Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Root Kit


  • This topic is locked This topic is locked
31 replies to this topic

#1 Arie_Dub

Arie_Dub

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 24 March 2016 - 08:52 PM

When it got infected a window popped up that said it changed permissions of my windows account or created a new 1 and gave it possibly root/admin permissions then it rebooted. I believed there was a rootkit, so I ran Malwarebytes Anti-Root kit then MiniToolBox, Malwarebytes Anti-Malware, & Adware Cleaner twice because there was an update and these are their logs. Thanks RE

Attached Files



BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:23 AM

Posted 26 March 2016 - 04:44 PM

I am currently going over your logs. I will have something for you in the next 24 to 48 hours, if that's alright with you. Is this a different computer from the others you've posted about?

Edited by Bezukhov, 26 March 2016 - 06:31 PM.

To err is Human. To blame it on someone else is even more Human.

#3 Arie_Dub

Arie_Dub
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 28 March 2016 - 12:07 AM

No, problem, I understand, it's the weekend & a holiday too.  Yes, it's a diff. comp. & I believe it is the source of the infection that spread to the other 2 running win7/64x I haven't used it since until now that I was trying to virus scan from a Knoppix USB and then checking by running win7 which let it spread on my LAN and also USB (firmware/autorun virus).  The infections happened when I was working on my dad's Polaroid Tablet because he got the tablet infected, so I did a factory reset, rooted, & updated adding google store. I am a certified PC Tech/Net Admin, and I have never had anything like this happen before and I am 44 & have been working on computers since my Commadore Vic20.  It was like a virus onion bomb!!!  Virus after virus upon virus blocking detection of the more complex and sinister 1's!  So, as I removed the detected 1's, more were detected!  Thx RE



#4 Arie_Dub

Arie_Dub
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 30 March 2016 - 06:21 PM

Hello!?!



#5 Arie_Dub

Arie_Dub
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 01 April 2016 - 02:42 PM

iT's been well over 24-48hrs. & still no response! Thx RE



#6 Arie_Dub

Arie_Dub
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 01 April 2016 - 02:55 PM

1st post on diff. topic ,I got responses within 6hrs, now I;\'ve bee waiting a almost a week! Thx RE



#7 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:23 AM

Posted 01 April 2016 - 05:15 PM

Thank you for your patience, and sorry for the wait. Rather a lot of ground to cover.
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise.
  • If you have any pirated software on your system I must ask that you remove them. No need for you to tell me if you do. Many times such programs are the source of many an infection, which makes cleaning a sick computer just that more difficult. And it's also against BleepingComputer's rules.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear from me.
First I want to ask you about your Internet settings. You have a lot of proxies set up, and I was curious if this was something that you are aware of.

Next is the issue of Firefox. Your logs show a Nightly Build. These are used for testing purposes, and are not recommended for general use. Sometimes malware installs these builds. This is done because malware can alter the settings and add extensions without the user's knowledge. If you are aware of this, and are using it for testing, that's OK.

Now it's time for me to roll up my sleeves and get to work.
  • Open Notepad: Right click on the Start Button--> Click Run--> Type Notepad in the Search box.
  • Copy what's in the box below:
CloseProcesses:
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-478707893-1843259348-1670202355-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325161&octid=EB_ORIGINAL_CTID&ISID=M93AA2082-1323-4978-B1BC-211A01C459C3&SearchSource=58&CUI=&UM=8&UP=&D=100515&q={searchTerms}&SSPV=
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
Task: {0A063BB7-C68C-4141-A9D5-CB16F8A44781} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {38C2A0E4-ED5B-4C42-8A45-6AD4AC838523} - System32\Tasks\Convertor => C:\Users\REDUB\AppData\Roaming\Convertor\Convertor.exe <==== ATTENTION
Task: {0A063BB7-C68C-4141-A9D5-CB16F8A44781} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {2CC32822-49C7-4178-B5B1-64007EF35B04} - System32\Tasks\Winsta Update => C:\Users\REDUB\AppData\Roaming\Winsta\bin\Winsta.exe
Task: {92F65E36-8AC5-452C-8E97-07E4B6AE8510} - System32\Tasks\avabvbavad => C:\Users\REDUB\AppData\Local\avabvbavad\avabvbavad.exe <==== ATTENTION
Task: {D60FDFCF-2EE6-43F4-B093-AA16F9D333D3} - System32\Tasks\Inst_Rep => C:\Users\REDUB\AppData\Local\Installer\Install_2128\brakietut_tutbl_setup.exe <==== ATTENTION
Task: {E8EB9FE5-4561-4806-BF60-ABA707538C62} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F1FF70B1-4FDC-4F8A-B66E-F9668C1B8FA0} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\REDUB\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {FE392185-2108-4DB8-AEDA-4F35380686A6} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Windows\Lic.xxx
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
C:\Users\REDUB\AppData\Roaming\Convertor\Convertor.exe
C:\Users\REDUB\AppData\Roaming\Winsta\bin\Winsta.exe
C:\Users\REDUB\AppData\Local\avabvbavad\avabvbavad.exe
C:\Users\REDUB\AppData\Local\Installer\Install_2128\brakietut_tutbl_setup.exe
C:\Users\REDUB\AppData\Local\SmartWeb\SmartWebHelper.exe
  • Paste it into the Notepad Window
  • Save it to your desktop as fixlist.txt
  • Then follow the rest of the steps here
  • Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
So for your next post I will need to see
Fixlog.txt
AdwCleaner[C1].txt

Please let me know of any changes to your computer's performance.

Edited by Bezukhov, 02 April 2016 - 06:32 AM.

To err is Human. To blame it on someone else is even more Human.

#8 Arie_Dub

Arie_Dub
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 02 April 2016 - 10:35 PM

I never set up any proxies!  I have been using Nightly.  Didn't know it was soo easily changed without my knowledge.  I know it's for testing(x64).  Still twitchy, especially when opening browser, a little better though. Thx RE

 

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by REDUB (2016-04-02 21:41:18) Run:1
Running from C:\FRST
Loaded Profiles: REDUB (Available Profiles: REDUB)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-478707893-1843259348-1670202355-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325161&octid=EB_ORIGINAL_CTID&ISID=M93AA2082-1323-4978-B1BC-211A01C459C3&SearchSource=58&CUI=&UM=8&UP=&D=100515&q={searchTerms}&SSPV=
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
Task: {0A063BB7-C68C-4141-A9D5-CB16F8A44781} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {38C2A0E4-ED5B-4C42-8A45-6AD4AC838523} - System32\Tasks\Convertor => C:\Users\REDUB\AppData\Roaming\Convertor\Convertor.exe <==== ATTENTION
Task: {0A063BB7-C68C-4141-A9D5-CB16F8A44781} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {2CC32822-49C7-4178-B5B1-64007EF35B04} - System32\Tasks\Winsta Update => C:\Users\REDUB\AppData\Roaming\Winsta\bin\Winsta.exe
Task: {92F65E36-8AC5-452C-8E97-07E4B6AE8510} - System32\Tasks\avabvbavad => C:\Users\REDUB\AppData\Local\avabvbavad\avabvbavad.exe <==== ATTENTION
Task: {D60FDFCF-2EE6-43F4-B093-AA16F9D333D3} - System32\Tasks\Inst_Rep => C:\Users\REDUB\AppData\Local\Installer\Install_2128\brakietut_tutbl_setup.exe <==== ATTENTION
Task: {E8EB9FE5-4561-4806-BF60-ABA707538C62} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F1FF70B1-4FDC-4F8A-B66E-F9668C1B8FA0} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\REDUB\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {FE392185-2108-4DB8-AEDA-4F35380686A6} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Windows\Lic.xxx
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
C:\Users\REDUB\AppData\Roaming\Convertor\Convertor.exe
C:\Users\REDUB\AppData\Roaming\Winsta\bin\Winsta.exe
C:\Users\REDUB\AppData\Local\avabvbavad\avabvbavad.exe
C:\Users\REDUB\AppData\Local\Installer\Install_2128\brakietut_tutbl_setup.exe
C:\Users\REDUB\AppData\Local\SmartWeb\SmartWebHelper.exe
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A063BB7-C68C-4141-A9D5-CB16F8A44781}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A063BB7-C68C-4141-A9D5-CB16F8A44781} => key not found.
C:\Windows\System32\Tasks\APSnotifierPP3 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38C2A0E4-ED5B-4C42-8A45-6AD4AC838523}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38C2A0E4-ED5B-4C42-8A45-6AD4AC838523}" => key removed successfully
C:\Windows\System32\Tasks\Convertor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Convertor => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A063BB7-C68C-4141-A9D5-CB16F8A44781} => key not found.
C:\Windows\System32\Tasks\APSnotifierPP3 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2CC32822-49C7-4178-B5B1-64007EF35B04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CC32822-49C7-4178-B5B1-64007EF35B04}" => key removed successfully
C:\Windows\System32\Tasks\Winsta Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winsta Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92F65E36-8AC5-452C-8E97-07E4B6AE8510}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92F65E36-8AC5-452C-8E97-07E4B6AE8510} => key not found.
C:\Windows\System32\Tasks\avabvbavad => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbavad => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D60FDFCF-2EE6-43F4-B093-AA16F9D333D3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D60FDFCF-2EE6-43F4-B093-AA16F9D333D3} => key not found.
C:\Windows\System32\Tasks\Inst_Rep => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8EB9FE5-4561-4806-BF60-ABA707538C62}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8EB9FE5-4561-4806-BF60-ABA707538C62} => key not found.
C:\Windows\System32\Tasks\APSnotifierPP2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1FF70B1-4FDC-4F8A-B66E-F9668C1B8FA0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1FF70B1-4FDC-4F8A-B66E-F9668C1B8FA0}" => key removed successfully
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE392185-2108-4DB8-AEDA-4F35380686A6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE392185-2108-4DB8-AEDA-4F35380686A6} => key not found.
C:\Windows\System32\Tasks\APSnotifierPP1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => key not found.
C:\Windows\Lic.xxx => moved successfully
C:\Windows\logo_1.exe => moved successfully
C:\Windows\RUNDL132.EXE => moved successfully
C:\Windows\VDLL.DLL => moved successfully
C:\Windows\SysWOW64\runouce.exe => moved successfully
"C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" => not found.
"C:\Users\REDUB\AppData\Roaming\Convertor\Convertor.exe" => not found.
"C:\Users\REDUB\AppData\Roaming\Winsta\bin\Winsta.exe" => not found.
"C:\Users\REDUB\AppData\Local\avabvbavad\avabvbavad.exe" => not found.
"C:\Users\REDUB\AppData\Local\Installer\Install_2128\brakietut_tutbl_setup.exe" => not found.
"C:\Users\REDUB\AppData\Local\SmartWeb\SmartWebHelper.exe" => not found.

The system needed a reboot.

==== End of Fixlog 21:41:30 ====

 

 

AdwCleaner:

 

# AdwCleaner v5.108 - Logfile created 02/04/2016 at 22:04:05
# Updated 30/03/2016 by Xplode
# Database : 2016-03-30.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : REDUB - REDUB
# Running from : C:\Users\REDUB\Downloads\Web\A-V\BleepComp\AdwCleaner\adwcleaner_5.108.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[x] [C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\prefs.js] [Preference] Not Deleted : user_pref("browser.search.defaultenginename", "Ixquick hxxpS");
[x] [C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\prefs.js] [Preference] Not Deleted : user_pref("browser.search.hiddenOneOffs", "Ixquick Search Engine,Startpage Search Engine");

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2603 bytes] - [24/03/2016 04:07:05]
C:\AdwCleaner\AdwCleaner[C2].txt - [2088 bytes] - [24/03/2016 19:56:54]
C:\AdwCleaner\AdwCleaner[C3].txt - [1266 bytes] - [02/04/2016 22:04:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [2849 bytes] - [24/03/2016 02:18:23]
C:\AdwCleaner\AdwCleaner[S2].txt - [1894 bytes] - [24/03/2016 19:13:46]
C:\AdwCleaner\AdwCleaner[S3].txt - [1455 bytes] - [02/04/2016 21:59:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1558 bytes] ##########



#9 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:23 AM

Posted 03 April 2016 - 03:30 PM

Another fix to deal with those proxies. I didn't want to touch them, in case you wanted them. Please delete any fixlist.txt files that are in the same directory.

:step1:

  • Open Notepad: Right click on the Start Button--> Click Run--> Type Notepad in the Search box.
  • Copy what's in the box below:

RemoveProxy:

  • Paste it into the Notepad Window
  • Save it to your desktop as fixlist.txt
  • Then follow the rest of the steps here
  • Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

:step2:
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

For this last step please make sure that the Addition.txt box is checked before you start the scan.

:step3:

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

So I'll need the contents of:
1)fixlog.txt
2)Malwarebytes lob
3) That fresh FRST.txt and Addition.txt


To err is Human. To blame it on someone else is even more Human.

#10 Arie_Dub

Arie_Dub
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 03 April 2016 - 09:48 PM

Better but still twitchy, I go to click on something and all the windows keep changing 'focus' and when I select a window form the taskbar it's in 'focus' for a second because it was selected but then disappears again unless I select 'Restore' or another option from that menu.  Also, when some windows are in 'Focus" it won't let other windows take 'Focus".  Here are the logs, etc. Thx RE

 

 

1)fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by REDUB (2016-04-03 16:34:36) Run:2
Running from C:\FRST
Loaded Profiles: REDUB (Available Profiles: REDUB)
Boot Mode: Normal
==============================================

fixlist content:
*****************
RemoveProxy:
*****************

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

==== End of Fixlog 16:34:38 ====

 

 

2)Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/3/2016
Scan Time: 4:53 PM
Logfile: mbam-log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.03.05
Rootkit Database: v2016.04.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: REDUB

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388405
Time Elapsed: 35 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

3a)fresh FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by REDUB (administrator) on REDUB (03-04-2016 17:40:32)
Running from C:\FRST
Loaded Profiles: REDUB (Available Profiles: REDUB)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-02-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\...\MountPoints2: {33525154-fd70-11e3-8fc0-101f744d24a4} - E:\Menu.exe
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\...\MountPoints2: {b90f2a56-047e-11e3-888e-101f744d24a4} - E:\LaunchU3.exe -a
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\...\MountPoints2: {dee91f8a-4822-11e2-9f57-806e6f6e6963} - E:\autorun.bat
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-11-29]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 6.6.6.1
Tcpip\..\Interfaces\{54C22728-DAE7-4EBD-BC53-F487CEF8C360}: [NameServer] 192.168.0.1
Tcpip\..\Interfaces\{B139BCAF-D32A-4F15-9CA9-0E2C71A7B2DD}: [NameServer] 156.154.70.22,4.2.2.2,8.8.4.4,64.59.176.13,4.2.2.4,8.8.8.8,208.67.222.220,208.67.222.222,74.207.242.213,50.116.28.138
Tcpip\..\Interfaces\{B139BCAF-D32A-4F15-9CA9-0E2C71A7B2DD}: [DhcpNameServer] 6.6.6.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.ca/
HKU\S-1-5-21-478707893-1843259348-1670202355-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bleepingcomputer.com/forums/
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default
FF DefaultSearchEngine: Ixquick HTTPS
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "socks", "109.207.61.195"
FF NetworkProxy: "socks_port", 8090
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-08] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\user.js [2015-10-05]
FF user.js: detected! => C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\30pnm65v.default-1385445045650\user.js [2015-10-05]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\craigslist.xml [2013-01-24]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\dogpile-web-search.xml [2014-11-29]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\elliot-search-engine.xml [2014-12-06]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\extra.xml [2014-05-12]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\fenopyse.xml [2015-01-05]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\grammar-and-punctuation.xml [2013-03-17]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\imdb.xml [2012-12-26]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\ixquick-https.xml [2015-12-12]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\kickass.xml [2014-05-12]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\moviesubtitles-1.xml [2013-01-24]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\netflix.xml [2013-03-25]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\old-pirate-bay-.xml [2015-01-05]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\opensubtitles.xml [2013-01-24]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\search--define-search-at-dictionarycom.xml [2014-06-06]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\torlock.xml [2014-05-12]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\tree.xml [2014-05-12]
FF SearchPlugin: C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\searchplugins\whitepages--find-people-businesses--more.xml [2014-07-10]
FF Extension: PrivacyChoice TrackerBlock - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\extensions\trackerblock@privacychoice.org.xpi [2015-05-28]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-05-28]
FF Extension: Default Theme Engine - Personas Interactive - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\extensions\btpersonas@brandthunder.com [2016-03-24]
FF Extension: Download Manager Tweak - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2016-03-29]
FF Extension: NoScript - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-03]
FF Extension: Add to Search Bar - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-01-22]
FF Extension: Blur - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\donottrackplus@abine.com.xpi [2015-12-16]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\elemhidehelper@adblockplus.org.xpi [2016-03-24]
FF Extension: Webmail Ad Blocker - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\gmailnoads@mywebber.com.xpi [2015-09-19]
FF Extension: Ad-blocker for Gmail - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi [2015-05-28]
FF Extension: IP Address and Domain Information - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi [2016-04-03]
FF Extension: Google search link fix - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2016-01-22]
FF Extension: Night Launch Companion - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\nightlaunchcompanion@example.com.xpi [2016-01-22]
FF Extension: NoSquint - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\nosquint@urandom.ca.xpi [2015-05-28]
FF Extension: AniWeather - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2015-05-29]
FF Extension: Astronomy NewTab - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\{4d4f5a49-4c4c-4100-0001-4e4557544142}.xpi [2015-12-08]
FF Extension: Earth Science NewTab - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\{4d4f5a49-4c4c-4100-0003-4e4557544142}.xpi [2015-12-08]
FF Extension: Earth Observatory NewTab - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\{4d4f5a49-4c4c-4100-0004-4e4557544142}.xpi [2015-12-08]
FF Extension: NewTab Background Shuffler - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\{4d4f5a49-4c4c-4100-f000-4e4557544142}.xpi [2015-05-01]
FF Extension: FireFTP - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-12-12]
FF Extension: Video DownloadHelper - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-08]
FF Extension: Adblock Plus - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-24]
FF Extension: StockFox - C:\Users\REDUB\AppData\Roaming\Mozilla\Firefox\Profiles\a0unh52t.default\Extensions\{d39a0050-191f-11df-8a39-0800200c9a66} [2015-05-29]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-15] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10997992 2015-02-12] (DisplayLink Corp.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.7.60366.0.sys [46312 2015-02-13] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 RDID1133; C:\Windows\System32\Drivers\rdwm1133.sys [82304 2014-07-30] (Roland Corporation)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2013-11-10] (BitDefender S.R.L.)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
R3 ALSysIO; \??\C:\Users\REDUB\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-03 15:38 - 2016-04-03 15:38 - 00000218 _____ C:\Users\REDUB\AppData\Local\recently-used.xbel
2016-04-03 00:59 - 2016-04-03 00:59 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-03 00:59 - 2016-04-03 00:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-24 21:04 - 2016-03-24 21:04 - 00003288 _____ C:\Windows\System32\Tasks\{9C4C73B0-E13A-47AE-B6CF-5F413AAAE255}
2016-03-24 02:01 - 2016-04-02 22:04 - 00000000 ____D C:\AdwCleaner
2016-03-23 23:58 - 2016-04-03 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-23 23:57 - 2016-04-03 16:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-23 23:57 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-23 23:57 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-23 21:39 - 2016-03-23 23:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-23 21:38 - 2016-04-03 16:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-23 21:38 - 2016-03-24 00:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-23 20:42 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-23 01:59 - 2016-04-02 22:58 - 00003026 _____ C:\Windows\System32\Tasks\{B31AFA0A-8209-4B1F-92A2-B286DE04AE2A}
2016-03-22 18:12 - 2016-02-09 01:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-22 18:12 - 2016-02-09 01:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-22 18:12 - 2016-02-08 16:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-22 18:12 - 2016-02-08 15:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-22 18:12 - 2016-02-08 15:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-22 18:12 - 2016-02-08 15:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-22 18:12 - 2016-02-08 15:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-22 18:12 - 2016-02-08 15:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-22 18:12 - 2016-02-08 15:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-22 18:12 - 2016-02-08 15:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-22 18:12 - 2016-02-08 15:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-22 18:12 - 2016-02-08 15:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-22 18:12 - 2016-02-08 15:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-22 18:12 - 2016-02-08 15:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-22 18:12 - 2016-02-08 15:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-22 18:12 - 2016-02-08 15:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-22 18:12 - 2016-02-08 15:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-22 18:12 - 2016-02-08 15:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-22 18:12 - 2016-02-08 15:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-22 18:12 - 2016-02-08 15:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-22 18:12 - 2016-02-08 15:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-22 18:12 - 2016-02-08 15:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-22 18:12 - 2016-02-08 15:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-22 18:12 - 2016-02-08 15:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-22 18:12 - 2016-02-08 15:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-22 18:12 - 2016-02-08 15:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-22 18:12 - 2016-02-08 15:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-22 18:12 - 2016-02-08 15:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-22 18:12 - 2016-02-08 15:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-22 18:12 - 2016-02-08 15:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-22 18:12 - 2016-02-08 14:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-22 18:12 - 2016-02-08 14:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-22 18:12 - 2016-02-08 14:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-22 18:12 - 2016-02-08 13:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-22 18:12 - 2016-02-08 13:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-22 18:12 - 2016-02-08 13:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-22 18:12 - 2016-02-08 13:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-22 18:12 - 2016-02-08 13:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-22 18:12 - 2016-02-08 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-22 18:12 - 2016-02-08 13:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-22 18:12 - 2016-02-08 13:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-22 18:12 - 2016-02-08 13:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-22 18:12 - 2016-02-08 13:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-22 18:12 - 2016-02-08 13:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-22 18:12 - 2016-02-08 13:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-22 18:12 - 2016-02-08 13:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-22 18:12 - 2016-02-08 13:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-22 18:12 - 2016-02-08 13:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-22 18:12 - 2016-02-08 13:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-22 18:12 - 2016-02-08 13:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-22 18:12 - 2016-02-08 13:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-22 18:12 - 2016-02-08 12:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-22 18:12 - 2016-02-08 12:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-22 18:12 - 2016-02-08 12:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-22 18:12 - 2016-02-08 12:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-22 18:12 - 2016-02-08 12:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-22 18:12 - 2016-02-08 12:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-22 18:12 - 2016-02-08 12:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-22 18:12 - 2016-02-08 12:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-22 18:12 - 2016-02-08 12:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-22 18:12 - 2016-02-08 12:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-22 18:12 - 2016-02-08 12:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-22 18:12 - 2016-02-08 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-22 18:12 - 2016-02-08 12:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-22 18:12 - 2016-02-08 12:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-22 18:12 - 2016-02-08 11:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-22 18:11 - 2016-02-11 13:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-22 18:11 - 2016-02-11 13:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-22 18:11 - 2016-02-11 13:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-22 18:11 - 2016-02-11 13:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-22 18:11 - 2016-02-11 13:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-22 18:11 - 2016-02-11 13:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-22 18:11 - 2016-02-11 13:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-22 18:10 - 2016-02-11 13:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-22 18:10 - 2016-02-11 13:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-22 18:10 - 2016-02-11 13:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-22 18:10 - 2016-02-11 13:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-22 18:10 - 2016-02-11 13:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-22 18:10 - 2016-02-11 13:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-22 18:10 - 2016-02-11 13:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-22 18:10 - 2016-02-11 13:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-22 18:10 - 2016-02-11 13:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-22 18:10 - 2016-02-11 13:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-22 18:10 - 2016-02-11 13:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-22 18:10 - 2016-02-11 13:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-22 18:10 - 2016-02-11 13:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-22 18:10 - 2016-02-11 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-22 18:10 - 2016-02-11 13:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-22 18:10 - 2016-02-11 13:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-22 18:10 - 2016-02-11 13:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-22 18:10 - 2016-02-11 13:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-22 18:10 - 2016-02-11 13:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-22 18:10 - 2016-02-11 13:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-22 18:10 - 2016-02-11 13:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-22 18:10 - 2016-02-11 13:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-22 18:10 - 2016-02-11 13:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-22 18:10 - 2016-02-11 13:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-22 18:10 - 2016-02-11 13:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-22 18:10 - 2016-02-11 13:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-22 18:10 - 2016-02-11 13:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-22 18:10 - 2016-02-11 13:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-22 18:10 - 2016-02-11 13:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-22 18:10 - 2016-02-11 13:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-22 18:10 - 2016-02-11 13:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-22 18:10 - 2016-02-11 13:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-22 18:10 - 2016-02-11 13:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-22 18:10 - 2016-02-11 13:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-22 18:10 - 2016-02-11 13:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-22 18:10 - 2016-02-11 13:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-22 18:10 - 2016-02-11 13:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-22 18:10 - 2016-02-11 13:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-22 18:10 - 2016-02-11 13:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-22 18:10 - 2016-02-11 13:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 12:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-22 18:10 - 2016-02-11 12:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-22 18:10 - 2016-02-11 12:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-22 18:10 - 2016-02-11 12:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-22 18:10 - 2016-02-11 12:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-22 18:10 - 2016-02-11 12:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-22 18:10 - 2016-02-11 12:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-22 18:10 - 2016-02-11 12:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-22 18:10 - 2016-02-11 12:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-22 18:10 - 2016-02-11 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-22 18:10 - 2016-02-11 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-22 18:10 - 2016-02-11 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-22 18:10 - 2016-02-11 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-22 18:10 - 2016-02-11 12:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-22 18:10 - 2016-02-11 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-22 18:10 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-22 18:09 - 2016-02-01 14:08 - 00114624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-22 18:09 - 2016-02-01 13:59 - 03243008 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-03-22 18:09 - 2016-02-01 13:59 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-03-22 18:09 - 2016-02-01 13:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-03-22 18:09 - 2016-02-01 13:56 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-22 18:09 - 2016-02-01 13:56 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-22 18:09 - 2016-02-01 13:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-03-22 18:09 - 2016-02-01 13:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-03-22 18:09 - 2016-02-01 13:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-03-22 18:09 - 2016-02-01 13:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-03-22 18:08 - 2016-02-12 13:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-22 18:08 - 2016-02-12 13:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-22 18:08 - 2016-02-12 13:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-22 18:08 - 2016-02-12 13:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-22 18:08 - 2016-02-12 13:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-22 18:08 - 2016-02-12 13:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-22 18:08 - 2016-02-12 13:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-22 18:08 - 2016-02-12 13:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-22 18:08 - 2016-02-12 13:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-22 18:08 - 2016-02-12 13:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-22 18:08 - 2016-02-12 13:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-22 18:08 - 2016-02-09 04:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-22 18:08 - 2016-02-09 04:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-22 18:08 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-22 18:08 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-22 18:08 - 2016-02-09 04:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-22 18:08 - 2016-02-09 04:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-22 18:08 - 2016-02-09 04:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-22 18:08 - 2016-02-09 04:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-22 18:08 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-22 18:08 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-22 18:08 - 2016-02-05 13:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-03-22 18:08 - 2016-02-05 13:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-03-22 18:08 - 2016-02-05 12:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-03-22 18:08 - 2016-02-04 20:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-22 18:08 - 2016-02-04 13:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-22 18:08 - 2016-01-20 19:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-03-22 18:08 - 2015-06-03 15:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-03-22 18:07 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-22 18:07 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-22 18:07 - 2016-02-12 13:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-22 18:07 - 2016-02-12 13:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-22 18:07 - 2016-02-12 13:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-22 18:07 - 2016-02-09 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-22 18:07 - 2016-02-05 13:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-22 18:07 - 2016-02-05 13:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-22 18:07 - 2016-02-05 13:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-22 18:07 - 2016-02-05 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-22 18:07 - 2016-02-05 13:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-22 18:07 - 2016-02-05 13:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-22 18:07 - 2016-02-05 13:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-22 18:07 - 2016-02-05 12:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-22 18:07 - 2016-02-05 12:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-22 18:07 - 2016-02-05 12:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-22 18:07 - 2016-02-03 13:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-22 18:07 - 2016-02-03 13:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-22 18:07 - 2016-02-03 13:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-22 18:07 - 2016-02-03 13:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-22 18:07 - 2016-02-03 13:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-22 18:07 - 2016-02-02 13:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-03-22 18:04 - 2016-02-04 12:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-22 17:46 - 2016-02-19 14:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-22 17:46 - 2016-02-19 13:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-22 17:46 - 2016-02-19 09:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-22 17:46 - 2016-02-11 09:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-22 17:46 - 2016-02-05 09:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-22 17:46 - 2016-02-05 09:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-22 17:46 - 2016-02-05 09:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-22 15:34 - 2016-03-22 15:34 - 00000000 ____D C:\Users\REDUB\AppData\Local\ElevatedDiagnostics
2016-03-21 23:16 - 2016-04-03 17:40 - 00000000 ____D C:\FRST
2016-03-21 18:58 - 2016-03-21 18:58 - 00000000 ____D C:\Users\REDUB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-03 15:38 - 2012-12-23 01:17 - 00000000 ____D C:\Users\REDUB\AppData\Roaming\deluge
2016-04-03 15:16 - 2012-12-26 01:58 - 00000000 ____D C:\Users\REDUB\AppData\Roaming\vlc
2016-04-03 13:33 - 2013-01-16 18:53 - 00000000 ____D C:\Users\REDUB\Downloads\OS
2016-04-03 12:48 - 2009-07-13 23:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-03 12:48 - 2009-07-13 23:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-03 12:39 - 2009-08-28 08:52 - 00724898 _____ C:\Windows\system32\perfh019.dat
2016-04-03 12:39 - 2009-08-28 08:52 - 00151168 _____ C:\Windows\system32\perfc019.dat
2016-04-03 12:39 - 2009-07-14 00:13 - 01649730 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-03 12:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-04-03 12:32 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-03 02:25 - 2015-01-03 05:10 - 00000000 ____D C:\Users\REDUB\AppData\Local\36D05683-5BDB-4852-9233-5CE08ADCD4DD.aplzod
2016-04-03 01:19 - 2014-06-24 17:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-03 01:10 - 2015-10-05 02:17 - 00000000 ____D C:\Program Files (x86)\Kingo ROOT
2016-04-02 21:46 - 2015-12-08 23:15 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-04-02 21:41 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-28 19:12 - 2015-04-05 15:41 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-28 19:12 - 2015-04-05 15:41 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-24 20:56 - 2014-11-30 07:50 - 00000000 ___RD C:\Users\REDUB\Dropbox
2016-03-24 20:56 - 2014-11-30 07:40 - 00000000 ____D C:\Users\REDUB\AppData\Roaming\Dropbox
2016-03-24 04:11 - 2012-12-21 00:45 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-23 23:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2016-03-23 01:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-03-22 23:49 - 2014-04-30 19:41 - 00453440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-22 18:47 - 2013-01-31 15:29 - 00002154 _____ C:\Windows\epplauncher.mif
2016-03-22 18:47 - 2013-01-31 15:26 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-03-22 18:47 - 2013-01-31 15:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-03-22 18:47 - 2013-01-31 15:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-03-22 18:45 - 2013-07-24 01:56 - 00000000 ____D C:\Windows\system32\MRT
2016-03-22 18:14 - 2015-04-14 17:44 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-22 15:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-21 14:30 - 2009-07-13 21:34 - 00000912 _____ C:\Windows\win.ini
2016-03-21 06:54 - 2016-02-04 19:33 - 00001300 _____ C:\Users\REDUB\Desktop\MWAVSCAN.lnk

==================== Files in the root of some directories =======

2014-05-16 19:59 - 2014-12-22 17:14 - 0006656 _____ () C:\Users\REDUB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-03 15:38 - 2016-04-03 15:38 - 0000218 _____ () C:\Users\REDUB\AppData\Local\recently-used.xbel
2015-04-14 16:45 - 2015-12-19 19:34 - 0007604 _____ () C:\Users\REDUB\AppData\Local\Resmon.ResmonCfg
2014-12-28 22:11 - 2014-12-28 22:11 - 0000028 _____ () C:\Users\REDUB\AppData\Local\settings.ini

Some files in TEMP:
====================
C:\Users\REDUB\AppData\Local\Temp\libeay32.dll
C:\Users\REDUB\AppData\Local\Temp\msvcr120.dll
C:\Users\REDUB\AppData\Local\Temp\nircmd.exe
C:\Users\REDUB\AppData\Local\Temp\pv.exe
C:\Users\REDUB\AppData\Local\Temp\sqlite3.dll
C:\Users\REDUB\AppData\Local\Temp\vfind.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-29 06:12

==================== End of FRST.txt ============================

 

 

3b)and Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by REDUB (2016-04-03 17:42:36)
Running from C:\FRST
Windows 7 Ultimate Service Pack 1 (X64) (2012-12-17 08:26:26)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-478707893-1843259348-1670202355-500 - Administrator - Disabled)
Guest (S-1-5-21-478707893-1843259348-1670202355-501 - Limited - Disabled)
REDUB (S-1-5-21-478707893-1843259348-1670202355-1000 - Administrator - Enabled) => C:\Users\REDUB

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live 9 Lite (HKLM\...\{9130C3A8-3BEA-4A24-88F9-50EFB036F999}) (Version: 9.0.0.0 - Ableton)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM-x32\...\{9EC9754D-CA34-4293-B5DB-3BD245A88A43}) (Version: 1.5.42.1202 - ArcSoft)
A-Series Keyboard Driver (HKLM\...\RolandRDID0133) (Version:  - Roland Corporation)
ASUS Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - ASUS)
BleachBit (HKLM-x32\...\BleachBit) (Version:  - BleachBit)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.62.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.11 - Piriform)
Deluge 1.3.11 (HKLM-x32\...\Deluge) (Version:  - )
Digital microscope (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
DisplayLink Core Software (HKLM\...\{65B2569D-303B-41EC-B38C-0934963BC3AD}) (Version: 7.7.60366.0 - DisplayLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dropbox (HKU\S-1-5-21-478707893-1843259348-1670202355-1000\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
iExplorer 3.2.2.2 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MicroCapture 2.5 (HKLM-x32\...\MicroCapture) (Version: 2.5 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.6.01055 - Корпорация Майкрософт)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x64 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
ScopeView (HKLM-x32\...\{E292525D-F43E-4295-A708-B4D6A7DF75ED}) (Version: 1.1.0.0 - ScopeView-Setup)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version:  - Sakar)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\REDUB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{67F2A879-82D5-4A6D-8CC5-FFB3C114B69D}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\so_activex_x64.dll ()
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-478707893-1843259348-1670202355-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\REDUB\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2EBC3A9D-CDEC-4C9D-A3AB-30BE14033BC9} - System32\Tasks\{9C4C73B0-E13A-47AE-B6CF-5F413AAAE255} => pcalua.exe -a "C:\Users\REDUB\Downloads\Web\A-V\BleepComp\Flash Disinfector\Flash_Disinfector.exe" -d "C:\Users\REDUB\Downloads\Web\A-V\BleepComp\Flash Disinfector"
Task: {4B46392C-41A7-4502-87AF-B976C85C1045} - System32\Tasks\Core Temp Autostart REDUB => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {A38E6995-4869-4E41-B862-E9DA17420EA9} - System32\Tasks\{B31AFA0A-8209-4B1F-92A2-B286DE04AE2A} => C:\Users\REDUB\Downloads\Web\A-V\BleepComp\Flash Disinfector\Flash_Disinfector.exe [2016-03-22] ()
Task: {F9BA478A-D2A2-46F1-AEDD-3C0422317DD8} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {FDE5CAA6-6522-407C-A5ED-4175DE79DCB3} - \WinKit -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-478707893-1843259348-1670202355-1000Core1d0c25999f0a739.job => C:\Users\REDUB\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-28 10:46 - 2015-03-28 15:46 - 00022528 _____ () C:\Windows\System32\us001lm.dll
2015-05-11 14:28 - 2015-05-11 14:28 - 00022528 _____ () C:\Windows\System32\us002lm.dll
2015-07-01 09:45 - 2015-07-01 09:45 - 00022528 _____ () C:\Windows\System32\us005lm.dll
2016-01-22 07:50 - 2016-01-22 07:50 - 00031256 _____ () C:\Windows\System32\us008lm.dll
2015-03-28 12:53 - 2015-03-28 17:53 - 00029184 _____ () C:\Windows\System32\usp02l.dll
2013-02-01 01:24 - 2012-10-14 22:21 - 00854480 _____ () C:\Program Files\Core Temp\Core Temp.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-478707893-1843259348-1670202355-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\REDUB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.22 - 4.2.2.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1419982905
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CmTray => "C:\Program Files (x86)\Content Manager\launchCM.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Dropbox Update => "C:\Users\REDUB\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
MSCONFIG\startupreg: VMonitorVMUVC => "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{3E0E5B63-7C1D-4454-9BA4-750B4FBF9FD9}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{3ECDEB78-8A87-47FE-866A-4552A99C4052}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{96FE0B85-E231-4BED-BDFE-8438AEBC130E}C:\program files (x86)\deluge\deluged.exe] => (Allow) C:\program files (x86)\deluge\deluged.exe
FirewallRules: [UDP Query User{4244F5E4-68AA-4FA9-AF93-42BBB309D79E}C:\program files (x86)\deluge\deluged.exe] => (Allow) C:\program files (x86)\deluge\deluged.exe
FirewallRules: [{CF0BA5A8-BB9D-4307-A8C0-905A21F4B00B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E3A05460-465D-4D2E-9E0D-31200574901E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3D8AA8ED-4E22-4122-8B15-5364858B2CEC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6120D24D-A3BA-45D2-9C94-E6E3DBC4C233}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{570686ED-574D-403A-AE06-1794A109E743}] => (Allow) %ProgramFiles%\iTunes\iTunes.exe
FirewallRules: [TCP Query User{6C3860AB-4E49-4739-B291-901C34E643BE}C:\program files\nightly\firefox.exe] => (Block) C:\program files\nightly\firefox.exe
FirewallRules: [UDP Query User{6988DF2E-D1F0-4802-BE54-D065693FDF98}C:\program files\nightly\firefox.exe] => (Block) C:\program files\nightly\firefox.exe
FirewallRules: [{05DDD2BC-B89E-496C-9BDE-104CA985A349}] => (Allow) C:\Users\REDUB\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DAC38B13-1935-421F-9D70-CFD61BDD25CF}] => (Allow) C:\Users\REDUB\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{63D7B363-C683-4A85-B85F-F96A2E0EEF3F}C:\users\redub\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\redub\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{403273ED-83DC-43F1-B8B6-BAD2F008C43B}C:\users\redub\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\redub\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{76424392-3A5F-4E42-AF63-667F828675EC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E400A58B-1491-46E2-854A-D633A9D1C82F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{28644D99-6CFA-43F1-A590-34393F8D65C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2016 01:31:52 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/26/2016 06:33:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15647

Error: (03/26/2016 06:33:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15647

Error: (03/26/2016 06:33:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/26/2016 03:15:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18231 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1480

Start Time: 01d186c96150d1c2

Termination Time: 874

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (03/26/2016 03:00:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15460

Error: (03/26/2016 03:00:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15460

Error: (03/26/2016 03:00:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/25/2016 02:50:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18231 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18e0

Start Time: 01d186ca0e8d3bc4

Termination Time: 125

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (03/25/2016 02:04:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61176447

System errors:
=============
Error: (04/03/2016 12:32:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/03/2016 12:32:39 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

Error: (04/03/2016 12:32:28 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/03/2016 12:32:21 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/03/2016 12:32:21 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/03/2016 02:21:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/03/2016 02:21:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

Error: (04/03/2016 02:21:06 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/03/2016 02:20:59 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/03/2016 02:20:59 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

CodeIntegrity:
===================================
  Date: 2015-10-05 06:27:42.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-05 06:20:47.684
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-05 06:20:44.118
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-05 06:03:18.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 22:51:02.356
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\REDUB\AppData\Local\Temp\x9b5\WinIo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-23 22:51:01.950
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\REDUB\AppData\Local\Temp\x9b5\WinIo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Atom™ CPU N570 @ 1.66GHz
Percentage of memory in use: 59%
Total physical RAM: 2035.87 MB
Available physical RAM: 820.71 MB
Total Virtual: 6131.87 MB
Available Virtual: 4254.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:458.88 GB) (Free:8.89 GB) NTFS
Drive d: (RAM Disk) (Fixed) (Total:6.78 GB) (Free:1.01 GB) NTFS
Drive z: (128G SDXC1) (Removable) (Total:119.25 GB) (Free:92.62 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C924A948)
Partition 1: (Not Active) - (Size=6.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1024 KB) - (Type=82)

========================================================
Disk: 1 (Size: 119.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#11 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:23 AM

Posted 05 April 2016 - 05:05 PM

From the looks of those last logs your computer is clean. As to your problems I am taking a good long look at this:
 
DisplayLink Core Software
 
These could be related to this software. So when did you install this, and were your focus problems happening before or after this installation?


To err is Human. To blame it on someone else is even more Human.

#12 Arie_Dub

Arie_Dub
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 05 April 2016 - 06:26 PM

It was happening before, since it got infected last Sept.-Oct., and is correlated to using Firefox Nightly x64 which is the browser I use all the time and was using at time of infection. So, I changed to Firefox x64 for better control on your suggestion.  I have other hard drives so, I just took out the infected 1 and used a different HDD with a different operating system, or ran Linux off CD/DVD/USB to scan the infected HDD and to do my computing!  That software/driver is for my 'Laptop Docking Station', and the problems with certain 'Windows' coming in and out of 'focus' not the video output of that desktop which is fine except for it 'Lagging' after coming back from the 'Screensaver/Display-Off Pwr Cycle', and I'm using 3 monitors, this happens twitching happens with even just 1 monitor and only this OS Installation since that 'Virus Mine Bomb' 'Exploded' my windows started 'Twitching Focus' like it was pre-scaning and clicking/loading everything (button/link/window/program/app) I HOVERED over. Thx RE



#13 Arie_Dub

Arie_Dub
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 05 April 2016 - 06:33 PM

What about the 'Microsoft Teredo Tunneling Adapter' and the fact that 'This device cannot start. (Code 10)'... yet has the newest driver!  I don't recall it being on my other HDD of Win7 for this Netbook! So, I just 'Uninstalled' it, and doesn't detect went I do a 'Scan for Hardware Changes'.  Thx RE
 


Edited by Arie_Dub, 05 April 2016 - 06:37 PM.


#14 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:23 AM

Posted 06 April 2016 - 06:03 AM

I have other hard drives so, I just took out the infected 1 and used a different HDD with a different operating system, or ran Linux off CD/DVD/USB to scan the infected HDD and to do my computing!


So this focus complaint went away when you swapped out the HD, or when you used Linux?

What about the 'Microsoft Teredo Tunneling Adapter' and the fact that 'This device cannot start. (Code 10)'... yet has the newest driver! I don't recall it being on my other HDD of Win7 for this Netbook! So, I just 'Uninstalled' it, and doesn't detect went I do a 'Scan for Hardware Changes'.


Here is a quick explanation regarding Teredo Tunneling.

http://www.bleepingcomputer.com/forums/t/537181/what-does-the-microsoft-teredo-tunneling-adapter-do-and-is-it-useful/

I'm sorry your still having this focus problem. My last post got truncated. I wanted you to run one more scan:

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by Bezukhov, 06 April 2016 - 06:23 AM.

To err is Human. To blame it on someone else is even more Human.

#15 Arie_Dub

Arie_Dub
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 07 April 2016 - 05:35 PM

Quote:

 

So this focus complaint went away when you swapped out the HD, or when you used Linux?

 

Both, like I said it is isolated to this infected windows installation!  And two other computers on my network running Win7 x64 got infected. Another tech helped me out with the other 2 and my routers but the program Flash_Disinfector did not install, so I used PandaUBSVaccine but the infection was from a Android OS install file and my parents plug their android cells into that infected computer to charge and complain that they think their phones are infected. They can't connect to wifi and their battery dies faster than before.  So, I believe there is also Flash ROM/Boot Sector Infection. So, I'd like to disinfect my flash cards, phones, and external HDD, ...etc.  So, it won't be transmitted to more devices and reinfect/cross-contaminate.

 

Quote:

 

Here is a quick explanation regarding Teredo Tunneling.

 

That is why I removed it because it was only causing an error.

 

Here is the ESET log file. Thx RE

 

 

ESET text log

 

C:\Users\REDUB\Downloads\A&V\Audio\Audio Catalyst\Afreecodec_downloader_For_AudioCatalyst.exe a variant of Win32/BSDownloader potentially unwanted application cleaned by deleting
C:\Users\REDUB\Downloads\A&V\Audio\Reason 4\Reason 4.iso a variant of Win32/InstallCore.OZ potentially unwanted application deleted
C:\Users\REDUB\Downloads\A&V\Downloaders\Graboid\GraboidVideoSetup-1.73h-complete.exe Win32/Graboid potentially unsafe application deleted
C:\Users\REDUB\Downloads\A&V\Players & Codec\Codec\InstaCodecs\instacodecs.exe a variant of Win32/InstallIQ potentially unwanted application cleaned by deleting
C:\Users\REDUB\Downloads\A&V\Players & Codec\WinAmp\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy potentially unsafe application deleted
C:\Users\REDUB\Downloads\Drivers\Network\W & LAN\Linksys WMP11 v4\wmp11_v4_dr.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
C:\Users\REDUB\Downloads\File Viewer-Editor\Templates\Templates 0\instdownload.exe Win32/InstallMonetizer.AR potentially unwanted application deleted
C:\Users\REDUB\Downloads\File Viewer-Editor\Templates\Templates 1\templates.zipAV Win32/InstallMonetizer.AR potentially unwanted application deleted
C:\Users\REDUB\Downloads\OS\Windows\Windows XP Professional SP3 Black Edition March 2014 (x86) {Uploaded} @IGI [Team OS] {HKRG}\Windows XP Professional SP3 x86 - Black Edition 2014.3.16.iso a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted
C:\Users\REDUB\Downloads\OS\Windows\Windows XP Professional SP3 x86 - Black Edition 2014.3.16\Windows XP Professional SP3 x86 - Black Edition 2014.3.16\Windows XP Professional SP3 x86 - Black Edition 2014.3.16.iso a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted
C:\Users\REDUB\Downloads\Utilities\Cleaner\CCleaner\ccsetup316.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Cleaner\CCleaner\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Cleaner\CCleaner\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Cleaner\CCleaner\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Cleaner\CCleaner\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Cleaner\CCleaner\ccsetup516.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Defrag\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Defrag\Defraggler\dfsetup211.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Defrag\Defraggler\dfsetup212.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Defrag\Defraggler\dfsetup218.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Hardware Monitor\Core Temp\coretemp_1236.exe a variant of Win32/InstallIQ potentially unwanted application cleaned by deleting
C:\Users\REDUB\Downloads\Utilities\Hardware Monitor\CPUID\CPU-Z\cpu-z_1.60-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Hardware Monitor\CPUID\CPU-Z\cpu-z_1.62-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Hardware Monitor\CPUID\HWMonitor\hwmonitor_1.21-setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Recovery & Rescue\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Reg\Reg Cleaner\registry-cleaner-setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\Reg\Reg Cleaner\CCleaner\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted
C:\Users\REDUB\Downloads\Utilities\ToolBox PowerPack\IOBit AdvSysCare\asc3-setup.exe a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application deleted
C:\Users\REDUB\Downloads\Web\A-V\IOBit Malware Fighter\imf-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted
C:\Users\REDUB\Downloads\Web\VoIP\PalTalk\pal_install_r109861_a3000.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application deleted
D:\Install\Drivers\Network\W & LAN\Linksys WMP11 v4\wmp11_v4_dr.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
D:\Install\Drivers\Network\W & LAN\Linksys WMP11 v4\wmp11_v4_dr\DriverUpdaterSetup-2.0.0.4701.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
D:\Install\Utilities\Cleaner\CCleaner\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\Install\Utilities\Defrag\dfsetup212.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted
D:\Install\Utilities\Hardware Monitor\Core Temp\coretemp_1236.exe a variant of Win32/InstallIQ potentially unwanted application cleaned by deleting
D:\Install\Utilities\Hardware Monitor\CPUID\CPU-Z\cpu-z_1.62-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application deleted
D:\Install\Utilities\Hardware Monitor\CPUID\HWMonitor\hwmonitor_1.21-setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users