Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run any exe files and get BSOD occasionaly


  • This topic is locked This topic is locked
44 replies to this topic

#1 kcp

kcp

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 04 March 2016 - 11:43 AM

I am trying to fix a HP Pavilion Desktop Computer that is used in a business.  I was told that in July of 2015 there was a problem with malware and ID theft.  I was not the person who assisted in this problem resolution.

 

Now I was called in to because of BSOD and unable to run programs. 

 

 

 

So when I tried to run FRST64 got warning messages about unable to save hives.....multiple warnings(security, software and others.

 

Here are the FRST logs for this computer....

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
Ran by Pepper (administrator) on SERVER (04-03-2016 10:18:48)
Running from L:\Tools
Loaded Profiles: Pepper (Available Profiles: Pepper & EasyCash)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL$DATAAGE\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
Failed to access process -> WUDFHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Data Age Business Systems, Inc.) C:\PawnMaster\pm.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
Failed to access process -> WmiPrvSE.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{79FB800F-F832-4354-B8C0-871C3528DD6C}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/webhp?sourceid=navclient&ie=UTF-8&gws_rd=ssl
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {0CF4E2CE-07AA-4892-AD42-B204D67F31E6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {0CF4E2CE-07AA-4892-AD42-B204D67F31E6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> DefaultScope {4F5C7C31-83E5-4FE0-81A1-7B1F240D834D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> {0CF4E2CE-07AA-4892-AD42-B204D67F31E6} URL =
SearchScopes: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> {4F5C7C31-83E5-4FE0-81A1-7B1F240D834D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> No File
BHO-x32: No Name -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {5445BE81-B796-11D2-B931-002018654E2E} hxxps://dealer.southrapid.com/ActiveX/smsx.cab
DPF: HKLM-x32 {688C8675-1834-48FA-9DEF-4755CEFB9EDE} hxxp://192.168.1.7/EDVR.CAB
DPF: HKLM-x32 {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ [] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-09-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-09-29] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1241942673-2381888936-3076757971-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Pepper\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-1241942673-2381888936-3076757971-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pepper\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1241942673-2381888936-3076757971-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pepper\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

Chrome:
=======
CHR Profile: C:\Users\Pepper\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Users\Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-03]
CHR Extension: (YouTube) - C:\Users\Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Google Sheets) - C:\Users\Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]
CHR Extension: (Google Docs Offline) - C:\Users\Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-09]
CHR Extension: (Gmail) - C:\Users\Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-12]
CHR HKLM-x32\...\Chrome\Extension: [${CHROME_KEY}] - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crx <not found>
StartMenuInternet: Google Chrome - C:\Users\Pepper\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-11-10] (Alcatel-Lucent) [File not signed]
S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-11-10] (Alcatel-Lucent) [File not signed]
R2 MSSQL$DATAAGE; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$DATAAGE\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1339528 2015-06-13] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 SQLAgent$DATAAGE; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$DATAAGE\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-02] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-21] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-18] ()
S3 BS3533676353; \??\C:\Users\Pepper\AppData\Local\Temp\NTFS.sys [X]
S3 catchme; \??\C:\jkgkgjkgjkg\catchme.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-04 10:18 - 2016-03-04 10:18 - 00000000 ____D C:\FRST
2016-03-03 12:33 - 2016-03-03 12:34 - 04985488 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-03 12:11 - 2016-03-03 12:12 - 00002644 _____ C:\Users\Pepper\Desktop\Windows Compatibility Report.htm
2016-03-03 12:08 - 2016-03-03 12:13 - 00001908 _____ C:\Windows\diagwrn.xml
2016-03-03 12:08 - 2016-03-03 12:13 - 00001908 _____ C:\Windows\diagerr.xml
2016-03-03 11:53 - 2016-03-03 11:53 - 00114272 _____ C:\Users\Pepper\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-03 11:48 - 2016-03-03 11:48 - 00022872 _____ C:\ComboFix.txt
2016-03-03 09:59 - 2016-03-03 09:59 - 05658435 ____R (Swearware) C:\Users\Pepper\Desktop\jkgkgjkgjkg.exe
2016-03-03 09:58 - 2016-03-03 09:58 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Pepper\Downloads\tdsskiller.exe
2016-03-03 09:58 - 2016-03-03 09:58 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Pepper\Desktop\glgklg.exe
2016-03-03 09:32 - 2016-03-03 09:32 - 00000124 _____ C:\Users\Pepper\Documents\fix.reg
2016-03-03 09:16 - 2016-03-03 09:16 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Pepper\Downloads\rkill.com
2016-03-03 09:13 - 2016-03-03 09:13 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Pepper\Downloads\FixExec.com
2016-03-03 08:53 - 2016-03-03 08:53 - 00000000 ____D C:\Users\Pepper\Desktop\New folder
2016-03-03 08:52 - 2016-03-03 08:52 - 00145753 _____ C:\Users\Pepper\Desktop\all_default_file_extentions.zip
2016-03-01 10:03 - 2016-03-01 10:03 - 22908888 _____ (Malwarebytes ) C:\Users\Pepper\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-01 10:02 - 2016-03-01 10:02 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Pepper\Desktop\iExplore.exe
2016-03-01 09:26 - 2016-03-01 09:38 - 491542040 _____ C:\Users\Pepper\Downloads\bitdefender_ts_17_64b.exe
2016-03-01 09:07 - 2016-03-01 09:07 - 00000000 ____D C:\Windows\CheckSur
2016-03-01 08:50 - 2016-03-01 09:04 - 564744309 _____ C:\Users\Pepper\Downloads\Windows6.1-KB947821-v34-x64.msu
2016-02-25 13:54 - 2016-02-25 13:54 - 14243008 _____ (Microsoft Corporation) C:\Users\Pepper\Desktop\mseinstall.exe
2016-02-25 12:42 - 2016-02-25 12:43 - 00689664 _____ C:\Users\Pepper\Downloads\MicrosoftFixit50202.msi
2016-02-24 11:04 - 2016-02-24 11:05 - 14243008 _____ (Microsoft Corporation) C:\Users\Pepper\Downloads\MSEInstall.exe
2016-02-24 09:49 - 2016-02-24 09:50 - 00000000 ____D C:\Windows\SoftwareDistribution.old
2016-02-24 09:39 - 2016-02-24 09:39 - 00000000 ____D C:\Windows\pss
2016-02-24 09:26 - 2016-02-24 09:27 - 57099360 _____ (Oracle Corporation) C:\Users\Pepper\Downloads\jre-8u73-windows-x64.exe
2016-02-19 09:35 - 2016-02-19 09:35 - 00000000 ____D C:\Users\Pepper\AppData\Roaming\NewspaperDirect
2016-02-12 04:07 - 2016-01-22 14:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-12 04:07 - 2016-01-22 14:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-12 04:07 - 2016-01-22 00:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-12 04:07 - 2016-01-22 00:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-12 04:07 - 2016-01-22 00:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-12 04:07 - 2016-01-22 00:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-12 04:07 - 2016-01-22 00:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-12 04:07 - 2016-01-22 00:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-12 04:07 - 2016-01-22 00:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-12 04:07 - 2016-01-22 00:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-12 04:07 - 2016-01-22 00:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-12 04:07 - 2016-01-22 00:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-12 04:07 - 2016-01-22 00:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-12 04:07 - 2016-01-22 00:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-12 04:07 - 2016-01-22 00:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-12 04:07 - 2016-01-22 00:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-12 04:07 - 2016-01-22 00:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-12 04:07 - 2016-01-22 00:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-12 04:07 - 2016-01-22 00:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-12 04:07 - 2016-01-22 00:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-12 04:07 - 2016-01-22 00:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-12 04:07 - 2016-01-22 00:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-12 04:07 - 2016-01-22 00:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-12 04:07 - 2016-01-22 00:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-12 04:07 - 2016-01-22 00:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-12 04:07 - 2016-01-22 00:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-12 04:07 - 2016-01-22 00:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-12 04:07 - 2016-01-21 23:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-12 04:07 - 2016-01-21 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-12 04:07 - 2016-01-21 23:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-12 04:07 - 2016-01-21 23:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-12 04:07 - 2016-01-21 23:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-12 04:07 - 2016-01-21 23:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-12 04:07 - 2016-01-21 23:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-12 04:07 - 2016-01-21 23:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-12 04:07 - 2016-01-21 23:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-12 04:07 - 2016-01-21 23:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-12 04:07 - 2016-01-21 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-12 04:07 - 2016-01-21 23:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-12 04:07 - 2016-01-21 23:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-12 04:07 - 2016-01-21 23:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-12 04:07 - 2016-01-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-12 04:07 - 2016-01-21 23:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-12 04:07 - 2016-01-21 23:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-12 04:07 - 2016-01-21 23:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-12 04:07 - 2016-01-21 23:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-12 04:07 - 2016-01-21 23:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-12 04:07 - 2016-01-21 23:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-12 04:07 - 2016-01-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-12 04:07 - 2016-01-21 23:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-12 04:07 - 2016-01-21 23:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-12 04:07 - 2016-01-21 23:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-12 04:07 - 2016-01-16 13:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-12 04:07 - 2016-01-16 12:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-12 04:07 - 2016-01-11 08:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-12 04:07 - 2016-01-11 08:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-12 04:07 - 2016-01-11 08:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-12 04:07 - 2016-01-11 08:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-12 04:07 - 2016-01-11 08:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-12 04:07 - 2016-01-06 13:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-12 04:07 - 2016-01-06 13:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-12 04:07 - 2016-01-06 12:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-12 04:05 - 2016-01-11 13:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-12 04:05 - 2016-01-11 13:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-12 04:05 - 2016-01-11 13:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-12 04:05 - 2016-01-11 12:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-12 04:05 - 2016-01-11 12:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-12 04:05 - 2016-01-11 12:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-12 04:05 - 2016-01-11 12:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-12 04:05 - 2016-01-11 12:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-12 04:05 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-12 04:05 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-12 04:05 - 2016-01-11 12:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-12 04:05 - 2016-01-11 12:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-12 04:05 - 2016-01-11 12:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-12 04:05 - 2016-01-11 12:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-12 04:05 - 2016-01-11 12:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-12 04:05 - 2016-01-11 12:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-12 04:05 - 2016-01-07 11:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 05:33 - 2016-02-06 04:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 05:33 - 2016-02-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 05:33 - 2016-02-06 04:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 05:33 - 2016-02-06 04:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 05:33 - 2016-02-06 04:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 05:33 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 05:33 - 2016-02-06 03:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 05:33 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 05:33 - 2016-02-06 03:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 05:33 - 2016-02-06 03:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 05:33 - 2016-02-06 03:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 05:33 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 05:33 - 2016-02-06 03:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 05:33 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 05:24 - 2015-12-20 12:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-10 05:24 - 2015-12-20 12:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 05:24 - 2015-12-20 08:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 05:23 - 2016-01-22 00:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 05:23 - 2016-01-22 00:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 05:23 - 2016-01-22 00:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 05:23 - 2016-01-22 00:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 05:23 - 2016-01-22 00:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 05:23 - 2016-01-22 00:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 05:23 - 2016-01-22 00:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 05:23 - 2016-01-22 00:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 05:23 - 2016-01-22 00:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 05:23 - 2016-01-22 00:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 05:23 - 2016-01-22 00:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 05:23 - 2016-01-22 00:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 05:23 - 2016-01-22 00:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 05:23 - 2016-01-22 00:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 05:23 - 2016-01-22 00:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 05:23 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 05:23 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 05:23 - 2016-01-22 00:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 05:23 - 2016-01-22 00:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 05:23 - 2016-01-22 00:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 05:23 - 2016-01-21 23:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 05:23 - 2016-01-16 13:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 05:23 - 2016-01-16 12:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 05:22 - 2016-01-22 00:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 05:22 - 2016-01-22 00:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 05:22 - 2016-01-22 00:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 05:22 - 2016-01-22 00:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 05:22 - 2016-01-22 00:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 05:22 - 2016-01-22 00:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 05:22 - 2016-01-22 00:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 05:22 - 2016-01-22 00:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 05:22 - 2016-01-22 00:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 05:22 - 2016-01-22 00:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 05:22 - 2016-01-22 00:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 05:22 - 2016-01-22 00:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 05:22 - 2016-01-22 00:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 05:22 - 2016-01-22 00:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 05:22 - 2016-01-22 00:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 05:22 - 2016-01-22 00:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 05:22 - 2016-01-22 00:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 05:22 - 2016-01-22 00:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 05:22 - 2016-01-22 00:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 05:22 - 2016-01-22 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 05:22 - 2016-01-22 00:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-10 05:22 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 05:22 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 05:22 - 2016-01-22 00:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 05:22 - 2016-01-22 00:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 05:22 - 2016-01-22 00:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 05:22 - 2016-01-22 00:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 05:22 - 2016-01-22 00:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 05:22 - 2016-01-22 00:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 05:22 - 2016-01-22 00:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 05:22 - 2016-01-22 00:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 05:22 - 2016-01-22 00:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 05:22 - 2016-01-22 00:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 05:22 - 2016-01-22 00:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 05:22 - 2016-01-22 00:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 05:22 - 2016-01-22 00:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 05:22 - 2016-01-22 00:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 05:22 - 2016-01-22 00:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 05:22 - 2016-01-22 00:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 23:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 05:22 - 2016-01-21 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 05:22 - 2016-01-21 23:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-10 05:22 - 2016-01-21 23:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 05:22 - 2016-01-21 23:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 05:22 - 2016-01-21 23:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 05:22 - 2016-01-21 22:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 05:22 - 2016-01-21 22:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 05:22 - 2016-01-21 22:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 05:22 - 2016-01-21 22:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 05:22 - 2016-01-21 22:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 05:22 - 2016-01-21 22:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 05:22 - 2016-01-21 22:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 05:22 - 2016-01-21 22:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 05:22 - 2016-01-21 22:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 05:22 - 2016-01-21 22:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 05:22 - 2016-01-21 22:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 22:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 22:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 05:22 - 2016-01-21 22:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-04 09:34 - 2009-07-13 23:13 - 00880020 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-04 09:34 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-03-04 09:16 - 2012-05-21 12:55 - 00000000 ____D C:\PawnMaster
2016-03-04 08:46 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-04 08:46 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-04 08:27 - 2012-06-14 07:13 - 00000000 ____D C:\Windows\Minidump
2016-03-04 08:27 - 2011-08-22 14:36 - 00285847 ____N C:\Windows\Minidump\030416-21840-01.dmp
2016-03-04 08:27 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-03 13:45 - 2015-06-24 08:26 - 00001850 _____ C:\POLICE.TXT
2016-03-03 12:01 - 2011-12-22 13:56 - 00000000 ____D C:\Users\Pepper\AppData\Local\Google
2016-03-03 11:54 - 2011-12-21 17:25 - 00000000 ____D C:\Users\Pepper
2016-03-03 11:48 - 2009-10-05 13:04 - 00000000 ____D C:\Qoobox
2016-03-03 11:46 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2016-03-03 10:57 - 2011-08-11 16:05 - 00000000 ____D C:\ProgramData\Temp
2016-03-03 10:57 - 2011-03-03 09:55 - 00000000 ____D C:\temp
2016-03-03 09:13 - 2015-08-06 13:11 - 00001582 _____ C:\Users\Pepper\Desktop\FixExec.txt
2016-03-03 08:19 - 2014-08-15 14:21 - 00000000 ____D C:\AdwCleaner
2016-02-29 09:59 - 2011-08-11 16:17 - 00000000 ____D C:\ProgramData\PDFC
2016-02-26 03:01 - 2015-04-04 02:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-26 03:01 - 2015-04-04 02:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 10:44 - 2009-07-13 20:34 - 23855104 _____ C:\Windows\system32\config\system.bak
2016-02-24 10:44 - 2009-07-13 20:34 - 115081216 _____ C:\Windows\system32\config\software.bak
2016-02-24 10:44 - 2009-07-13 20:34 - 01310720 _____ C:\Windows\system32\config\default.bak
2016-02-24 10:44 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-02-24 10:44 - 2009-07-13 20:34 - 00098304 _____ C:\Windows\system32\config\sam.bak
2016-02-24 10:43 - 2012-06-15 12:28 - 00000000 ____D C:\Windows\erdnt
2016-02-24 09:37 - 2011-12-21 22:17 - 00000000 ____D C:\Users\Pepper\AppData\Local\CrashDumps
2016-02-24 09:37 - 2011-08-11 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2016-02-24 09:27 - 2011-08-11 16:20 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-02-24 09:24 - 2012-07-02 11:02 - 00000000 ____D C:\Users\Pepper\AppData\Roaming\SoftGrid Client
2016-02-24 09:24 - 2012-07-02 11:01 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-24 09:24 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-24 09:20 - 2012-01-14 21:57 - 00000000 ____D C:\ProgramData\Adobe
2016-02-24 09:20 - 2011-12-21 18:02 - 00000000 ____D C:\Users\Pepper\AppData\Roaming\Adobe
2016-02-24 09:19 - 2012-01-14 21:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-24 09:18 - 2012-01-14 21:52 - 00000000 ____D C:\Users\Pepper\AppData\Local\Adobe
2016-02-24 09:17 - 2012-01-14 22:02 - 00000000 ____D C:\Program Files\Adobe
2016-02-24 09:17 - 2012-01-14 22:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-19 09:51 - 2016-01-14 09:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-19 09:51 - 2012-08-29 07:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 09:51 - 2011-12-26 13:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 09:45 - 2015-09-30 13:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-19 09:44 - 2012-08-29 07:43 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-19 09:44 - 2012-08-29 07:43 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-19 09:42 - 2016-01-14 09:33 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-19 09:38 - 2015-11-09 10:08 - 00000000 ____D C:\Program Files (x86)\Stamps.com Internet Postage
2016-02-19 09:30 - 2013-12-08 10:17 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-19 08:28 - 2010-10-29 10:35 - 01260032 _____ C:\pmPICSbak.dat
2016-02-19 08:28 - 2010-10-29 10:34 - 889158144 _____ C:\pmDATAbak.dat
2016-02-19 07:42 - 2015-11-02 14:08 - 00000000 ____D C:\Users\Pepper\AppData\Roaming\tor
2016-02-16 03:00 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\catroot2.bak
2016-02-15 17:38 - 2011-02-11 11:15 - 00873096 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-13 04:48 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-02-13 03:32 - 2014-12-10 03:25 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-13 03:32 - 2014-05-07 02:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-13 03:32 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-12 04:05 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\system32\MRT
2016-02-12 03:49 - 2011-12-21 18:39 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 11:52 - 2011-12-22 13:57 - 00002400 _____ C:\Users\Pepper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-09 23:45 - 2016-01-19 14:45 - 08230080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-02-09 23:45 - 2012-05-21 11:52 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 23:45 - 2011-12-31 17:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-08 09:36 - 2011-12-25 04:39 - 01677824 ___SH C:\Users\Pepper\Downloads\Thumbs.db

==================== Files in the root of some directories =======

2003-02-21 03:42 - 2003-02-21 03:42 - 0348160 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\msvcr71.dll
2009-07-13 17:19 - 2009-07-13 19:52 - 0000246 _____ () C:\Users\Pepper\AppData\Roaming\PBS3533676353.ini
2012-12-17 17:29 - 2012-12-18 11:41 - 0008140 ___SH () C:\Users\Pepper\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
2013-02-04 12:20 - 2013-02-10 22:58 - 0006528 _____ () C:\Users\Pepper\AppData\Local\79103f7a-46b4-40b7-94ca-2c16ba72bb68.crx
2012-12-01 09:46 - 2012-12-01 09:46 - 0027520 _____ () C:\Users\Pepper\AppData\Local\dt.dat
2014-08-15 12:38 - 2015-11-17 14:41 - 0007597 _____ () C:\Users\Pepper\AppData\Local\Resmon.ResmonCfg
2012-12-17 17:29 - 2012-12-18 11:41 - 0008140 ___SH () C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-28 01:00

==================== End of FRST.txt ============================

 

Additions Log file....

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by Pepper (2016-03-04 10:19:38)
Running from L:\Tools
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-21 23:25:07)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1241942673-2381888936-3076757971-500 - Administrator - Disabled)
EasyCash (S-1-5-21-1241942673-2381888936-3076757971-1007 - Administrator - Enabled) => C:\Users\EasyCash
Guest (S-1-5-21-1241942673-2381888936-3076757971-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1241942673-2381888936-3076757971-1002 - Limited - Enabled)
Pepper (S-1-5-21-1241942673-2381888936-3076757971-1000 - Administrator - Enabled) => C:\Users\Pepper

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2634 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Click-N-Ship for Business® (HKLM-x32\...\{15C77FC3-8137-4A5E-8F81-F559045DD6B0}) (Version: 4.1.167.0 - United States Postal Service)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Download Manager (HKLM-x32\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Publisher 2007 (HKLM-x32\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (DATAAGE) (HKLM-x32\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.760 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.3.7.3619 - Electronic Arts, Inc.)
PawnMaster (HKLM-x32\...\{C9C23380-6DDB-11D4-9AD2-005004A84B4D}) (Version:  - )
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.55 - PDF Complete, Inc)
Photo Pos Pro (HKLM-x32\...\Photo Pos Pro) (Version: 1.87 - PowerOfSoftware Ltd.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 13.2.0.2942 - Stamps.com, Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Pepper\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pepper\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10E80F57-BA67-4E07-97A4-272C6D9DA223} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {20DAF849-7340-4706-903D-FFA216BA7B28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {389B5F3B-1206-4AC6-A019-5EB79F15AB7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {6B6EBDA5-5214-4E52-84ED-B072E6615B31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {915591CD-39A9-45B1-8105-EEA78CA104ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {94E607C6-7BF6-4046-B6CC-F25A53A12774} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {A078C201-9ECC-4F4C-9998-BB6A7C5370CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {A4534203-C36F-4930-99B8-CF9691FB9478} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B3396195-909B-4078-8306-E12CEA568659} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {B99C28CD-D73D-453D-B757-6A0711C1A908} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E5BCD22C-CD95-4263-9257-6D2204960FF3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-02 10:58 - 2015-11-16 12:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:430C6D84 [256]
AlternateDataStreams: C:\ProgramData\Temp:9A870F8B [1022]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [197]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\scat.suz.com -> hxxps://Cww.scat.suz.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\*.spy-shredder.com -> hxxp://*.spy-shredder.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\*.spy-shredder.com -> hxxps://*.spy-shredder.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\*.xmalwarealarm.com -> hxxp://*.xmalwarealarm.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\*.xmalwarealarm.com -> hxxps://*.xmalwarealarm.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\*.xspy-shredder.com -> hxxp://*.xspy-shredder.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\*.xspy-shredder.com -> hxxps://*.xspy-shredder.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\basic-codec.com -> hxxp://basic-codec.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\basic-codec.com -> hxxps://basic-codec.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\codec-scan.com -> hxxp://codec-scan.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\codec-scan.com -> hxxps://codec-scan.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\contraviruspro.com -> hxxp://contraviruspro.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\contraviruspro.com -> hxxps://contraviruspro.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\freerealitympegs.com -> hxxp://freerealitympegs.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\freerealitympegs.com -> hxxps://freerealitympegs.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\gomyron.com -> hxxp://gomyron.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\gomyron.com -> hxxps://gomyron.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\greatcodec.com -> hxxp://greatcodec.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\greatcodec.com -> hxxps://greatcodec.com
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\hollywoodfiles.tv -> hxxp://hollywoodfiles.tv
IE restricted site: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\...\hollywoodfiles.tv -> hxxps://hollywoodfiles.tv

There are 39 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2016-03-03 10:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McciCMService => 2
MSCONFIG\Services: McciCMService64 => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Service Manager.lnk => C:\Windows\pss\Service Manager.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: dCgGX439D6EB => regsvr32.exe /s "C:\PROGRA~3\dCgGX439D6EB.dll"
MSCONFIG\startupreg: Google Update => "C:\Users\Pepper\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SQLServer => C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\scm.exe -Action 1 -Service mssql$dataage -Silent 1
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BE2F8560-C2C1-41FF-B87F-7F72F6B94864}C:\pawnmaster\ambit\daupd.exe] => (Allow) C:\pawnmaster\ambit\daupd.exe
FirewallRules: [UDP Query User{85D6AE67-8946-4B89-BC9F-B0485355B2A6}C:\pawnmaster\ambit\daupd.exe] => (Allow) C:\pawnmaster\ambit\daupd.exe
FirewallRules: [TCP Query User{53CEFBD1-43B6-4D58-B409-A825C6006A80}C:\pawnmaster\pm.exe] => (Allow) C:\pawnmaster\pm.exe
FirewallRules: [UDP Query User{274394A0-DCDA-4A88-BF3D-82E8899D79D2}C:\pawnmaster\pm.exe] => (Allow) C:\pawnmaster\pm.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2016 08:29:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2016 08:28:11 AM) (Source: MSSQL$DATAAGE) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0

Error: (03/03/2016 07:00:50 PM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: Backup did not complete successfully because a shadow copy could not be created. Free up disk space on the drive that you are backing up by deleting unnecessary files and then try again.

Error: (03/03/2016 12:35:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2016 12:34:30 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/03/2016 12:34:30 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/03/2016 12:34:30 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/03/2016 12:34:30 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/03/2016 12:34:30 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/03/2016 12:34:30 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

System errors:
=============
Error: (03/04/2016 09:31:24 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/04/2016 09:25:17 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/04/2016 09:23:24 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/04/2016 09:23:24 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/04/2016 09:22:29 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/04/2016 09:22:29 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/04/2016 08:28:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (03/04/2016 08:27:41 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xfffff8a00fe2d000, 0x0000000000000000, 0xfffff8000352a08a, 0x0000000000000000)C:\Windows\Minidump\030416-21840-01.dmp030416-21840-01

Error: (03/04/2016 08:27:40 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:20:25 AM on ‎3/‎4/‎2016 was unexpected.

Error: (03/04/2016 08:09:10 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

CodeIntegrity:
===================================
  Date: 2016-03-03 10:16:26.402
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\jkgkgjkgjkg\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-03 10:16:26.278
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\jkgkgjkgjkg\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-24 10:42:55.275
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-24 10:42:55.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-24 10:42:55.010
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-24 10:42:54.885
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-17 12:57:56.377
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-17 12:57:56.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-17 12:57:56.158
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-17 12:57:56.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 220 Processor
Percentage of memory in use: 47%
Total physical RAM: 3839.28 MB
Available physical RAM: 2026.22 MB
Total Virtual: 7678.55 MB
Available Virtual: 6118.47 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:454.52 GB) (Free:362.91 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (2TB Drive) (Fixed) (Total:1863.01 GB) (Free:1862.87 GB) NTFS
Drive k: (Iomega HDD) (Fixed) (Total:1397.26 GB) (Free:766.3 GB) NTFS
Drive l: (CD_ROM) (Removable) (Total:7.45 GB) (Free:3.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 99D41FF0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 59ACC2B6)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 27E9BFE8)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (Size: 7.5 GB) (Disk ID: 085A7940)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,797 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:07 PM

Posted 04 March 2016 - 04:21 PM

Greetings kcp and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
SearchScopes: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> {0CF4E2CE-07AA-4892-AD42-B204D67F31E6} URL =
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> No File
BHO-x32: No Name -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ [] ()
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
S3 BS3533676353; \??\C:\Users\Pepper\AppData\Local\Temp\NTFS.sys [X]
S3 catchme; \??\C:\jkgkgjkgjkg\catchme.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
2009-07-13 17:19 - 2009-07-13 19:52 - 0000246 _____ () C:\Users\Pepper\AppData\Roaming\PBS3533676353.ini
2012-12-17 17:29 - 2012-12-18 11:41 - 0008140 ___SH () C:\Users\Pepper\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
2012-12-17 17:29 - 2012-12-18 11:41 - 0008140 ___SH () C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
AlternateDataStreams: C:\ProgramData\Temp:430C6D84 [256]
AlternateDataStreams: C:\ProgramData\Temp:9A870F8B [1022]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [197]
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
zip: C:\Windows\Minidump
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will create a zipped folder on the desktop called Upload. Please attach the file to your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached Upload folder
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 05 March 2016 - 09:41 AM

Hi Gary, My name Kal.... ok so here are the files you asked for....There was no upload folder on the desktop of the computer or the flash drive that I was using to run FSRT.

 

Since your reply....the owner got a call from Windows Security Center and they asked for remote access....so I

 

I did get the fixlist log....

 

Fix result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by Pepper (2016-03-05 08:24:18) Run:1
Running from L:\Tools
Loaded Profiles: Pepper (Available Profiles: Pepper & EasyCash)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
SearchScopes: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> {0CF4E2CE-07AA-4892-AD42-B204D67F31E6} URL =
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> No File
BHO-x32: No Name -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1241942673-2381888936-3076757971-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ [] ()
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
S3 BS3533676353; \??\C:\Users\Pepper\AppData\Local\Temp\NTFS.sys [X]
S3 catchme; \??\C:\jkgkgjkgjkg\catchme.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
2009-07-13 17:19 - 2009-07-13 19:52 - 0000246 _____ () C:\Users\Pepper\AppData\Roaming\PBS3533676353.ini
2012-12-17 17:29 - 2012-12-18 11:41 - 0008140 ___SH () C:\Users\Pepper\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
2012-12-17 17:29 - 2012-12-18 11:41 - 0008140 ___SH () C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
AlternateDataStreams: C:\ProgramData\Temp:430C6D84 [256]
AlternateDataStreams: C:\ProgramData\Temp:9A870F8B [1022]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [197]
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
zip: C:\Windows\Minidump
*****************

Processes closed successfully.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
"HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CF4E2CE-07AA-4892-AD42-B204D67F31E6}" => key removed successfully
HKCR\CLSID\{0CF4E2CE-07AA-4892-AD42-B204D67F31E6} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E}" => key removed successfully
HKCR\Wow6432Node\CLSID\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35}" => key removed successfully
HKCR\Wow6432Node\CLSID\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully
"HKCR\Wow6432Node\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA}" => key removed successfully
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKCR\PROTOCOLS\Handler\vipresg" => key removed successfully
HKCR\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
BS3533676353 => service removed successfully
catchme => service removed successfully
MREMP50 => service removed successfully
MREMP50a64 => service removed successfully
MRESP50 => service removed successfully
MRESP50a64 => service removed successfully
SBRE => service removed successfully
C:\Users\Pepper\AppData\Roaming\PBS3533676353.ini => moved successfully
C:\Users\Pepper\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl => moved successfully
C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl => moved successfully
C:\ProgramData\Temp => ":430C6D84" ADS removed successfully.
C:\ProgramData\Temp => ":9A870F8B" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
"HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-1241942673-2381888936-3076757971-1000\Software\Classes\exefile => key not found.

=========  type "C:\ComboFix.txt" =========

ComboFix 16-03-01.01 - Pepper 03/03/2016  11:07:14.13.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1604 [GMT -6:00]
Running from: c:\users\Pepper\Desktop\jkgkgjkgjkg.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2016-02-03 to 2016-03-03  )))))))))))))))))))))))))))))))
.
.
2016-03-03 17:46 . 2016-03-03 17:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2016-03-03 17:46 . 2016-03-03 17:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-03-03 17:46 . 2016-03-03 17:46 -------- d-----w- c:\users\EasyCash\AppData\Local\temp
2016-03-03 17:46 . 2016-03-03 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-03 17:46 . 2016-03-03 17:46 -------- d-----w- c:\users\Application Data\AppData\Local\temp
2016-03-03 17:18 . 2016-03-03 17:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59D9FB43-EB0F-4CCF-A5DA-2AD7961A83D1}\offreg.dll
2016-03-01 15:07 . 2016-03-01 15:07 -------- d-----w- c:\windows\CheckSur
2016-02-25 18:54 . 2016-03-01 16:07 -------- d-----w- c:\windows\system32\catroot2
2016-02-19 15:35 . 2016-02-19 15:35 -------- d-----w- c:\users\Pepper\AppData\Roaming\NewspaperDirect
2016-02-12 10:05 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-10 11:33 . 2016-02-06 10:32 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-02-10 11:24 . 2015-12-20 18:50 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2016-02-10 11:24 . 2015-12-20 18:50 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 11:24 . 2015-12-20 14:08 243200 ----a-w- c:\windows\system32\rdpudd.dll
2016-02-10 11:22 . 2016-01-22 06:16 1461248 ----a-w- c:\windows\system32\lsasrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-12 09:49 . 2011-12-22 00:39 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-02-11 09:26 . 2011-08-22 20:36 284951 ----a-w- C:\DUMP5012.tmp
2016-02-10 05:45 . 2012-05-21 17:52 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-10 05:45 . 2011-12-31 23:53 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-10 05:45 . 2016-01-19 20:45 8230080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-01-22 05:59 . 2016-02-10 11:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-10 01:58 . 2015-12-10 01:58 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2015-12-08 21:54 . 2016-01-13 15:58 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-13 15:58 902144 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-13 15:58 815616 ----a-w- c:\windows\SysWow64\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-13 15:58 739328 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-13 15:58 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-13 15:58 740352 ----a-w- c:\windows\SysWow64\wmpmde.dll
2015-12-08 21:54 . 2016-01-13 15:58 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-13 15:58 1568768 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-13 15:58 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-13 15:58 1325056 ----a-w- c:\windows\SysWow64\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-13 15:58 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-13 15:58 154112 ----a-w- c:\windows\SysWow64\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-13 15:58 206848 ----a-w- c:\windows\SysWow64\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-13 15:58 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-12-08 21:53 . 2016-01-13 15:58 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-12-08 21:53 . 2016-01-13 15:58 206848 ----a-w- c:\windows\SysWow64\qasf.dll
2015-12-08 21:53 . 2016-01-13 15:53 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2015-12-08 21:53 . 2016-01-13 15:58 970240 ----a-w- c:\windows\SysWow64\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-13 15:58 829952 ----a-w- c:\windows\SysWow64\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-13 15:58 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-13 15:58 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-13 15:58 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-13 15:58 79872 ----a-w- c:\windows\SysWow64\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-13 15:58 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-12-08 21:53 . 2016-01-13 15:58 609280 ----a-w- c:\windows\SysWow64\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-13 15:58 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2015-12-08 21:53 . 2016-01-13 15:58 53248 ----a-w- c:\windows\SysWow64\mfvdsp.dll
2015-12-08 21:53 . 2016-01-13 15:58 4608 ----a-w- c:\windows\SysWow64\ksuser.dll
2015-12-08 21:53 . 2016-01-13 15:58 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-12-08 21:53 . 2016-01-13 15:58 489984 ----a-w- c:\windows\SysWow64\evr.dll
2015-12-08 21:53 . 2016-01-13 15:58 67584 ----a-w- c:\windows\SysWow64\devenum.dll
2015-12-08 21:53 . 2016-01-13 15:58 153600 ----a-w- c:\windows\SysWow64\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-13 15:58 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-12-08 21:53 . 2016-01-13 15:58 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2015-12-08 21:53 . 2016-01-13 15:58 193536 ----a-w- c:\windows\SysWow64\ksproxy.ax
2015-12-08 21:52 . 2016-01-13 15:49 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-12-08 21:50 . 2016-01-13 15:58 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-12-08 19:07 . 2016-01-13 15:58 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-08 19:07 . 2016-01-13 15:58 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-08 19:07 . 2016-01-13 15:58 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-08 19:07 . 2016-01-13 15:58 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-08 19:07 . 2016-01-13 15:58 1153024 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-08 19:07 . 2016-01-13 15:58 1955328 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-08 19:07 . 2016-01-13 15:58 1026048 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-08 19:07 . 2016-01-13 15:58 642048 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-08 19:07 . 2016-01-13 15:58 1575424 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-08 19:07 . 2016-01-13 15:58 447488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-08 19:07 . 2016-01-13 15:58 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-08 19:07 . 2016-01-13 15:58 292352 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-08 19:07 . 2016-01-13 15:58 378880 ----a-w- c:\windows\system32\SysFxUI.dll
2015-12-08 19:07 . 2016-01-13 15:58 225792 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-08 19:07 . 2016-01-13 15:58 1573888 ----a-w- c:\windows\system32\quartz.dll
2015-12-08 19:07 . 2016-01-13 15:58 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-12-08 19:07 . 2016-01-13 15:58 254464 ----a-w- c:\windows\system32\qasf.dll
2015-12-08 19:07 . 2016-01-13 15:53 624640 ----a-w- c:\windows\system32\qedit.dll
2015-12-08 19:07 . 2016-01-13 15:58 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
2015-12-08 19:07 . 2016-01-13 15:58 1160192 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-08 19:07 . 2016-01-13 15:58 4121600 ----a-w- c:\windows\system32\mf.dll
2015-12-08 19:07 . 2016-01-13 15:58 1010688 ----a-w- c:\windows\system32\mcmde.dll
2015-12-08 19:07 . 2016-01-13 15:58 70144 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-08 19:07 . 2016-01-13 15:58 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-08 19:07 . 2016-01-13 15:58 484864 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-08 19:07 . 2016-01-13 15:58 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-12-08 19:07 . 2016-01-13 15:58 224768 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-08 19:07 . 2016-01-13 15:58 223744 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-08 19:07 . 2016-01-13 15:58 100864 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-08 19:07 . 2016-01-13 15:58 206848 ----a-w- c:\windows\system32\mfps.dll
2015-12-08 19:07 . 2016-01-13 15:58 5120 ----a-w- c:\windows\system32\ksuser.dll
2015-12-08 19:07 . 2016-01-13 15:58 632320 ----a-w- c:\windows\system32\evr.dll
2015-12-08 19:07 . 2016-01-13 15:49 405504 ----a-w- c:\windows\system32\gdi32.dll
2015-12-08 19:07 . 2016-01-13 15:58 189952 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-08 19:07 . 2016-01-13 15:58 76288 ----a-w- c:\windows\system32\devenum.dll
2015-12-08 19:07 . 2016-01-13 15:58 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-12-08 19:06 . 2016-01-13 15:58 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-12-08 19:06 . 2016-01-13 15:58 250880 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-08 19:04 . 2016-01-13 15:58 2048 ----a-w- c:\windows\system32\mferror.dll
2015-12-08 18:54 . 2016-01-13 15:58 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-08 18:12 . 2016-01-13 15:58 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-12-08 18:11 . 2016-01-13 15:58 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2003-02-21 09:42 . 2003-02-21 09:42 348160 ----a-w- c:\program files (x86)\Common Files\msvcr71.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-01-15 8619224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 BS3533676353;BS3533676353;c:\users\Pepper\AppData\Local\Temp\NTFS.sys;c:\users\Pepper\AppData\Local\Temp\NTFS.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
R3 SQLAgent$DATAAGE;SQLAgent$DATAAGE;c:\program files (x86)\Microsoft SQL Server\MSSQL$DATAAGE\Binn\sqlagent.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL$DATAAGE\Binn\sqlagent.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
S2 MSSQL$DATAAGE;MSSQL$DATAAGE;c:\program files (x86)\Microsoft SQL Server\MSSQL$DATAAGE\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL$DATAAGE\Binn\sqlservr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 05:45]
.
2016-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 22:18]
.
2016-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 22:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagull Drivers"="ssdal_nc.exe startup" [X]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8&gws_rd=ssl
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
Trusted Zone: scat.suz.com\Cww
Trusted Zone: scat.suz.com\www
Trusted Zone: scat.suz.com\cww
Trusted Zone: scat.suz.com\www
Trusted Zone: suz.com\Cww.scat
Trusted Zone: suz.com\www.scat
Trusted Zone: suzuki.com\www.dealer
Trusted Zone: suzukiconnect.com\www
Trusted Zone: suzukidcs.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: {5445BE81-B796-11D2-B931-002018654E2E} - hxxps://dealer.southrapid.com/ActiveX/smsx.cab
DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} - hxxp://192.168.1.7/EDVR.CAB
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{79C54A05-F146-4EA0-8A70-D4EFE6181E52} - c:\program files (x86)\InstallShield Installation Information\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\04\1d\13\01'?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-03-03  11:48:35
ComboFix-quarantined-files.txt  2016-03-03 17:48
ComboFix2.txt  2016-03-03 16:19
ComboFix3.txt  2016-02-24 16:51
ComboFix4.txt  2015-11-17 19:01
ComboFix5.txt  2016-03-03 17:05
.
Pre-Run: 389,867,651,072 bytes free
Post-Run: 389,785,423,872 bytes free
.
- - End Of File - - 30BF2E3124B791E8A1A71AE7D1B9B35C
5C1B08DB690F592335E67F27C16CD707

========= End of CMD: =========

========================= File: C:\ComboFix.txt ========================

File not signed
MD5: 70817ABDBF12BEFB064C51154EB5CA21
Creation and modification date: 2016-03-03 11:48 - 2016-03-03 11:48
Size: 0022872
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

zip: C:\Windows\Minidump => Error: No automatic fix found for this entry.

The system needed a reboot.

==== End of Fixlog 08:24:23 ====

Attached Files



#4 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 05 March 2016 - 10:12 AM

still cannot run exe file....I tried to run rkill and nothing happened....cannot update windows defewnder or install Microsoft security essentials



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,797 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:07 PM

Posted 05 March 2016 - 08:44 PM

Thank you Kal, don't worry about the Minidump folder.

Please do this.

===================================================

Windows Repair (All in One)

--------------------
  • Boot your computer into Safe Mode with Networking
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the tweaking.com icon and click Run
  • Continually click Next, then Finish
  • Note: If you are unable to complete one of the steps simply continue on with the next step
  • Go to Step 3 and allow it to run See if Check Disk is Needed by clicking on the Check button:
  • If your see Errors Found On The Drive! Check Disk Is Needed click Do It in the Open Check Disk At Next Boot
  • Select the /r option and click Add To Next Boot
  • Close the Check Disk (chkdsk) At Next Boot window
  • Go to Step 4 and click Do It under System File Check
  • Go to Step 5 and click Create under System Restore
  • Go to the Repairs tab and click Open Repairs
  • Leave the default check marks and click Start Repairs
  • Ignore any notice about Desktop Gadgets
  • Click Yes to reboot your computer
  • Using Windows Explorer navigate to the following file location

For 64 bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
For 32 bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

  • Please zip and attach the Logs folder to your repy
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows All in One logs
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 07 March 2016 - 12:25 PM

Had issues running step 2...computer froze when checking reparse points....twice...I will post logs as soon as I can...it needs chkdsk scan and I will do a sfc scan...I have to wait till I have a block of time that I can run program with no interruptions.

 

Thanks for your patience Gary.

 

 

Kal



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,797 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:07 PM

Posted 07 March 2016 - 01:33 PM

No problem, thanks Kal.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 08 March 2016 - 10:23 AM

ok gary here are the logs that I could get done....windows repair still freezes at fixing reparse point....I did a sfc and it did not find errors, and chkdsk did find errors but I am waiting to run a /f.   on the repairs step it got stuck at step 3 of the WMI repair.

 

I am attaching all the logs that have been generated......I am sorry for the confusion but I am trying to do this while running a business. This particular computer acts as the server....it must be in normal desktop for the main pawnbroker app to function and be used on other systems.

 

I booted into safe mode and ran windows repair....it gave me a message that repair failed to open retrying in 30 secs....after the 4th time it asked me to reboot into safe mode.

 

here is that log:

 

Tweaking.com - Windows Repair v3.8.4
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: SERVER
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Pepper
Current Profile SID: S-1-5-21-1241942673-2381888936-3076757971-1000
Current Profile Classes: S-1-5-21-1241942673-2381888936-3076757971-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Pepper\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:02:05

Process Count: 28
Commit Total: 1.68 GB
Commit Limit: 7.50 GB
Commit Peak: 1.70 GB
Handle Count: 6563
Kernel Total: 254.06 MB
Kernel Paged: 189.68 MB
Kernel Non Paged: 64.39 MB
System Cache: 383.53 MB
Thread Count: 359
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.75 GB
Memory Used: 1.54 GB(40.9411%)
Memory Avail.: 2.21 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.75 GB
Memory Used: 1.43 GB(38.0829%)
Memory Avail.: 2.32 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (3/8/2016 8:58:10 AM)

The current repair has failed to start for over 30 sec.
Trying Again....

The current repair has failed to start for over 30 sec.
Trying Again....

The current repair has failed to start for over 30 sec.
Trying Again....

   Done, but failed, at (3/8/2016 9:00:10 AM)
   Total Repair Time: 00:02:02

The current repair has failed to start 4 times.
Something is keeping the repair from running.

Try running the repairs in Windows Safe Mode. (This will keep 3rd party programs from getting in the way of the repairs)
If the repairs still fail then please post in the Tweaking.com forums for support.

 

 

 

 

I rebooted in to normal mode and got a blue screen for a non-page fault error code 50.

 

I have sent you all the logs that were generated on 03/07 that i ran.

 

 

Attached Files



#9 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 08 March 2016 - 12:48 PM

hi Gary...ok I finally got the repair portion to run all the way thru....here are the attached logs.....there are quite a few of them.  this is the latest and greatest..

 

 

however I tried to install Microsoft Security essentials and it went to the point of asking if I want to run and then nothing.

 

the performance is better and I will have to let the owner play with it to get a gauge on performance. 

 

I need to install a anti-virus on here...paid for Bitdefender but cannot install....

 

 

 

Attached Files



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,797 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:07 PM

Posted 08 March 2016 - 04:05 PM

Thanks for your persistence.

 

You should only have one Antivirus installed. Should I assume you want Bitdefender? If so, can you describe what happens when you try to run the installation program?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 08 March 2016 - 09:20 PM

Hi Gary,

 

So far every time I have tried to install a security type program(malwarebytes, junkware removal tool,  ms security essentials ), it does nothing when I right click and choose run as admin.  If I double click on open then itI will ask me if I want to allow this program to run I click yes and then I get the window asking if I want to run or cancel, I click on run and then nothing.

 

 

We do want bitdefender he paid for it so now we need to use it.

 

I am also concerned about the bluescreens, so far the most prevalent  has been the non-page file fault. with error code 50. 

 

I am not  sure what to do about that or what can be done.

 

thanks for all your help.

 

whats the next step...



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,797 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:07 PM

Posted 08 March 2016 - 09:39 PM

Thanks for the explanation Kal. We will continue to investigate both issues.

Please run these.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RKill log
  • RogueKiller log
  • aswMBR log
  • BSOD.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 10 March 2016 - 11:13 AM

Hello Gary,

 

1.  Tried all 4 links for Rkill...Link one gives me 404 error...the others nothing happens. 

 

2. rougekiller...tried to run it numerous times as admin and regular nothing....

   renamed to:winlogon.exe..tried numerous times...nothing, renamed to winlogon.com...nothing.

 

3.aswMBR...nothing.

 

 

I kinda knew that this was going to happen....this is very strange.

 

 

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,797 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:07 PM

Posted 10 March 2016 - 05:04 PM

Hit the Windows Key + R at the same time. Type appwiz.cpl and hit Enter. Is Bitdefender listed?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 kcp

kcp
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 11 March 2016 - 11:19 AM

no bitdefender is not listed...the owner got a blue screen this morning..error code 50  In attached the minidump file.

 

usbochi.sys driver is the cause....this is most likely culprit because this has been going on since I was called in...he came to work this morning and found the blue screen..

the issue has been windows keeps failing on updates for the same 4 or 5 updates...and windows defender has not been able update for a while.

 

there is another windows 7 home premimum that can install all programs normally.  If that helps...

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users