 05573056 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-02-09 20:06 - 2016-01-22 00:24 - 01733592 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-02-09 20:06 - 2016-01-22 00:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-02-09 20:06 - 2016-01-22 00:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-02-09 20:06 - 2016-01-22 00:17 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-02-09 20:06 - 2016-01-22 00:15 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-02-09 20:06 - 2016-01-22 00:15 - 00730112 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-02-09 20:06 - 2016-01-22 00:15 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-02-09 20:06 - 2016-01-22 00:13 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-02-09 20:06 - 2016-01-22 00:13 - 03938752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-02-09 20:06 - 2016-01-22 00:12 - 00880128 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-02-09 20:06 - 2016-01-22 00:09 - 01314328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-02-09 20:06 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-02-09 20:06 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-02-09 20:06 - 2016-01-22 00:02 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-02-09 20:06 - 2016-01-22 00:02 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-02-09 20:06 - 2016-01-22 00:02 - 00114176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-02-09 20:06 - 2016-01-21 23:59 - 00642560 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-02-09 20:06 - 2016-01-16 13:01 - 02085888 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-02-09 20:06 - 2016-01-16 12:36 - 01413632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-02-09 20:06 - 2016-01-11 13:05 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-02-09 20:06 - 2016-01-11 13:05 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-02-09 20:06 - 2016-01-11 13:05 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-02-09 20:06 - 2016-01-11 12:52 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-02-09 20:06 - 2016-01-11 12:47 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-02-09 20:06 - 2016-01-11 12:26 - 02610176 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-02-09 20:06 - 2016-01-11 12:24 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-02-09 20:06 - 2016-01-11 12:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-02-09 20:06 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-02-09 20:06 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-02-09 20:06 - 2016-01-11 12:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-02-09 20:06 - 2016-01-11 12:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-02-09 20:06 - 2016-01-11 12:14 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-02-09 20:06 - 2016-01-11 12:14 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-02-09 20:06 - 2016-01-11 12:14 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-02-09 20:06 - 2016-01-11 12:14 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-02-09 20:06 - 2016-01-07 11:53 - 03211776 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-02-09 20:06 - 2016-01-07 11:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-02-09 20:05 - 2016-01-22 00:27 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-02-09 20:05 - 2016-01-22 00:27 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-02-09 20:05 - 2016-01-22 00:20 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-02-09 20:05 - 2016-01-22 00:20 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-02-09 20:05 - 2016-01-22 00:19 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-02-09 20:05 - 2016-01-22 00:19 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-02-09 20:05 - 2016-01-22 00:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-02-09 20:05 - 2016-01-22 00:18 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-02-09 20:05 - 2016-01-22 00:17 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-02-09 20:05 - 2016-01-22 00:17 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-02-09 20:05 - 2016-01-22 00:16 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-02-09 20:05 - 2016-01-22 00:16 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-02-09 20:05 - 2016-01-22 00:16 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-02-09 20:05 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-02-09 20:05 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-02-09 20:05 - 2016-01-22 00:13 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-02-09 20:05 - 2016-01-22 00:06 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-02-09 20:05 - 2016-01-22 00:05 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-02-09 20:05 - 2016-01-22 00:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-02-09 20:05 - 2016-01-22 00:02 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-02-09 20:05 - 2016-01-22 00:02 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-02-09 20:05 - 2016-01-22 00:02 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-02-09 20:05 - 2016-01-22 00:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-02-09 20:05 - 2016-01-21 23:07 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-02-09 20:05 - 2016-01-21 23:07 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-02-09 20:05 - 2016-01-21 23:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-02-09 20:05 - 2016-01-21 22:59 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-02-09 20:05 - 2016-01-21 22:58 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-02-09 20:05 - 2016-01-21 22:58 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-02-09 20:05 - 2016-01-21 22:57 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-02-09 20:05 - 2016-01-21 22:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-02-09 20:05 - 2016-01-21 22:53 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-02-09 20:05 - 2016-01-21 22:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-02-09 20:05 - 2016-01-21 22:53 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-02-09 20:05 - 2016-01-21 22:53 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-02-09 20:05 - 2016-01-21 22:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-02-09 20:05 - 2016-01-21 22:51 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 22:51 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 22:51 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 20:05 - 2016-01-21 22:51 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 20:04 - 2016-01-22 00:19 - 14179840 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-02-09 20:04 - 2016-01-22 00:15 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-02-09 20:04 - 2016-01-22 00:12 - 01940992 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-02-09 20:04 - 2016-01-22 00:05 - 12877824 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-02-09 20:04 - 2016-01-22 00:00 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-02-09 20:04 - 2016-01-21 23:59 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-02-09 20:04 - 2016-01-21 23:19 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-02-09 20:04 - 2016-01-21 23:12 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 15:39 - 2015-02-13 13:15 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-03-08 15:38 - 2009-07-13 22:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-08 15:38 - 2009-07-13 22:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-08 15:33 - 2015-02-17 09:50 - 00000438 _____ C:\windows\system32\Drivers\etc\hosts.ics
2016-03-08 15:31 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-08 07:57 - 2009-07-13 21:20 - 00000000 ____D C:\windows\tracing
2016-03-07 16:58 - 2015-05-26 15:18 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-07 16:38 - 2009-07-13 20:34 - 00000215 _____ C:\windows\system.ini
2016-03-07 15:34 - 2015-05-26 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-07 15:34 - 2015-05-26 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-07 15:34 - 2014-02-19 09:19 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-07 08:40 - 2013-11-12 14:29 - 00000000 ____D C:\Users\John Moore\AppData\Local\CrashDumps
2016-03-04 08:06 - 2010-02-12 11:57 - 00000000 ____D C:\Users\John Moore
2016-03-04 08:05 - 2012-07-14 08:07 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-04 08:05 - 2010-02-15 22:56 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-04 08:05 - 2010-02-15 22:56 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-03 16:50 - 2010-01-11 04:20 - 00000000 ____D C:\ProgramData\WildTangent
2016-03-03 16:50 - 2010-01-11 04:20 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2016-03-03 16:50 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-03 16:30 - 2010-02-15 22:56 - 00003906 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-03 16:30 - 2010-02-15 22:56 - 00003654 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-03 16:28 - 2014-12-26 14:17 - 00003888 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-03-03 16:28 - 2012-07-14 08:07 - 00003770 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-03-03 16:28 - 2010-01-11 04:17 - 00003494 _____ C:\windows\System32\Tasks\ConfigFree Startup Programs
2016-02-27 06:03 - 2015-07-10 07:39 - 00000000 ____D C:\$Windows.~BT
2016-02-26 20:20 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2016-02-26 20:14 - 2014-12-12 19:28 - 00000000 ____D C:\Users\John Moore\AppData\Local\ElevatedDiagnostics
2016-02-26 18:12 - 2015-04-04 14:51 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-02-26 18:12 - 2015-04-04 14:51 - 00000000 ___SD C:\windows\system32\GWX
2016-02-26 09:33 - 2009-07-13 23:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-26 09:33 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2016-02-24 10:30 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2016-02-19 14:28 - 2010-05-13 02:06 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 14:28 - 2010-05-13 02:06 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-11 11:17 - 2012-07-14 08:07 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-02-11 11:17 - 2012-07-14 08:07 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-10 20:13 - 2009-07-14 01:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 20:12 - 2014-12-12 15:35 - 00000000 ____D C:\windows\system32\appraiser
2016-02-10 20:12 - 2014-05-03 12:39 - 00000000 ___SD C:\windows\system32\CompatTel
2016-02-10 19:54 - 2009-07-13 22:45 - 00360896 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-10 19:32 - 2014-02-19 13:55 - 146614896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-02-10 19:32 - 2014-02-19 13:55 - 00000000 ____D C:\windows\system32\MRT
2016-02-09 18:53 - 2009-07-13 23:09 - 00000000 ____D C:\windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2010-04-03 06:46 - 2010-04-03 06:46 - 0000000 _____ () C:\Users\John Moore\AppData\Roaming\wklnhst.dat
2016-01-23 20:14 - 2016-01-23 20:14 - 0000000 ____H () C:\Users\John Moore\AppData\Local\BITECFC.tmp
2016-01-23 20:13 - 2016-01-23 20:13 - 0000000 _____ () C:\Users\John Moore\AppData\Local\{520FACC7-9001-404E-B7FA-27B1D6113F59}

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 00:09
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by John Moore (2016-03-08 15:44:08)
Running from C:\Users\John Moore\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-02-12 17:57:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-926204724-1831859192-4147195393-500 - Administrator - Disabled)
Guest (S-1-5-21-926204724-1831859192-4147195393-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-926204724-1831859192-4147195393-1002 - Limited - Enabled)
John Moore (S-1-5-21-926204724-1831859192-4147195393-1000 - Administrator - Enabled) => C:\Users\John Moore

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
ATI Catalyst Install Manager (HKLM\...\{A0880F03-8480-482E-1606-BC91669B0882}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
ccc-core-static (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DriverUpdate (HKLM-x32\...\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}) (Version: 2.2.43335 - SlimWare Utilities, Inc.)
DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-300 Series Printer Uninstall (HKLM\...\EPSON XP-300 Series) (Version: - SEIKO EPSON Corporation)
Glary Utilities 5.26 (HKLM-x32\...\Glary Utilities 5) (Version: 5.26.0.45 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hoyle Card Games 2003 (HKLM-x32\...\InstallShield_{9ABA26E1-843A-4A72-95AF-C72474E191F6}) (Version: 1.0.0.0 - Sierra)
Hoyle Card Games 2003 (x32 Version: 1.0.0.0 - Sierra) Hidden
Hoyle Casino 2003 (HKLM-x32\...\InstallShield_{5F5FA055-84C1-459B-B0B6-D48D210AE50A}) (Version: 1.0.0.0 - Sierra)
Hoyle Casino 2003 (x32 Version: 1.0.0.0 - Sierra) Hidden
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MR97316 (HKLM-x32\...\{5F30715C-3B02-4096-A9EB-1D9CD8B51D90}) (Version: 0.90.0000 - Mars Semiconductor Corp.)
NetZero Launcher (HKLM-x32\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Winmail Reader 1.1.12 (HKLM-x32\...\Winmail Reader_is1) (Version: - Kopf)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.904 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {148312DE-830F-4FAF-9116-88899250AA5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {16D00A23-19ED-4076-B00A-CD05B75DB49B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-26] (AVAST Software)
Task: {6758D701-E5B5-4252-9407-F1CE4458C9D9} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {95AF64D3-C951-4B2F-B7E7-DAC6DDE03411} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11] (Adobe Systems Incorporated)
Task: {9C229169-B3FB-4834-B99F-906D42F4B002} - System32\Tasks\{BC22BBF8-890A-49AE-AF8C-F77190769BE5} => pcalua.exe -a "C:\Users\John Moore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4LHCJUG\winmail-reader-setup[1].exe" -d "C:\Users\John Moore\Desktop"
Task: {BA44F300-8A34-45B9-85B3-EA0F275534D1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {BE03F789-9D40-4859-9304-5B6B0C558E84} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-05-25] (Glarysoft Ltd)
Task: {C8705F54-37AC-4AB8-87B3-9D53A9FB0E8C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-05-25] (Glarysoft Ltd)
Task: {E424B0D3-E5D7-44F6-B6C4-13BDE852E7AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {E67612FF-329A-47C3-B88F-7599B74E64A9} - System32\Tasks\{44BFC38C-9E39-46EA-93C0-819731DC4FBF} => pcalua.exe -a E:\OFFICE12\setup.exe -d E:\OFFICE12
Task: {FCAE4274-E6E2-4F96-B300-0CF5440A3754} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-26 12:29 - 2016-02-26 12:29 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-26 12:29 - 2016-02-26 12:29 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-08 12:19 - 2016-03-08 12:19 - 02838016 _____ () C:\Program Files\AVAST Software\Avast\defs\16030801\algo.dll
2016-02-26 12:29 - 2016-02-26 12:29 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-26 12:30 - 2016-02-26 12:30 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-25 00:22 - 2015-05-25 00:22 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-926204724-1831859192-4147195393-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John Moore\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B4A81F56-03A0-4550-80CF-85BE4DFBC7CE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{A14E50A6-48AA-4AF6-ADD1-6F93BDAACFE1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E056C31E-8C80-4072-A6CE-3276216F8E93}] => (Allow) svchost.exe
FirewallRules: [{8C9D7700-DAA9-40D3-9849-6B4F7ACEF005}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{613DC496-FB17-4793-B3AE-4962C5665B33}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1659EFBE-4EF6-4E78-A9A0-77E3D58C1555}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{636FD2A4-C5F3-45BD-A976-984B7060F752}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{451EFBD8-2C89-4381-BA98-545890F262A0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{42DF4973-BA36-4298-8231-638A72F54EC6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-03-2016 16:15:36 Windows Update
03-03-2016 16:51:38 Windows Update
04-03-2016 08:18:22 Windows Update
04-03-2016 19:00:21 Windows Update
05-03-2016 19:00:20 Windows Update
06-03-2016 19:00:21 Windows Update
07-03-2016 19:00:29 Windows Update
08-03-2016 11:51:59 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2016 03:36:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TosReelTime.exe, version: 1.5.7.64, time stamp: 0x4980e9d2
Faulting module name: ntdll.dll, version: 6.1.7601.19135, time stamp: 0x56a1c9c5
Exception code: 0xc0000006
Fault offset: 0x00000000000397f0
Faulting process id: 0x%9
Faulting application start time: 0xTosReelTime.exe0
Faulting application path: TosReelTime.exe1
Faulting module path: TosReelTime.exe2
Report Id: TosReelTime.exe3

Error: (03/08/2016 12:58:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 - Update 'Security Update for Microsoft Office 2007 suites (KB2881067) 32-Bit Edition ' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (03/08/2016 12:58:55 PM) (Source: MsiInstaller) (EventID: 11719) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (03/08/2016 12:58:51 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\msiexec.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows® installer because of this error.

Program: Windows® installer
File: C:\Windows\SysWOW64\msiexec.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (03/08/2016 12:58:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.18896, time stamp: 0x557f3924
Faulting module name: MsiExec.exe, version: 5.0.7601.18896, time stamp: 0x557f3924
Exception code: 0xc0000006
Fault offset: 0x000027af
Faulting process id: 0xfc4
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3

Error: (03/08/2016 12:57:58 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\msiexec.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows® installer because of this error.

Program: Windows® installer
File: C:\Windows\SysWOW64\msiexec.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (03/08/2016 12:57:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.18896, time stamp: 0x557f3924
Faulting module name: MsiExec.exe, version: 5.0.7601.18896, time stamp: 0x557f3924
Exception code: 0xc0000006
Fault offset: 0x000027af
Faulting process id: 0x1358
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3

Error: (03/08/2016 12:54:49 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.2 - Update 'KB3122656' could not be installed. Error code 1603. Additional information is available in the log file C:\windows\TEMP\KB3122656_20160308_123307743-Microsoft .NET Framework 4.5.2-MSP0.txt.

Error: (03/08/2016 12:54:49 PM) (Source: MsiInstaller) (EventID: 11719) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.2 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (03/08/2016 12:54:45 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\msiexec.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows® installer because of this error.

Program: Windows® installer
File: C:\Windows\SysWOW64\msiexec.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3


System errors:
=============
Error: (03/08/2016 03:43:25 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/08/2016 03:40:46 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/08/2016 03:38:20 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/08/2016 03:38:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/08/2016 03:38:12 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/08/2016 03:38:08 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/08/2016 03:38:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/08/2016 03:37:59 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/08/2016 03:37:55 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/08/2016 03:37:51 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


==================== Memory info ===========================

Processor: AMD Turion™ II Ultra Dual-Core Mobile M620
Percentage of memory in use: 44%
Total physical RAM: 3836.17 MB
Available physical RAM: 2140.85 MB
Total Virtual: 7670.54 MB
Available Virtual: 5663.26 MB

==================== Drives ================================

Drive c: (TI105744W0B) (Fixed) (Total:584.87 GB) (Free:519.22 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 0B0B3C76)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=584.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=17)

==================== End of Addition.txt ============================Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/8/2016
Scan Time: 3:47 PM
Logfile: malware bytes scan.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.08.07
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John Moore

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375638
Time Elapsed: 21 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)ComboFix 16-03-07.01 - John Moore 03/08/2016 16:40:13.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2064 [GMT -6:00]
Running from: c:\users\John Moore\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-02-08 to 2016-03-08 )))))))))))))))))))))))))))))))
.
.
2016-03-08 22:47 . 2016-03-08 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-08 18:32 . 2016-03-08 18:54 -------- d-----w- C:\5d277e8514431573290ae81aa977
2016-03-08 17:53 . 2016-03-08 18:13 -------- d-----w- C:\657dbc507b367d423ce505917b44
2016-03-08 01:57 . 2016-03-08 02:21 -------- d-----w- C:\0ca870530a7b8146e3a1fb2593
2016-03-08 01:05 . 2016-03-08 01:29 -------- d-----w- C:\f9268954411198146eed
2016-03-07 14:12 . 2016-03-07 14:13 202144 ----a-w- c:\windows\system32\drivers\zam64.sys
2016-03-07 14:12 . 2016-03-07 14:13 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2016-03-07 14:12 . 2016-03-07 14:13 202144 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2016-03-07 14:12 . 2016-03-07 14:12 -------- d-----w- c:\users\John Moore\AppData\Local\Zemana
2016-03-07 01:47 . 2016-03-07 02:06 -------- d-----w- C:\e96c3aa97f2f8dce4b7e
2016-03-07 01:01 . 2016-03-07 01:23 -------- d-----w- C:\b25540800d3bf352944996
2016-03-06 01:51 . 2016-03-06 02:11 -------- d-----w- C:\686361ebd6dcf4a6b2
2016-03-06 01:01 . 2016-03-06 01:23 -------- d-----w- C:\3be94e095c1bd6de016f5c63
2016-03-05 10:27 . 2016-03-05 10:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC86FFF6-4587-403B-80CB-263FACCCF37D}\offreg.2700.dll
2016-03-05 01:25 . 2016-03-05 01:46 -------- d-----w- C:\bbba97b994a07a1be031462f
2016-03-05 01:01 . 2016-03-05 01:05 -------- d-----w- C:\31fa6aa80c752f54d4d4
2016-03-04 14:39 . 2016-02-19 01:53 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC86FFF6-4587-403B-80CB-263FACCCF37D}\mpengine.dll
2016-03-04 14:30 . 2016-03-04 14:35 -------- d-----w- C:\cc8645b3e8e54dd05f61bf5875
2016-03-04 14:19 . 2016-03-04 14:23 -------- d-----w- C:\c449d64c4ebae3a23bcfb3ecf1
2016-03-04 14:12 . 2016-03-08 21:44 -------- d-----w- C:\FRST
2016-03-03 17:16 . 2016-03-03 17:58 -------- d-----w- C:\19f37c3308318fd835d3
2016-03-01 04:49 . 2016-03-01 13:59 -------- d-----w- C:\776efec3994dc65a8135c13f425eb39a
2016-02-29 14:05 . 2016-02-29 16:49 -------- d-----w- C:\AdwCleaner
2016-02-29 02:48 . 2016-02-29 03:32 -------- d-----w- C:\87191b87ec821b9a35e29a4d7cea4a28
2016-02-29 01:12 . 2016-02-29 01:58 -------- d-----w- C:\a5536ae8fbf3557930dd5a61f753
2016-02-28 02:46 . 2016-02-28 03:30 -------- d-----w- C:\75a4ce58b6a8ad0491fb380013b5
2016-02-28 01:12 . 2016-02-28 01:56 -------- d-----w- C:\ba10273c2ca3807f927931
2016-02-27 00:23 . 2016-02-27 00:52 -------- d-----w- C:\0fc28fcba1efd5f48e794d16d42629e6
2016-02-26 23:19 . 2016-02-26 23:50 -------- d-----w- C:\0212b3a2baaf4e902f178b
2016-02-26 18:35 . 2016-02-26 18:35 -------- d-----w- c:\users\John Moore\AppData\Roaming\AVAST Software
2016-02-26 18:32 . 2016-02-26 18:32 -------- d-----w- c:\program files\Common Files\AV
2016-02-26 18:32 . 2016-02-26 18:32 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-02-26 18:31 . 2016-03-01 20:12 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-26 18:31 . 2016-02-29 20:07 -------- d-----w- c:\programdata\RogueKiller
2016-02-26 18:31 . 2016-02-26 18:32 287016 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-02-26 18:31 . 2016-02-26 18:30 165344 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-02-26 18:31 . 2016-02-26 18:32 463744 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-02-26 18:30 . 2016-02-26 18:30 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-02-26 18:30 . 2016-02-26 18:30 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-02-26 18:30 . 2016-02-26 18:30 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-02-26 18:30 . 2016-02-26 18:30 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-02-26 18:30 . 2016-02-26 18:29 1065720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-02-26 18:30 . 2016-02-26 18:30 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-02-26 18:29 . 2016-02-26 18:29 52184 ----a-w- c:\windows\avastSS.scr
2016-02-26 18:26 . 2016-02-26 18:26 -------- d-----w- c:\program files\AVAST Software
2016-02-26 18:26 . 2016-02-26 18:26 -------- d-----w- c:\programdata\AVAST Software
2016-02-26 15:53 . 2016-02-26 15:55 -------- d-----w- C:\8aa76afeaa92d860819584
2016-02-26 15:47 . 2016-02-26 15:50 -------- d-----w- C:\04245fb0e3c8d50095e4818ad3
2016-02-26 14:48 . 2016-02-26 15:04 -------- d-----w- C:\9d656bb0b2f7cae9a1beebc4374e
2016-02-26 14:13 . 2016-02-26 14:28 -------- d-----w- C:\dbb0005e37e0ce89dfbf3a01
2016-02-26 01:12 . 2016-02-26 01:25 -------- d-----w- C:\75d7e1a9b7aa52f14620dc0117aa
2016-02-26 01:01 . 2016-02-26 01:07 -------- d-----w- C:\65c667b1daa48aa82f513ce5f896
2016-02-26 00:18 . 2016-02-26 00:37 -------- d-----w- C:\c783248dc7c8690ab17d703fc77d2d17
2016-02-25 23:16 . 2016-02-25 23:32 -------- d-----w- C:\e23b03d002d4d19e0de97b
2016-02-25 01:00 . 2016-02-25 01:00 -------- d-----w- C:\found.000
2016-02-24 22:53 . 2016-02-24 23:09 -------- d-----w- C:\f116aa7a7557b6ed8fb5
2016-02-24 17:08 . 2016-02-24 17:11 -------- d-----w- C:\51ff9977ee369f8f9776
2016-02-24 15:53 . 2016-02-24 15:55 -------- d-----w- C:\f1afc6d4b76d4ae15525
2016-02-24 15:27 . 2016-02-24 15:50 -------- d-----w- C:\479fa64ee73271e0608ba11e6098672d
2016-02-24 01:01 . 2016-02-24 01:02 -------- d-----w- C:\abaaff42768034fd63bd1d95
2016-02-23 21:21 . 2016-02-23 21:37 -------- d-----w- C:\346c57920aad8c74f2b36977d0
2016-02-23 01:40 . 2016-02-23 01:52 -------- d-----w- C:\cd6b8fd0387767095891ae4a8413
2016-02-23 01:03 . 2016-02-23 01:18 -------- d-----w- C:\3f6c2bc26110800dc8f0fdf9321e8e5c
2016-02-22 18:27 . 2016-02-22 18:45 -------- d-----w- C:\dc4c75133c0524fe6ed4c2e9ae
2016-02-22 01:25 . 2016-02-22 01:31 -------- d-----w- C:\3e90b6d0854e08111e4ab177b4b35e
2016-02-22 01:01 . 2016-02-22 01:13 -------- d-----w- C:\826c23857e76457d2f8181
2016-02-21 02:39 . 2016-02-21 02:39 -------- d-----w- C:\cf12c74d6b1be81bbbc569cbaccedd81
2016-02-21 01:33 . 2016-02-21 01:41 -------- d-----w- C:\09eb9f63d5b44f116eba
2016-02-21 01:25 . 2016-02-21 01:29 -------- d-----w- C:\ad44be6304a15e3c9ca8dde6cc73
2016-02-20 20:06 . 2016-02-20 20:13 -------- d-----w- C:\a5e630a195673dc8294e47f8ac24
2016-02-20 17:43 . 2016-02-20 17:46 -------- d-----w- C:\5ca7a7db0c3f108616620fb235
2016-02-20 17:34 . 2016-02-20 17:41 -------- d-----w- C:\1406b2ed98107f1a7b71628e28
2016-02-20 02:04 . 2016-02-20 02:11 -------- d-----w- C:\473492a503fd7c0caf0a1c1e7b47de8b
2016-02-19 00:43 . 2016-02-19 00:56 -------- d-----w- C:\09ecba1ec6f111c91c49
2016-02-19 00:19 . 2016-02-19 00:25 -------- d-----w- C:\32bd800444cf112e47ba81
2016-02-18 01:59 . 2016-02-18 02:17 -------- d-----w- C:\9f76b6b4dd2f43e69c11b6861bbeee6b
2016-02-18 01:22 . 2016-02-18 01:40 -------- d-----w- C:\a4ea4e9eb48b74957574d58eef
2016-02-17 01:50 . 2016-02-17 01:52 -------- d-----w- C:\02cd9ca0e4310c1715ae64
2016-02-17 01:43 . 2016-02-17 01:47 -------- d-----w- C:\d0a269d1098f541e48
2016-02-17 01:25 . 2016-02-17 01:25 -------- d-----w- C:\12c8607c583f7eb81027f3
2016-02-17 01:01 . 2016-02-17 01:18 -------- d-----w- C:\c7902f7810844c46f7f1b9ff93a72bf3
2016-02-16 21:46 . 2016-02-16 22:01 -------- d-----w- C:\06553ca4da1747e515426d42ba2649
2016-02-16 21:10 . 2016-02-16 21:27 -------- d-----w- C:\f59e7e3460aac45654debc660356
2016-02-16 17:04 . 2016-02-16 17:07 -------- d-----w- C:\dbc6e35d186c8517c7b77603
2016-02-16 16:56 . 2016-02-16 17:01 -------- d-----w- C:\1a2c54eed226b44c70a8db
2016-02-15 20:37 . 2016-02-15 20:52 -------- d-----w- C:\ba23523692e67fe56cd78e
2016-02-15 20:07 . 2016-02-15 20:19 -------- d-----w- C:\f7434acc7b4f84e4d29a24d366a196e2
2016-02-15 19:17 . 2016-02-15 19:20 -------- d-----w- C:\789de38b6972b1a99b
2016-02-15 19:08 . 2016-02-15 19:13 -------- d-----w- C:\e119c67e530c99c22349
2016-02-13 23:29 . 2016-02-13 23:44 -------- d-----w- C:\af26485365bd7ac5e7a15c06111a3b5d
2016-02-13 22:59 . 2016-02-13 23:06 -------- d-----w- C:\b1214771c3ea448c807a
2016-02-13 01:38 . 2016-02-13 01:41 -------- d-----w- C:\122593e5461b6fc1917635
2016-02-13 01:31 . 2016-02-13 01:35 -------- d-----w- C:\3a63027f6cd272969aafa5
2016-02-12 22:28 . 2016-02-12 22:31 -------- d-----w- C:\783e752c4d2992d7d6
2016-02-12 22:21 . 2016-02-12 22:25 -------- d-----w- C:\1be3552f2fafdc33bf364c34
2016-02-12 01:31 . 2016-02-12 01:31 -------- d-----w- C:\c02f856f9dd7947e04
2016-02-12 01:01 . 2016-02-12 01:15 -------- d-----w- C:\d5583e78138f71b333d5105bca90
2016-02-11 18:50 . 2016-02-11 19:10 -------- d-----w- C:\25e90316cd0738c8e7df90c9f3a8
2016-02-11 18:21 . 2016-02-11 18:36 -------- d-----w- C:\7299151bdae94637c4a97b
2016-02-11 17:29 . 2016-02-11 17:31 -------- d-----w- C:\1baab67eee774fed538eeb61
2016-02-11 01:22 . 2016-02-06 10:24 2887680 ----a-w- c:\windows\system32\iertutil.dll
2016-02-11 01:20 . 2016-02-11 01:27 -------- d-----w- C:\b5d02b8f74bbd2594eb98527e4fc
2016-02-11 01:05 . 2016-02-11 01:09 -------- d-----w- C:\2f5751edecae60d103dcdad17d0f482a
2016-02-10 02:06 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-10 02:05 . 2016-01-22 06:27 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-02-10 02:04 . 2016-01-22 06:19 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-02-10 02:04 . 2016-01-22 05:19 3231232 ----a-w- c:\windows\explorer.exe
2016-02-10 02:04 . 2016-01-22 06:15 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-10 02:04 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-02-10 02:04 . 2016-01-22 06:12 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-10 02:04 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-02-10 02:04 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\SysWow64\authui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-08 21:46 . 2015-05-26 21:18 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-11 17:17 . 2012-07-14 14:07 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-11 17:17 . 2012-07-14 14:07 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-11 01:32 . 2014-02-19 19:55 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-01-24 02:14 . 2016-01-24 02:14 0 ---ha-w- c:\users\John Moore\AppData\Local\BITECFC.tmp
2016-01-22 05:59 . 2016-02-10 02:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-05-25 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-02-26 7139768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
"TotalRecipeSearch_14 Browser Plugin Loader 64"="c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon64.exe"
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe"/startup
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-19 20:28 1088664 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 17:17]
.
2016-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 17:59]
.
2016-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-02-26 18:30 905248 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2016-02-19 12831984]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-03-08 16:50:43
ComboFix-quarantined-files.txt 2016-03-08 22:50
ComboFix2.txt 2016-03-07 22:43
.
Pre-Run: 557,492,191,232 bytes free
Post-Run: 557,068,455,936 bytes free
.
- - End Of File - - 5FFBBABA9ED6557D450757887E443CC5
5B5E648D12FCADC244C1EC30318E1EB9


==================== End of FRST.txt ============================

#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 09 March 2016 - 05:23 AM

Please do the following,

Please read carefully and run

 

FRST Script run:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
Task: {BE03F789-9D40-4859-9304-5B6B0C558E84} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-05-25] (Glarysoft Ltd)
Task: {C8705F54-37AC-4AB8-87B3-9D53A9FB0E8C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-05-25] (Glarysoft Ltd)
Task: C:\windows\Tasks\DriverCure.job => C:\Program Files (x86)\ParetoLogic\DriverCure\DriverCure.exe
Task: C:\windows\Tasks\FileCure.job => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-05-25] (Glarysoft Ltd)
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: {1923c29d-19f5-11df-aab3-00266c3f9dfa} - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: {1923c2ea-19f5-11df-aab3-00266c3f9dfa} - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
SearchScopes: HKLM -> DefaultScope {5A35403A-FBCF-4054-98F4-2E0770360865} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5A35403A-FBCF-4054-98F4-2E0770360865} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enDE366
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {3CCBC11A-2435-498E-B3A8-62FB149FE177} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {5A35403A-FBCF-4054-98F4-2E0770360865} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-11-18] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-05-26] (Glarysoft Ltd)
2016-03-03 11:16 - 2016-03-03 11:58 - 00000000 ____D C:\19f37c3308318fd835d3
2016-02-29 22:49 - 2016-03-01 07:59 - 00000000 ____D C:\776efec3994dc65a8135c13f425eb39a
2016-02-28 20:48 - 2016-02-28 21:32 - 00000000 ____D C:\87191b87ec821b9a35e29a4d7cea4a28
2016-02-28 19:12 - 2016-02-28 19:58 - 00000000 ____D C:\a5536ae8fbf3557930dd5a61f753
2016-02-27 20:46 - 2016-02-27 21:30 - 00000000 ____D C:\75a4ce58b6a8ad0491fb380013b5
2016-02-27 19:12 - 2016-02-27 19:56 - 00000000 ____D C:\ba10273c2ca3807f927931
2016-02-26 18:23 - 2016-02-26 18:52 - 00000000 ____D C:\0fc28fcba1efd5f48e794d16d42629e6
2016-02-26 17:19 - 2016-02-26 17:50 - 00000000 ____D C:\0212b3a2baaf4e902f178b
2016-02-26 09:53 - 2016-02-26 09:55 - 00000000 ____D C:\8aa76afeaa92d860819584
2016-02-26 09:47 - 2016-02-26 09:50 - 00000000 ____D C:\04245fb0e3c8d50095e4818ad3
2016-02-26 08:48 - 2016-02-26 09:04 - 00000000 ____D C:\9d656bb0b2f7cae9a1beebc4374e
2016-02-26 08:13 - 2016-02-26 08:28 - 00000000 ____D C:\dbb0005e37e0ce89dfbf3a01
2016-02-25 19:12 - 2016-02-25 19:25 - 00000000 ____D C:\75d7e1a9b7aa52f14620dc0117aa
2016-02-25 19:01 - 2016-02-25 19:07 - 00000000 ____D C:\65c667b1daa48aa82f513ce5f896
2016-02-25 18:18 - 2016-02-25 18:37 - 00000000 ____D C:\c783248dc7c8690ab17d703fc77d2d17
2016-02-25 17:16 - 2016-02-25 17:32 - 00000000 ____D C:\e23b03d002d4d19e0de97b
2016-02-24 16:53 - 2016-02-24 17:09 - 00000000 ____D C:\f116aa7a7557b6ed8fb5
2016-02-24 11:08 - 2016-02-24 11:11 - 00000000 ____D C:\51ff9977ee369f8f9776
2016-02-24 09:53 - 2016-02-24 09:55 - 00000000 ____D C:\f1afc6d4b76d4ae15525
2016-02-24 09:27 - 2016-02-24 09:50 - 00000000 ____D C:\479fa64ee73271e0608ba11e6098672d
2016-02-23 19:01 - 2016-02-23 19:02 - 00000000 ____D C:\abaaff42768034fd63bd1d95
2016-02-23 15:21 - 2016-02-23 15:37 - 00000000 ____D C:\346c57920aad8c74f2b36977d0
2016-02-22 19:40 - 2016-02-22 19:52 - 00000000 ____D C:\cd6b8fd0387767095891ae4a8413
2016-02-22 19:03 - 2016-02-22 19:18 - 00000000 ____D C:\3f6c2bc26110800dc8f0fdf9321e8e5c
2016-02-22 12:27 - 2016-02-22 12:45 - 00000000 ____D C:\dc4c75133c0524fe6ed4c2e9ae
2016-02-21 19:25 - 2016-02-21 19:31 - 00000000 ____D C:\3e90b6d0854e08111e4ab177b4b35e
2016-02-21 19:01 - 2016-02-21 19:13 - 00000000 ____D C:\826c23857e76457d2f8181
2016-02-20 20:39 - 2016-02-20 20:39 - 00000000 ____D C:\cf12c74d6b1be81bbbc569cbaccedd81
2016-02-20 19:33 - 2016-02-20 19:41 - 00000000 ____D C:\09eb9f63d5b44f116eba
2016-02-20 19:25 - 2016-02-20 19:29 - 00000000 ____D C:\ad44be6304a15e3c9ca8dde6cc73
2016-02-20 14:06 - 2016-02-20 14:13 - 00000000 ____D C:\a5e630a195673dc8294e47f8ac24
2016-02-20 11:43 - 2016-02-20 11:46 - 00000000 ____D C:\5ca7a7db0c3f108616620fb235
2016-02-20 11:34 - 2016-02-20 11:41 - 00000000 ____D C:\1406b2ed98107f1a7b71628e28
2016-02-19 20:04 - 2016-02-19 20:11 - 00000000 ____D C:\473492a503fd7c0caf0a1c1e7b47de8b
2016-02-18 18:43 - 2016-02-18 18:56 - 00000000 ____D C:\09ecba1ec6f111c91c49
2016-02-18 18:19 - 2016-02-18 18:25 - 00000000 ____D C:\32bd800444cf112e47ba81
2016-02-17 19:59 - 2016-02-17 20:17 - 00000000 ____D C:\9f76b6b4dd2f43e69c11b6861bbeee6b
2016-02-17 19:22 - 2016-02-17 19:40 - 00000000 ____D C:\a4ea4e9eb48b74957574d58eef
2016-02-16 19:50 - 2016-02-16 19:52 - 00000000 ____D C:\02cd9ca0e4310c1715ae64
2016-02-16 19:43 - 2016-02-16 19:47 - 00000000 ____D C:\d0a269d1098f541e48
2016-02-16 19:25 - 2016-02-16 19:25 - 00000000 ____D C:\12c8607c583f7eb81027f3
2016-02-16 19:01 - 2016-02-16 19:18 - 00000000 ____D C:\c7902f7810844c46f7f1b9ff93a72bf3
2016-02-16 15:46 - 2016-02-16 16:01 - 00000000 ____D C:\06553ca4da1747e515426d42ba2649
2016-02-16 15:10 - 2016-02-16 15:27 - 00000000 ____D C:\f59e7e3460aac45654debc660356
2016-02-16 11:04 - 2016-02-16 11:07 - 00000000 ____D C:\dbc6e35d186c8517c7b77603
2016-02-16 10:56 - 2016-02-16 11:01 - 00000000 ____D C:\1a2c54eed226b44c70a8db
2016-02-15 14:37 - 2016-02-15 14:52 - 00000000 ____D C:\ba23523692e67fe56cd78e
2016-02-15 14:07 - 2016-02-15 14:19 - 00000000 ____D C:\f7434acc7b4f84e4d29a24d366a196e2
2016-02-15 13:17 - 2016-02-15 13:20 - 00000000 ____D C:\789de38b6972b1a99b
2016-02-15 13:08 - 2016-02-15 13:13 - 00000000 ____D C:\e119c67e530c99c22349
2016-02-13 17:29 - 2016-02-13 17:44 - 00000000 ____D C:\af26485365bd7ac5e7a15c06111a3b5d
2016-02-13 16:59 - 2016-02-13 17:06 - 00000000 ____D C:\b1214771c3ea448c807a
2016-02-12 19:38 - 2016-02-12 19:41 - 00000000 ____D C:\122593e5461b6fc1917635
2016-02-12 19:31 - 2016-02-12 19:35 - 00000000 ____D C:\3a63027f6cd272969aafa5
2016-02-12 16:28 - 2016-02-12 16:31 - 00000000 ____D C:\783e752c4d2992d7d6
2016-02-12 16:21 - 2016-02-12 16:25 - 00000000 ____D C:\1be3552f2fafdc33bf364c34
2016-02-11 19:31 - 2016-02-11 19:31 - 00000000 ____D C:\c02f856f9dd7947e04
2016-02-11 19:01 - 2016-02-11 19:15 - 00000000 ____D C:\d5583e78138f71b333d5105bca90
2016-02-11 12:50 - 2016-02-11 13:10 - 00000000 ____D C:\25e90316cd0738c8e7df90c9f3a8
2016-02-11 12:21 - 2016-02-11 12:36 - 00000000 ____D C:\7299151bdae94637c4a97b
2016-02-11 11:29 - 2016-02-11 11:31 - 00000000 ____D C:\1baab67eee774fed538eeb61
2016-02-10 19:20 - 2016-02-10 19:27 - 00000000 ____D C:\b5d02b8f74bbd2594eb98527e4fc
2016-02-10 19:05 - 2016-02-10 19:09 - 00000000 ____D C:\2f5751edecae60d103dcdad17d0f482a
2016-03-04 08:08 - 2015-02-17 09:50 - 00000438 _____ C:\windows\system32\Drivers\etc\hosts.ics
C:\Program Files (x86)\Glary Utilities 5
2016-02-29 03:11 - 2010-02-15 00:41 - 00000398 _____ C:\windows\Tasks\FileCure.job
2016-02-28 03:11 - 2010-02-15 05:42 - 00000414 _____ C:\windows\Tasks\DriverCure.job
2016-02-26 20:14 - 2014-12-12 19:28 - 00000000 ____D C:\Users\John Moore\AppData\Local\ElevatedDiagnostics
2010-04-03 06:46 - 2010-04-03 06:46 - 0000000 _____ () C:\Users\John Moore\AppData\Roaming\wklnhst.dat
2016-01-23 20:14 - 2016-01-23 20:14 - 0000000 ____H () C:\Users\John Moore\AppData\Local\BITECFC.tmp
2016-01-23 20:13 - 2016-01-23 20:13 - 0000000 _____ () C:\Users\John Moore\AppData\Local\{520FACC7-9001-404E-B7FA-27B1D6113F59}
C:\Users\John Moore\AppData\Local\Temp\dllnt_dump.dll
C:\Users\John Moore\AppData\Local\Temp\sqlite3.dll
Emptytemp:
end

Close Notepad.
NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 09 March 2016 - 08:52 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by John Moore (2016-03-09 07:44:42) Run:1
Running from C:\Users\John Moore\Desktop
Loaded Profiles: John Moore (Available Profiles: John Moore)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
Task: {BE03F789-9D40-4859-9304-5B6B0C558E84} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-05-25] (Glarysoft Ltd)
Task: {C8705F54-37AC-4AB8-87B3-9D53A9FB0E8C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-05-25] (Glarysoft Ltd)
Task: C:\windows\Tasks\DriverCure.job => C:\Program Files (x86)\ParetoLogic\DriverCure\DriverCure.exe
Task: C:\windows\Tasks\FileCure.job => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-05-25] (Glarysoft Ltd)
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: {1923c29d-19f5-11df-aab3-00266c3f9dfa} - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...\MountPoints2: {1923c2ea-19f5-11df-aab3-00266c3f9dfa} - E:\LaunchU3.exe -a
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
SearchScopes: HKLM -> DefaultScope {5A35403A-FBCF-4054-98F4-2E0770360865} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5A35403A-FBCF-4054-98F4-2E0770360865} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {37276FC4-5D62-4CAE-90AD-6F22C4C289B7} URL = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enDE366
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {3CCBC11A-2435-498E-B3A8-62FB149FE177} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> {5A35403A-FBCF-4054-98F4-2E0770360865} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-11-18] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-926204724-1831859192-4147195393-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-05-26] (Glarysoft Ltd)
2016-03-03 11:16 - 2016-03-03 11:58 - 00000000 ____D C:\19f37c3308318fd835d3
2016-02-29 22:49 - 2016-03-01 07:59 - 00000000 ____D C:\776efec3994dc65a8135c13f425eb39a
2016-02-28 20:48 - 2016-02-28 21:32 - 00000000 ____D C:\87191b87ec821b9a35e29a4d7cea4a28
2016-02-28 19:12 - 2016-02-28 19:58 - 00000000 ____D C:\a5536ae8fbf3557930dd5a61f753
2016-02-27 20:46 - 2016-02-27 21:30 - 00000000 ____D C:\75a4ce58b6a8ad0491fb380013b5
2016-02-27 19:12 - 2016-02-27 19:56 - 00000000 ____D C:\ba10273c2ca3807f927931
2016-02-26 18:23 - 2016-02-26 18:52 - 00000000 ____D C:\0fc28fcba1efd5f48e794d16d42629e6
2016-02-26 17:19 - 2016-02-26 17:50 - 00000000 ____D C:\0212b3a2baaf4e902f178b
2016-02-26 09:53 - 2016-02-26 09:55 - 00000000 ____D C:\8aa76afeaa92d860819584
2016-02-26 09:47 - 2016-02-26 09:50 - 00000000 ____D C:\04245fb0e3c8d50095e4818ad3
2016-02-26 08:48 - 2016-02-26 09:04 - 00000000 ____D C:\9d656bb0b2f7cae9a1beebc4374e
2016-02-26 08:13 - 2016-02-26 08:28 - 00000000 ____D C:\dbb0005e37e0ce89dfbf3a01
2016-02-25 19:12 - 2016-02-25 19:25 - 00000000 ____D C:\75d7e1a9b7aa52f14620dc0117aa
2016-02-25 19:01 - 2016-02-25 19:07 - 00000000 ____D C:\65c667b1daa48aa82f513ce5f896
2016-02-25 18:18 - 2016-02-25 18:37 - 00000000 ____D C:\c783248dc7c8690ab17d703fc77d2d17
2016-02-25 17:16 - 2016-02-25 17:32 - 00000000 ____D C:\e23b03d002d4d19e0de97b
2016-02-24 16:53 - 2016-02-24 17:09 - 00000000 ____D C:\f116aa7a7557b6ed8fb5
2016-02-24 11:08 - 2016-02-24 11:11 - 00000000 ____D C:\51ff9977ee369f8f9776
2016-02-24 09:53 - 2016-02-24 09:55 - 00000000 ____D C:\f1afc6d4b76d4ae15525
2016-02-24 09:27 - 2016-02-24 09:50 - 00000000 ____D C:\479fa64ee73271e0608ba11e6098672d
2016-02-23 19:01 - 2016-02-23 19:02 - 00000000 ____D C:\abaaff42768034fd63bd1d95
2016-02-23 15:21 - 2016-02-23 15:37 - 00000000 ____D C:\346c57920aad8c74f2b36977d0
2016-02-22 19:40 - 2016-02-22 19:52 - 00000000 ____D C:\cd6b8fd0387767095891ae4a8413
2016-02-22 19:03 - 2016-02-22 19:18 - 00000000 ____D C:\3f6c2bc26110800dc8f0fdf9321e8e5c
2016-02-22 12:27 - 2016-02-22 12:45 - 00000000 ____D C:\dc4c75133c0524fe6ed4c2e9ae
2016-02-21 19:25 - 2016-02-21 19:31 - 00000000 ____D C:\3e90b6d0854e08111e4ab177b4b35e
2016-02-21 19:01 - 2016-02-21 19:13 - 00000000 ____D C:\826c23857e76457d2f8181
2016-02-20 20:39 - 2016-02-20 20:39 - 00000000 ____D C:\cf12c74d6b1be81bbbc569cbaccedd81
2016-02-20 19:33 - 2016-02-20 19:41 - 00000000 ____D C:\09eb9f63d5b44f116eba
2016-02-20 19:25 - 2016-02-20 19:29 - 00000000 ____D C:\ad44be6304a15e3c9ca8dde6cc73
2016-02-20 14:06 - 2016-02-20 14:13 - 00000000 ____D C:\a5e630a195673dc8294e47f8ac24
2016-02-20 11:43 - 2016-02-20 11:46 - 00000000 ____D C:\5ca7a7db0c3f108616620fb235
2016-02-20 11:34 - 2016-02-20 11:41 - 00000000 ____D C:\1406b2ed98107f1a7b71628e28
2016-02-19 20:04 - 2016-02-19 20:11 - 00000000 ____D C:\473492a503fd7c0caf0a1c1e7b47de8b
2016-02-18 18:43 - 2016-02-18 18:56 - 00000000 ____D C:\09ecba1ec6f111c91c49
2016-02-18 18:19 - 2016-02-18 18:25 - 00000000 ____D C:\32bd800444cf112e47ba81
2016-02-17 19:59 - 2016-02-17 20:17 - 00000000 ____D C:\9f76b6b4dd2f43e69c11b6861bbeee6b
2016-02-17 19:22 - 2016-02-17 19:40 - 00000000 ____D C:\a4ea4e9eb48b74957574d58eef
2016-02-16 19:50 - 2016-02-16 19:52 - 00000000 ____D C:\02cd9ca0e4310c1715ae64
2016-02-16 19:43 - 2016-02-16 19:47 - 00000000 ____D C:\d0a269d1098f541e48
2016-02-16 19:25 - 2016-02-16 19:25 - 00000000 ____D C:\12c8607c583f7eb81027f3
2016-02-16 19:01 - 2016-02-16 19:18 - 00000000 ____D C:\c7902f7810844c46f7f1b9ff93a72bf3
2016-02-16 15:46 - 2016-02-16 16:01 - 00000000 ____D C:\06553ca4da1747e515426d42ba2649
2016-02-16 15:10 - 2016-02-16 15:27 - 00000000 ____D C:\f59e7e3460aac45654debc660356
2016-02-16 11:04 - 2016-02-16 11:07 - 00000000 ____D C:\dbc6e35d186c8517c7b77603
2016-02-16 10:56 - 2016-02-16 11:01 - 00000000 ____D C:\1a2c54eed226b44c70a8db
2016-02-15 14:37 - 2016-02-15 14:52 - 00000000 ____D C:\ba23523692e67fe56cd78e
2016-02-15 14:07 - 2016-02-15 14:19 - 00000000 ____D C:\f7434acc7b4f84e4d29a24d366a196e2
2016-02-15 13:17 - 2016-02-15 13:20 - 00000000 ____D C:\789de38b6972b1a99b
2016-02-15 13:08 - 2016-02-15 13:13 - 00000000 ____D C:\e119c67e530c99c22349
2016-02-13 17:29 - 2016-02-13 17:44 - 00000000 ____D C:\af26485365bd7ac5e7a15c06111a3b5d
2016-02-13 16:59 - 2016-02-13 17:06 - 00000000 ____D C:\b1214771c3ea448c807a
2016-02-12 19:38 - 2016-02-12 19:41 - 00000000 ____D C:\122593e5461b6fc1917635
2016-02-12 19:31 - 2016-02-12 19:35 - 00000000 ____D C:\3a63027f6cd272969aafa5
2016-02-12 16:28 - 2016-02-12 16:31 - 00000000 ____D C:\783e752c4d2992d7d6
2016-02-12 16:21 - 2016-02-12 16:25 - 00000000 ____D C:\1be3552f2fafdc33bf364c34
2016-02-11 19:31 - 2016-02-11 19:31 - 00000000 ____D C:\c02f856f9dd7947e04
2016-02-11 19:01 - 2016-02-11 19:15 - 00000000 ____D C:\d5583e78138f71b333d5105bca90
2016-02-11 12:50 - 2016-02-11 13:10 - 00000000 ____D C:\25e90316cd0738c8e7df90c9f3a8
2016-02-11 12:21 - 2016-02-11 12:36 - 00000000 ____D C:\7299151bdae94637c4a97b
2016-02-11 11:29 - 2016-02-11 11:31 - 00000000 ____D C:\1baab67eee774fed538eeb61
2016-02-10 19:20 - 2016-02-10 19:27 - 00000000 ____D C:\b5d02b8f74bbd2594eb98527e4fc
2016-02-10 19:05 - 2016-02-10 19:09 - 00000000 ____D C:\2f5751edecae60d103dcdad17d0f482a
2016-03-04 08:08 - 2015-02-17 09:50 - 00000438 _____ C:\windows\system32\Drivers\etc\hosts.ics
C:\Program Files (x86)\Glary Utilities 5
2016-02-29 03:11 - 2010-02-15 00:41 - 00000398 _____ C:\windows\Tasks\FileCure.job
2016-02-28 03:11 - 2010-02-15 05:42 - 00000414 _____ C:\windows\Tasks\DriverCure.job
2016-02-26 20:14 - 2014-12-12 19:28 - 00000000 ____D C:\Users\John Moore\AppData\Local\ElevatedDiagnostics
2010-04-03 06:46 - 2010-04-03 06:46 - 0000000 _____ () C:\Users\John Moore\AppData\Roaming\wklnhst.dat
2016-01-23 20:14 - 2016-01-23 20:14 - 0000000 ____H () C:\Users\John Moore\AppData\Local\BITECFC.tmp
2016-01-23 20:13 - 2016-01-23 20:13 - 0000000 _____ () C:\Users\John Moore\AppData\Local\{520FACC7-9001-404E-B7FA-27B1D6113F59}
C:\Users\John Moore\AppData\Local\Temp\dllnt_dump.dll
C:\Users\John Moore\AppData\Local\Temp\sqlite3.dll
Emptytemp:
end
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE03F789-9D40-4859-9304-5B6B0C558E84}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE03F789-9D40-4859-9304-5B6B0C558E84}" => key removed successfully
C:\windows\System32\Tasks\GlaryInitialize 5 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize 5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8705F54-37AC-4AB8-87B3-9D53A9FB0E8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8705F54-37AC-4AB8-87B3-9D53A9FB0E8C}" => key removed successfully
C:\windows\System32\Tasks\GU5SkipUAC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GU5SkipUAC" => key removed successfully
C:\windows\Tasks\DriverCure.job => not found.
C:\windows\Tasks\FileCure.job => not found.
C:\Program Files (x86)\Glary Utilities 5\zlib1.dll => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GUDelayStartup => value removed successfully
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => key not found.
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1923c29d-19f5-11df-aab3-00266c3f9dfa} => key not found.
HKCR\CLSID\{1923c29d-19f5-11df-aab3-00266c3f9dfa} => key not found.
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1923c2ea-19f5-11df-aab3-00266c3f9dfa} => key not found.
HKCR\CLSID\{1923c2ea-19f5-11df-aab3-00266c3f9dfa} => key not found.
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => key not found.
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => key not found.
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4c60e5ab-5c68-4c59-abaa-885010b24b32} => value not found.
"HKCR\Wow6432Node\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A35403A-FBCF-4054-98F4-2E0770360865}" => key removed successfully
HKCR\CLSID\{5A35403A-FBCF-4054-98F4-2E0770360865} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{37276FC4-5D62-4CAE-90AD-6F22C4C289B7}" => key removed successfully
HKCR\Wow6432Node\CLSID\{37276FC4-5D62-4CAE-90AD-6F22C4C289B7} => key not found.
"HKU\S-1-5-21-926204724-1831859192-4147195393-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37276FC4-5D62-4CAE-90AD-6F22C4C289B7}" => key removed successfully
HKCR\CLSID\{37276FC4-5D62-4CAE-90AD-6F22C4C289B7} => key not found.
"HKU\S-1-5-21-926204724-1831859192-4147195393-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CCBC11A-2435-498E-B3A8-62FB149FE177}" => key removed successfully
HKCR\CLSID\{3CCBC11A-2435-498E-B3A8-62FB149FE177} => key not found.
"HKU\S-1-5-21-926204724-1831859192-4147195393-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A35403A-FBCF-4054-98F4-2E0770360865}" => key removed successfully
HKCR\CLSID\{5A35403A-FBCF-4054-98F4-2E0770360865} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKU\S-1-5-21-926204724-1831859192-4147195393-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
GUBootStartup => Service stopped successfully.
GUBootStartup => service removed successfully
C:\19f37c3308318fd835d3 => moved successfully
C:\776efec3994dc65a8135c13f425eb39a => moved successfully
C:\87191b87ec821b9a35e29a4d7cea4a28 => moved successfully
C:\a5536ae8fbf3557930dd5a61f753 => moved successfully
C:\75a4ce58b6a8ad0491fb380013b5 => moved successfully
C:\ba10273c2ca3807f927931 => moved successfully
C:\0fc28fcba1efd5f48e794d16d42629e6 => moved successfully
C:\0212b3a2baaf4e902f178b => moved successfully
C:\8aa76afeaa92d860819584 => moved successfully
C:\04245fb0e3c8d50095e4818ad3 => moved successfully
C:\9d656bb0b2f7cae9a1beebc4374e => moved successfully
C:\dbb0005e37e0ce89dfbf3a01 => moved successfully
C:\75d7e1a9b7aa52f14620dc0117aa => moved successfully
C:\65c667b1daa48aa82f513ce5f896 => moved successfully
C:\c783248dc7c8690ab17d703fc77d2d17 => moved successfully
C:\e23b03d002d4d19e0de97b => moved successfully
C:\f116aa7a7557b6ed8fb5 => moved successfully
C:\51ff9977ee369f8f9776 => moved successfully
C:\f1afc6d4b76d4ae15525 => moved successfully
C:\479fa64ee73271e0608ba11e6098672d => moved successfully
C:\abaaff42768034fd63bd1d95 => moved successfully
C:\346c57920aad8c74f2b36977d0 => moved successfully
C:\cd6b8fd0387767095891ae4a8413 => moved successfully
C:\3f6c2bc26110800dc8f0fdf9321e8e5c => moved successfully
C:\dc4c75133c0524fe6ed4c2e9ae => moved successfully
C:\3e90b6d0854e08111e4ab177b4b35e => moved successfully
C:\826c23857e76457d2f8181 => moved successfully
C:\cf12c74d6b1be81bbbc569cbaccedd81 => moved successfully
C:\09eb9f63d5b44f116eba => moved successfully
C:\ad44be6304a15e3c9ca8dde6cc73 => moved successfully
C:\a5e630a195673dc8294e47f8ac24 => moved successfully
C:\5ca7a7db0c3f108616620fb235 => moved successfully
C:\1406b2ed98107f1a7b71628e28 => moved successfully
C:\473492a503fd7c0caf0a1c1e7b47de8b => moved successfully
C:\09ecba1ec6f111c91c49 => moved successfully
C:\32bd800444cf112e47ba81 => moved successfully
C:\9f76b6b4dd2f43e69c11b6861bbeee6b => moved successfully
C:\a4ea4e9eb48b74957574d58eef => moved successfully
C:\02cd9ca0e4310c1715ae64 => moved successfully
C:\d0a269d1098f541e48 => moved successfully
C:\12c8607c583f7eb81027f3 => moved successfully
C:\c7902f7810844c46f7f1b9ff93a72bf3 => moved successfully
C:\06553ca4da1747e515426d42ba2649 => moved successfully
C:\f59e7e3460aac45654debc660356 => moved successfully
C:\dbc6e35d186c8517c7b77603 => moved successfully
C:\1a2c54eed226b44c70a8db => moved successfully
C:\ba23523692e67fe56cd78e => moved successfully
C:\f7434acc7b4f84e4d29a24d366a196e2 => moved successfully
C:\789de38b6972b1a99b => moved successfully
C:\e119c67e530c99c22349 => moved successfully
C:\af26485365bd7ac5e7a15c06111a3b5d => moved successfully
C:\b1214771c3ea448c807a => moved successfully
C:\122593e5461b6fc1917635 => moved successfully
C:\3a63027f6cd272969aafa5 => moved successfully
C:\783e752c4d2992d7d6 => moved successfully
C:\1be3552f2fafdc33bf364c34 => moved successfully
C:\c02f856f9dd7947e04 => moved successfully
C:\d5583e78138f71b333d5105bca90 => moved successfully
C:\25e90316cd0738c8e7df90c9f3a8 => moved successfully
C:\7299151bdae94637c4a97b => moved successfully
C:\1baab67eee774fed538eeb61 => moved successfully
C:\b5d02b8f74bbd2594eb98527e4fc => moved successfully
C:\2f5751edecae60d103dcdad17d0f482a => moved successfully
C:\windows\system32\Drivers\etc\hosts.ics => moved successfully
C:\Program Files (x86)\Glary Utilities 5 => moved successfully
"C:\windows\Tasks\FileCure.job" => not found.
"C:\windows\Tasks\DriverCure.job" => not found.
C:\Users\John Moore\AppData\Local\ElevatedDiagnostics => moved successfully
C:\Users\John Moore\AppData\Roaming\wklnhst.dat => moved successfully
C:\Users\John Moore\AppData\Local\BITECFC.tmp => moved successfully
C:\Users\John Moore\AppData\Local\{520FACC7-9001-404E-B7FA-27B1D6113F59} => moved successfully
"C:\Users\John Moore\AppData\Local\Temp\dllnt_dump.dll" => not found.
"C:\Users\John Moore\AppData\Local\Temp\sqlite3.dll" => not found.
EmptyTemp: => 492.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 07:45:38 ====

#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 PM

Posted 09 March 2016 - 03:38 PM

Please try run ComboFix again.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 slikk24

slikk24
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 09 March 2016 - 04:46 PM

ComboFix 16-03-07.01 - John Moore 03/09/2016 15:11:30.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1744 [GMT -6:00]
Running from: c:\users\John Moore\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-02-09 to 2016-03-09 )))))))))))))))))))))))))))))))
.
.
2016-03-09 21:19 . 2016-03-09 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-09 19:08 . 2016-03-09 19:56 -------- d-----w- C:\d4b55efb5b24340e14a193785d
2016-03-09 18:16 . 2016-03-09 19:08 -------- d-----w- C:\2a41c2ec3bb59d7a7c653a
2016-03-09 01:24 . 2016-03-09 01:34 -------- d-----w- C:\f861ca751d67d9f42b
2016-03-09 01:01 . 2016-03-09 01:07 -------- d-----w- C:\8ea68be56da91c61a7baee689db5ac
2016-03-08 18:32 . 2016-03-08 18:54 -------- d-----w- C:\5d277e8514431573290ae81aa977
2016-03-08 17:53 . 2016-03-08 18:13 -------- d-----w- C:\657dbc507b367d423ce505917b44
2016-03-08 01:57 . 2016-03-08 02:21 -------- d-----w- C:\0ca870530a7b8146e3a1fb2593
2016-03-08 01:05 . 2016-03-08 01:29 -------- d-----w- C:\f9268954411198146eed
2016-03-07 14:12 . 2016-03-07 14:13 202144 ----a-w- c:\windows\system32\drivers\zam64.sys
2016-03-07 14:12 . 2016-03-07 14:13 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2016-03-07 14:12 . 2016-03-07 14:13 202144 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2016-03-07 14:12 . 2016-03-07 14:12 -------- d-----w- c:\users\John Moore\AppData\Local\Zemana
2016-03-07 01:47 . 2016-03-07 02:06 -------- d-----w- C:\e96c3aa97f2f8dce4b7e
2016-03-07 01:01 . 2016-03-07 01:23 -------- d-----w- C:\b25540800d3bf352944996
2016-03-06 01:51 . 2016-03-06 02:11 -------- d-----w- C:\686361ebd6dcf4a6b2
2016-03-06 01:01 . 2016-03-06 01:23 -------- d-----w- C:\3be94e095c1bd6de016f5c63
2016-03-05 10:27 . 2016-03-05 10:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC86FFF6-4587-403B-80CB-263FACCCF37D}\offreg.2700.dll
2016-03-05 01:25 . 2016-03-05 01:46 -------- d-----w- C:\bbba97b994a07a1be031462f
2016-03-05 01:01 . 2016-03-05 01:05 -------- d-----w- C:\31fa6aa80c752f54d4d4
2016-03-04 14:39 . 2016-02-19 01:53 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC86FFF6-4587-403B-80CB-263FACCCF37D}\mpengine.dll
2016-03-04 14:30 . 2016-03-04 14:35 -------- d-----w- C:\cc8645b3e8e54dd05f61bf5875
2016-03-04 14:19 . 2016-03-04 14:23 -------- d-----w- C:\c449d64c4ebae3a23bcfb3ecf1
2016-03-04 14:12 . 2016-03-09 13:48 -------- d-----w- C:\FRST
2016-02-29 14:05 . 2016-02-29 16:49 -------- d-----w- C:\AdwCleaner
2016-02-26 18:35 . 2016-02-26 18:35 -------- d-----w- c:\users\John Moore\AppData\Roaming\AVAST Software
2016-02-26 18:32 . 2016-02-26 18:32 -------- d-----w- c:\program files\Common Files\AV
2016-02-26 18:32 . 2016-02-26 18:32 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-02-26 18:31 . 2016-03-01 20:12 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-26 18:31 . 2016-02-29 20:07 -------- d-----w- c:\programdata\RogueKiller
2016-02-26 18:31 . 2016-02-26 18:32 287016 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-02-26 18:31 . 2016-02-26 18:30 165344 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-02-26 18:31 . 2016-02-26 18:32 463744 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-02-26 18:30 . 2016-02-26 18:30 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-02-26 18:30 . 2016-03-09 18:41 107792 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-02-26 18:30 . 2016-02-26 18:30 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-02-26 18:30 . 2016-02-26 18:30 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-02-26 18:30 . 2016-03-09 18:46 1070904 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-02-26 18:30 . 2016-02-26 18:30 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-02-26 18:29 . 2016-02-26 18:29 52184 ----a-w- c:\windows\avastSS.scr
2016-02-26 18:26 . 2016-02-26 18:26 -------- d-----w- c:\program files\AVAST Software
2016-02-26 18:26 . 2016-02-26 18:26 -------- d-----w- c:\programdata\AVAST Software
2016-02-25 01:00 . 2016-02-25 01:00 -------- d-----w- C:\found.000
2016-02-11 01:22 . 2016-02-06 10:24 2887680 ----a-w- c:\windows\system32\iertutil.dll
2016-02-11 01:04 . 2016-01-06 19:04 1737216 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2016-02-10 02:06 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-10 02:05 . 2016-01-22 06:27 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-02-10 02:04 . 2016-01-22 06:19 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-02-10 02:04 . 2016-01-22 05:19 3231232 ----a-w- c:\windows\explorer.exe
2016-02-10 02:04 . 2016-01-22 06:15 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-10 02:04 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-02-10 02:04 . 2016-01-22 06:12 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-10 02:04 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-02-10 02:04 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\SysWow64\authui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-08 21:46 . 2015-05-26 21:18 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-11 17:17 . 2012-07-14 14:07 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-11 17:17 . 2012-07-14 14:07 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-11 01:32 . 2014-02-19 19:55 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-01-22 05:59 . 2016-02-10 02:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-03-09 7137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
"TotalRecipeSearch_14 Browser Plugin Loader 64"="c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon64.exe"
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe"/startup
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-19 20:28 1088664 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 17:17]
.
2016-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 17:59]
.
2016-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 17:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-02-26 18:30 905248 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2016-02-19 12831984]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Glary Utilities 5 - c:\program files (x86)\Glary Utilities 5\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-03-09 15:23:08
ComboFix-quarantined-files.txt 2016-03-09 21:23
ComboFix2.txt 2016-03-08 22:50
ComboFix3.txt 2016-03-07 22:43
.
Pre-Run: 557,170,524,160 bytes free
Post-Run: 556,982,591,488 bytes free
.
- - End Of File - - 0E18EB8722714059825E015E55A66659
5B5E648D12FCADC244C1EC30318E1EB9




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users