Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Accidentally installed malware .exe file. HD now thrashes/other odd behavior


  • This topic is locked This topic is locked
10 replies to this topic

#1 pivotmach

pivotmach

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 30 March 2016 - 11:53 AM

I am using Windows 10 and accidentally installed an executable file I downloaded that turned out to be malicious. Among the obvious symptoms that occurred (adware, browser setting changes, etc), my system became unusably slow.  I have run and cleaned with Malwarebytes Anti-Malware and Kaspersky Total Security multiple times.  Multiple maleware and trojan problems were found. Also, Windows Defender detected and removed problems on its on.  No more issues are being detected.  I have deleted the offending .exe file. The malware installed/problems I was able to see were:

 

-KNCTR

-MPC Cleaner

-Media Assistant

-Quicky Translation

-S5 Mark

-Space Sound Pro

-Note up

-"Activate Windows Now" pop up window.

-noticed "erunt.exe" running, but I did not install this program

 

(Since I thought the MalwareBytes and Kaspersky could be causing the slow system, I completely uninstalled these programs and all related files. I'm not sure any logs of the problems found still exist)

 

However, my system is still extremely slow.  Task Manager shows disk usage at near 100% most of the time, with the following processes using it the most (randomly):

-System and compressed memory

-Service Host:Local System (Network Restricted)(8)

-Runtime Broker (this has also caused out of memory messages)

 

I have performed with no problems found:

-System File Check

-DISM restore health

-CHKDSK

 

I have played with the pagefile sizes in Advanced System Settings with no luck.

 

When booting in Safe Mode, the problems stop.

 

Thank you!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01

Ran by Nathan (administrator) on NATHAN-LAPTOP (30-03-2016 12:19:38)
Running from C:\Users\Nathan\Downloads
Loaded Profiles: Nathan (Available Profiles: Nathan & LogMeInRemoteUser & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
Failed to access process -> ElanTPCfg64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
Failed to access process -> FBAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Ignition\LMIIgnition.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-28] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-28] (ELAN Microelectronics Corp.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-10-22] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1103056 2016-01-12] (Carbonite, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2016-03-22] (LogMeIn Inc.)
HKU\S-1-5-21-579598394-4230413160-2855374277-1001\...\Run: [Dropbox Update] => C:\Users\Nathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-02] (Dropbox, Inc.)
HKU\S-1-5-21-579598394-4230413160-2855374277-1001\...\Run: [Google Update] => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-579598394-4230413160-2855374277-1001\...\RunOnce: [Uninstall C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-579598394-4230413160-2855374277-1001\...\MountPoints2: {20101122-cd9c-11e2-ae0e-90e6ba941951} - "D:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-579598394-4230413160-2855374277-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nathan\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-11-06]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-11-06]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{80da2ad1-29e4-482d-8be4-b693119ead28}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b6945f4d-830d-44d8-b0fd-fd4a4c12a2cf}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-579598394-4230413160-2855374277-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-579598394-4230413160-2855374277-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-579598394-4230413160-2855374277-1001 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=WmzxJmX8DXyhfe5IAjixX5mdzf8?q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll => No File
BHO-x32: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-579598394-4230413160-2855374277-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-579598394-4230413160-2855374277-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=1141848530
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2015-10-22] (Intuit, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-10-30] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-12-14] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-579598394-4230413160-2855374277-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-579598394-4230413160-2855374277-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://news.google.com/
CHR StartupUrls: Default -> "hxxps://news.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24]
CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-18]
CHR Extension: (Google Docs Offline) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (History Calendar) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfjhacjjbcdmimjeaakpnlhdcloijcg [2016-01-25]
CHR Extension: (UA Expert Mode+) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbbojbjgfaekcegpbbfifclofmpdpkad [2015-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
StartMenuInternet: Google Chrome.R2YMDWAVIECTTRGYEAXPWZ5XOA - C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-28] (ELAN Microelectronics Corp.)
R2 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-23] (ASUSTeK Computer Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
S4 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-07-28] (Google)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-03-22] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [508424 2016-03-23] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
S4 OberonGameConsoleService; C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [44312 2009-09-14] ()
S3 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-10-22] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-10-22] (Intuit Inc.) [File not signed]
S2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-10-22] (Intuit Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 RtkAudioService; "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2015-11-18] (www.winchiphead.com)
R3 Hamachi; C:\Windows\System32\drivers\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-06-04] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 NETw1v64; C:\Windows\System32\DRIVERS\NETw1v64.sys [7058432 2009-07-20] (Intel Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U1 PAGEDFRG; \??\C:\WINDOWS\system32\Drivers\PAGEDFRG.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-30 12:19 - 2016-03-30 12:21 - 00025164 _____ C:\Users\Nathan\Downloads\FRST.txt
2016-03-30 12:15 - 2016-03-30 12:19 - 00000000 ____D C:\FRST
2016-03-30 12:14 - 2016-03-30 12:15 - 02374144 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2016-03-29 17:43 - 2016-03-29 17:43 - 00002625 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
2016-03-29 17:43 - 2016-03-29 17:43 - 00002615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
2016-03-28 18:10 - 2016-03-28 18:10 - 00003336 _____ C:\WINDOWS\System32\Tasks\{4FC53340-DD79-415A-BB13-2CD7BF31FEB7}
2016-03-28 17:37 - 2016-03-28 17:37 - 00000000 ____D C:\Users\Nathan\Downloads\PageDefrag
2016-03-28 17:36 - 2016-03-28 17:36 - 00069662 _____ C:\Users\Nathan\Downloads\PageDefrag.zip
2016-03-25 19:15 - 2016-03-25 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-03-25 19:15 - 2016-03-25 19:15 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-03-25 12:05 - 2016-03-25 12:05 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-03-21 19:47 - 2016-03-21 19:49 - 165621768 _____ (Kaspersky Lab) C:\Users\Nathan\Downloads\kts16.0.1.445aben_10073.exe
2016-03-21 14:36 - 2016-03-21 14:36 - 03760707 _____ C:\Users\Nathan\Downloads\Camshaft Position Sensor.pdf
2016-03-17 19:26 - 2016-03-17 19:26 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-13 17:37 - 2016-02-24 05:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-13 17:37 - 2016-02-24 05:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-13 17:37 - 2016-02-24 02:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-13 17:37 - 2016-02-24 02:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-13 17:37 - 2016-02-24 02:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-13 17:37 - 2016-02-24 02:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-13 17:37 - 2016-02-24 02:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-13 17:37 - 2016-02-24 01:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-13 17:37 - 2016-02-24 01:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-13 17:37 - 2016-02-24 01:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-13 17:37 - 2016-02-24 01:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-13 17:37 - 2016-02-24 01:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-13 17:37 - 2016-02-24 01:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-13 17:37 - 2016-02-24 01:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-13 17:37 - 2016-02-24 01:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-13 17:37 - 2016-02-24 01:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-13 17:37 - 2016-02-24 00:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-13 17:36 - 2016-03-01 01:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-13 17:36 - 2016-03-01 01:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-13 17:36 - 2016-02-24 05:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-13 17:36 - 2016-02-24 05:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-13 17:36 - 2016-02-24 05:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-13 17:36 - 2016-02-24 05:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-13 17:36 - 2016-02-24 04:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-13 17:36 - 2016-02-24 04:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-13 17:36 - 2016-02-24 04:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-13 17:36 - 2016-02-24 04:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-13 17:36 - 2016-02-24 04:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-13 17:36 - 2016-02-24 04:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-13 17:36 - 2016-02-24 04:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-13 17:36 - 2016-02-24 04:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-13 17:36 - 2016-02-24 04:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-13 17:36 - 2016-02-24 04:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-13 17:36 - 2016-02-24 04:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-13 17:36 - 2016-02-24 04:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-13 17:36 - 2016-02-24 04:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-13 17:36 - 2016-02-24 04:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-13 17:36 - 2016-02-24 04:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-13 17:36 - 2016-02-24 04:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-13 17:36 - 2016-02-24 04:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-13 17:36 - 2016-02-24 04:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-13 17:36 - 2016-02-24 03:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-13 17:36 - 2016-02-24 03:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-13 17:36 - 2016-02-24 03:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-13 17:36 - 2016-02-24 03:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-13 17:36 - 2016-02-24 03:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-13 17:36 - 2016-02-24 03:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-13 17:36 - 2016-02-24 03:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-13 17:36 - 2016-02-24 03:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-13 17:36 - 2016-02-24 03:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-13 17:36 - 2016-02-24 03:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-13 17:36 - 2016-02-24 03:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-13 17:36 - 2016-02-24 02:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-13 17:36 - 2016-02-24 02:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-13 17:36 - 2016-02-24 02:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-13 17:36 - 2016-02-24 02:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-13 17:36 - 2016-02-24 02:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-13 17:36 - 2016-02-24 02:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-13 17:36 - 2016-02-24 02:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-13 17:36 - 2016-02-24 02:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-13 17:36 - 2016-02-24 02:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-13 17:36 - 2016-02-24 02:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-13 17:36 - 2016-02-24 02:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-13 17:36 - 2016-02-24 02:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-13 17:36 - 2016-02-24 02:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-13 17:36 - 2016-02-24 02:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-13 17:36 - 2016-02-24 02:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-13 17:36 - 2016-02-24 02:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-13 17:36 - 2016-02-24 02:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-13 17:36 - 2016-02-24 02:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-13 17:36 - 2016-02-24 02:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-13 17:36 - 2016-02-24 02:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-13 17:36 - 2016-02-24 02:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-13 17:36 - 2016-02-24 02:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-13 17:36 - 2016-02-24 02:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-13 17:36 - 2016-02-24 02:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-13 17:36 - 2016-02-24 02:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-13 17:36 - 2016-02-24 02:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-13 17:36 - 2016-02-24 02:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-13 17:36 - 2016-02-24 02:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-13 17:36 - 2016-02-24 02:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-13 17:36 - 2016-02-24 02:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-13 17:36 - 2016-02-24 02:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-13 17:36 - 2016-02-24 02:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-13 17:36 - 2016-02-24 02:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-13 17:36 - 2016-02-24 02:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-13 17:36 - 2016-02-24 01:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-13 17:36 - 2016-02-24 01:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-13 17:36 - 2016-02-24 00:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-13 17:35 - 2016-02-24 05:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-13 17:35 - 2016-02-24 05:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-13 17:35 - 2016-02-24 04:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-13 17:35 - 2016-02-24 04:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-13 17:35 - 2016-02-24 04:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-13 17:35 - 2016-02-24 03:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-13 17:35 - 2016-02-24 03:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-13 17:35 - 2016-02-24 03:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-13 17:35 - 2016-02-24 03:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-13 17:35 - 2016-02-24 03:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-13 17:35 - 2016-02-24 03:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-13 17:35 - 2016-02-24 03:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-13 17:35 - 2016-02-24 03:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-13 17:35 - 2016-02-24 03:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-13 17:35 - 2016-02-24 03:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-13 17:35 - 2016-02-24 03:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-13 17:35 - 2016-02-24 03:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-13 17:35 - 2016-02-24 03:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-13 17:35 - 2016-02-24 03:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-13 17:35 - 2016-02-24 03:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-13 17:35 - 2016-02-24 03:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-13 17:35 - 2016-02-24 03:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-13 17:35 - 2016-02-24 03:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-13 17:35 - 2016-02-24 03:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-13 17:35 - 2016-02-24 03:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-13 17:35 - 2016-02-24 03:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-13 17:35 - 2016-02-24 03:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-13 17:35 - 2016-02-24 03:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-13 17:35 - 2016-02-24 03:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-13 17:35 - 2016-02-24 03:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-13 17:35 - 2016-02-24 03:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-13 17:35 - 2016-02-24 03:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-13 17:35 - 2016-02-24 03:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-13 17:35 - 2016-02-24 03:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-13 17:35 - 2016-02-24 02:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-13 17:35 - 2016-02-24 02:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-13 17:35 - 2016-02-24 02:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-13 17:35 - 2016-02-24 02:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-13 17:35 - 2016-02-24 02:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-13 17:35 - 2016-02-24 02:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-13 17:35 - 2016-02-24 02:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-13 17:35 - 2016-02-24 02:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-13 17:35 - 2016-02-24 02:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-13 17:35 - 2016-02-24 02:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-13 17:35 - 2016-02-24 02:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-13 17:35 - 2016-02-24 02:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-13 17:35 - 2016-02-24 02:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-13 17:35 - 2016-02-24 02:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-13 17:35 - 2016-02-24 02:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-13 17:35 - 2016-02-24 02:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-13 17:35 - 2016-02-24 02:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-13 17:35 - 2016-02-24 02:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-13 17:35 - 2016-02-24 02:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-13 17:35 - 2016-02-24 02:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-13 17:35 - 2016-02-24 02:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-13 17:35 - 2016-02-24 02:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-13 17:35 - 2016-02-24 02:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-13 17:35 - 2016-02-24 02:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-13 17:35 - 2016-02-24 02:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-13 17:35 - 2016-02-24 02:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-13 17:35 - 2016-02-24 02:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-13 17:35 - 2016-02-24 02:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-13 17:35 - 2016-02-24 01:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-13 17:35 - 2016-02-24 01:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-13 17:09 - 2016-03-28 17:05 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-13 17:08 - 2016-03-28 17:39 - 00654608 _____ C:\WINDOWS\ntbtlog.txt
2016-03-13 16:54 - 2016-03-13 16:55 - 09974816 _____ (Kaspersky Lab ZAO) C:\Users\Nathan\Downloads\kavremvr.exe
2016-03-13 16:38 - 2016-03-13 16:38 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Nathan\Downloads\mbam-clean-2.1.1.1001.exe
2016-03-13 13:54 - 2016-03-13 13:54 - 00000000 ____D C:\$SysReset
2016-03-12 12:24 - 2016-03-25 19:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-03-11 21:40 - 2016-03-11 21:40 - 00000000 ____D C:\WINDOWS\system32\till
2016-03-11 20:21 - 2016-03-11 20:21 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\MCorp
2016-03-11 20:12 - 2016-03-11 21:33 - 00000000 ____D C:\Users\Nathan\AppData\Local\Birds365
2016-03-11 20:11 - 2016-03-11 21:41 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-03-11 20:10 - 2016-03-12 11:59 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2016-03-11 20:10 - 2016-03-11 21:33 - 00000000 ____D C:\ProgramData\SearchModule
2016-03-11 20:10 - 2016-03-11 20:10 - 00000000 ____D C:\Users\Nathan\AppData\LocalLow\Company
2016-03-11 20:10 - 2016-03-11 20:10 - 00000000 ____D C:\uninst
2016-03-11 20:09 - 2016-03-11 21:33 - 00000000 ____D C:\ProgramData\Service1291
2016-03-11 20:09 - 2016-03-11 20:09 - 00000000 ____D C:\Program Files (x86)\basicData
2016-03-11 20:08 - 2016-03-11 20:09 - 00000000 ____D C:\Users\Nathan\AppData\Local\Tempfolder
2016-03-11 20:08 - 2016-03-11 20:08 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-03-11 19:55 - 2016-03-11 21:33 - 00000000 ____D C:\Users\Nathan\AppData\Local\DE8128A8-1457722501-F6BD-AC00-90E6BA941951
2016-03-11 19:29 - 2016-03-13 14:52 - 00000000 ____D C:\Program Files (x86)\WCNT
2016-03-11 19:29 - 2016-03-11 19:29 - 00002636 _____ C:\Users\Nathan\AppData\Local\cookies.bin
2016-03-11 19:28 - 2016-03-11 21:33 - 00000000 ____D C:\Program Files (x86)\S5
2016-03-11 19:28 - 2016-03-11 19:28 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\c
2016-03-11 19:28 - 2016-03-11 19:28 - 00000000 ____D C:\ProgramData\1457738923
2016-03-09 14:33 - 2016-03-09 14:33 - 00004758 _____ C:\Users\Nathan\Documents\VCDS-Lite DTC Printout exhaust camshaft etc 3.9.16.pdf
2016-03-09 14:32 - 2016-03-21 17:21 - 00000000 ____D C:\Users\Nathan\Documents\Car
2016-03-06 19:03 - 2016-03-06 19:03 - 00319487 _____ C:\Users\Nathan\Downloads\RAUA- wiring D.pdf
2016-03-03 18:45 - 2016-03-03 18:45 - 00096426 _____ C:\Users\Nathan\Downloads\order 38587.pdf
2016-03-03 08:10 - 2016-03-03 08:10 - 00000000 ____D C:\Users\Nathan\AppData\Local\CEF
2016-03-03 08:08 - 2016-03-13 16:25 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-03 08:08 - 2016-03-03 08:08 - 00002126 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-02 09:05 - 2016-02-23 07:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-02 09:05 - 2016-02-23 06:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-02 09:05 - 2016-02-23 06:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 09:05 - 2016-02-23 06:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-02 09:05 - 2016-02-23 06:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-02 09:05 - 2016-02-23 05:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 09:05 - 2016-02-23 05:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-02 09:05 - 2016-02-23 04:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-02 09:05 - 2016-02-23 04:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-02 09:05 - 2016-02-23 04:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-02 09:05 - 2016-02-23 04:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-02 09:05 - 2016-02-23 04:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-02 09:05 - 2016-02-23 04:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-02 09:05 - 2016-02-23 03:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-02 09:05 - 2016-02-23 03:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-02 09:05 - 2016-02-23 03:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-02 09:05 - 2016-02-23 03:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-02 09:05 - 2016-02-23 03:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-02 09:05 - 2016-02-23 03:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-02 09:05 - 2016-02-23 02:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-02 09:05 - 2016-02-23 02:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-02 09:05 - 2016-02-23 02:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-02 09:05 - 2016-02-23 02:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-02 09:05 - 2016-02-23 02:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-02 09:05 - 2016-02-23 02:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-02 09:05 - 2016-02-23 02:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-02 09:05 - 2016-02-23 02:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-02 09:05 - 2016-02-08 23:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-02 09:05 - 2016-02-08 23:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-02 09:05 - 2016-02-08 23:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-02 09:04 - 2016-02-23 07:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-02 09:04 - 2016-02-23 07:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 09:04 - 2016-02-23 07:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-02 09:04 - 2016-02-23 07:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-02 09:04 - 2016-02-23 07:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-02 09:04 - 2016-02-23 06:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-02 09:04 - 2016-02-23 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-02 09:04 - 2016-02-23 06:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-02 09:04 - 2016-02-23 06:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-02 09:04 - 2016-02-23 06:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-02 09:04 - 2016-02-23 06:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-02 09:04 - 2016-02-23 06:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-02 09:04 - 2016-02-23 06:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-02 09:04 - 2016-02-23 06:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-02 09:04 - 2016-02-23 06:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-02 09:04 - 2016-02-23 06:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-02 09:04 - 2016-02-23 05:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-02 09:04 - 2016-02-23 05:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-02 09:04 - 2016-02-23 05:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-02 09:04 - 2016-02-23 05:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-02 09:04 - 2016-02-23 05:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-02 09:04 - 2016-02-23 05:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-02 09:04 - 2016-02-23 05:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-02 09:04 - 2016-02-23 05:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 09:04 - 2016-02-23 05:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-02 09:04 - 2016-02-23 05:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-02 09:04 - 2016-02-23 05:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-02 09:04 - 2016-02-23 05:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-02 09:04 - 2016-02-23 05:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-02 09:04 - 2016-02-23 04:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-02 09:04 - 2016-02-23 04:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-02 09:04 - 2016-02-23 04:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-02 09:04 - 2016-02-23 04:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-02 09:04 - 2016-02-23 04:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-02 09:04 - 2016-02-23 04:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-02 09:04 - 2016-02-23 04:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-02 09:04 - 2016-02-23 04:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-02 09:04 - 2016-02-23 04:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-02 09:04 - 2016-02-23 04:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-02 09:04 - 2016-02-23 04:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-02 09:04 - 2016-02-23 04:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-02 09:04 - 2016-02-23 04:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-02 09:04 - 2016-02-23 04:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-02 09:04 - 2016-02-23 04:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-02 09:04 - 2016-02-23 04:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-02 09:04 - 2016-02-23 04:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-02 09:04 - 2016-02-23 04:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-02 09:04 - 2016-02-23 04:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-02 09:04 - 2016-02-23 04:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-02 09:04 - 2016-02-23 04:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-02 09:04 - 2016-02-23 04:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-02 09:04 - 2016-02-23 04:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-02 09:04 - 2016-02-23 04:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-02 09:04 - 2016-02-23 04:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-02 09:04 - 2016-02-23 04:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-02 09:04 - 2016-02-23 03:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-02 09:04 - 2016-02-23 03:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-02 09:04 - 2016-02-23 03:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-02 09:04 - 2016-02-23 03:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-02 09:04 - 2016-02-23 03:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-02 09:04 - 2016-02-23 03:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 09:04 - 2016-02-23 03:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-02 09:04 - 2016-02-23 03:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-02 09:04 - 2016-02-23 03:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 09:04 - 2016-02-23 03:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-02 09:04 - 2016-02-23 03:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-02 09:04 - 2016-02-23 03:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-02 09:04 - 2016-02-23 03:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 09:04 - 2016-02-23 03:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-02 09:04 - 2016-02-23 03:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-02 09:04 - 2016-02-23 03:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-02 09:04 - 2016-02-23 03:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-02 09:04 - 2016-02-23 02:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-02 09:04 - 2016-02-23 02:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-02 09:04 - 2016-02-23 02:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-02 09:04 - 2016-02-23 02:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-02 09:04 - 2016-02-23 02:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-02 09:04 - 2016-02-23 02:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-02 09:04 - 2016-02-23 02:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-02 09:04 - 2016-02-23 02:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-02 09:04 - 2016-02-23 02:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-02 09:04 - 2016-02-23 02:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-02 09:04 - 2016-02-08 23:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-02 09:03 - 2016-02-23 07:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-02 09:03 - 2016-02-23 07:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-02 09:03 - 2016-02-23 07:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-02 09:03 - 2016-02-23 07:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-02 09:03 - 2016-02-23 06:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-02 09:03 - 2016-02-23 06:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-02 09:03 - 2016-02-23 06:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-02 09:03 - 2016-02-23 06:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-02 09:03 - 2016-02-23 05:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-02 09:03 - 2016-02-23 05:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-02 09:03 - 2016-02-23 05:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-02 09:03 - 2016-02-23 05:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-02 09:03 - 2016-02-23 05:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-02 09:03 - 2016-02-23 05:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-02 09:03 - 2016-02-23 05:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-02 09:03 - 2016-02-23 05:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-02 09:03 - 2016-02-23 05:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-02 09:03 - 2016-02-23 05:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-02 09:03 - 2016-02-23 05:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-02 09:03 - 2016-02-23 05:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 09:03 - 2016-02-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-02 09:03 - 2016-02-23 04:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-02 09:03 - 2016-02-23 04:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-02 09:03 - 2016-02-23 04:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-02 09:03 - 2016-02-23 04:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-02 09:03 - 2016-02-23 04:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-02 09:03 - 2016-02-23 04:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-02 09:03 - 2016-02-23 04:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-02 09:03 - 2016-02-23 04:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-02 09:03 - 2016-02-23 04:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-02 09:03 - 2016-02-23 04:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 09:03 - 2016-02-23 04:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-02 09:03 - 2016-02-23 04:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-02 09:03 - 2016-02-23 04:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-02 09:03 - 2016-02-23 04:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-02 09:03 - 2016-02-23 04:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-02 09:03 - 2016-02-23 04:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-02 09:03 - 2016-02-23 04:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-02 09:03 - 2016-02-23 04:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-02 09:03 - 2016-02-23 04:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 09:03 - 2016-02-23 04:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-02 09:03 - 2016-02-23 04:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-02 09:03 - 2016-02-23 04:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-02 09:03 - 2016-02-23 04:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-02 09:03 - 2016-02-23 04:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-02 09:03 - 2016-02-23 04:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-02 09:03 - 2016-02-23 04:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-02 09:03 - 2016-02-23 03:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-02 09:03 - 2016-02-23 03:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-02 09:03 - 2016-02-23 03:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-02 09:03 - 2016-02-23 03:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-02 09:03 - 2016-02-23 03:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-02 09:03 - 2016-02-23 03:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-02 09:03 - 2016-02-23 03:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-02 09:03 - 2016-02-23 03:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 09:03 - 2016-02-23 03:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-02 09:03 - 2016-02-23 03:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-02 09:03 - 2016-02-23 03:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-02 09:03 - 2016-02-23 03:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-02 09:03 - 2016-02-23 03:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-02 09:03 - 2016-02-23 02:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-02 09:03 - 2016-02-23 02:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-02 09:03 - 2016-02-09 00:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-02 09:03 - 2016-02-09 00:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-02 09:03 - 2016-02-08 23:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-02 09:03 - 2016-02-08 23:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-30 12:11 - 2012-07-20 08:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-30 11:56 - 2010-07-20 00:48 - 00000000 ____D C:\ProgramData\LogMeIn
2016-03-30 10:37 - 2015-07-02 10:26 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-579598394-4230413160-2855374277-1001UA.job
2016-03-30 10:31 - 2013-12-31 22:29 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-579598394-4230413160-2855374277-1001UA.job
2016-03-30 09:31 - 2013-12-31 22:29 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-579598394-4230413160-2855374277-1001Core.job
2016-03-30 09:01 - 2015-12-07 15:38 - 00000000 ____D C:\Program Files (x86)\LogMeIn Ignition
2016-03-30 08:57 - 2014-08-07 16:16 - 00000000 ____D C:\Users\Nathan\AppData\Local\LogMeInIgnition
2016-03-30 08:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-30 08:54 - 2015-10-27 18:25 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{11DF6E9C-69DB-4AB0-83EB-E3BC3CBCF098}
2016-03-29 19:40 - 2012-10-22 19:55 - 00025088 _____ C:\Users\Nathan\Documents\Excel specialbuttons.xla
2016-03-29 18:37 - 2015-07-02 10:26 - 00000870 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-579598394-4230413160-2855374277-1001Core.job
2016-03-29 17:43 - 2011-01-04 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2016-03-29 17:20 - 2012-01-26 12:59 - 00000000 ____D C:\Users\Nathan\AppData\Local\LogMeIn Hamachi
2016-03-29 17:20 - 2009-10-30 10:47 - 00002408 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update
2016-03-29 17:15 - 2013-07-22 14:46 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-29 14:42 - 2013-12-31 22:31 - 00002505 _____ C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-29 14:42 - 2013-12-31 22:31 - 00002497 _____ C:\Users\Nathan\Desktop\Google Chrome.lnk
2016-03-29 12:58 - 2015-12-19 04:22 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-29 12:58 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-29 12:56 - 2012-12-06 12:16 - 00045056 _____ C:\WINDOWS\system32\acovcnt.exe
2016-03-29 07:45 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-29 00:16 - 2014-09-26 18:36 - 00007611 _____ C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2016-03-28 18:12 - 2009-12-28 13:24 - 00000000 ____D C:\Users\Nathan\AppData\Local\ElevatedDiagnostics
2016-03-28 17:57 - 2015-12-19 04:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-28 17:57 - 2014-01-24 14:13 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-03-28 17:56 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-28 17:25 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-28 16:43 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-28 16:40 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-28 14:13 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-25 19:19 - 2009-10-30 10:53 - 00001853 _____ C:\WINDOWS\system32\ServiceFilter.ini
2016-03-23 18:16 - 2011-04-25 21:04 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-03-23 18:15 - 2011-04-25 21:04 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2016-03-23 18:15 - 2011-04-25 21:04 - 00107008 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2016-03-22 10:23 - 2014-06-19 16:38 - 00000000 ___RD C:\Users\Nathan\Dropbox
2016-03-22 10:23 - 2014-06-19 16:35 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Dropbox
2016-03-13 19:12 - 2015-12-19 04:13 - 00277608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-13 19:09 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-13 19:09 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-13 19:09 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-13 19:09 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-13 19:03 - 2013-08-07 17:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-13 18:51 - 2010-03-05 14:28 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-13 16:48 - 2015-09-27 12:01 - 00002413 _____ C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-13 16:48 - 2015-09-27 12:01 - 00000000 ___RD C:\Users\Nathan\OneDrive
2016-03-13 15:59 - 2015-12-19 04:23 - 00000000 ____D C:\Users\Nathan
2016-03-13 14:53 - 2015-12-19 04:23 - 00000000 ____D C:\Users\LogMeInRemoteUser
2016-03-13 14:53 - 2015-12-19 04:23 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-13 14:53 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-03-13 14:53 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-13 14:53 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-13 14:53 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-13 14:53 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-13 14:53 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\servicing
2016-03-13 14:53 - 2015-09-27 11:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-13 14:53 - 2015-09-27 11:51 - 00000000 ____D C:\Users\Nathan\AppData\Local\Packages
2016-03-13 14:53 - 2009-10-30 10:50 - 00000000 ____D C:\WINDOWS\SysWOW64\Fast Boot
2016-03-13 14:53 - 2009-10-30 10:50 - 00000000 ____D C:\ProgramData\P4G
2016-03-13 14:40 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-03-12 20:13 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-12 15:22 - 2015-07-10 05:05 - 00000000 ____D C:\Users\Default.migrated
2016-03-08 03:12 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:12 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-05 10:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-03 18:45 - 2014-05-08 16:10 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Foxit Scanner Images
2016-03-03 08:10 - 2015-01-15 11:12 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-03 08:10 - 2014-06-13 12:48 - 00000000 ____D C:\Users\Nathan\AppData\Local\Adobe
2016-03-03 08:08 - 2009-10-30 10:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-02 16:11 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-02 16:11 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-02 16:11 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-02 16:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-02 16:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-02 16:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-02 16:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
 
==================== Files in the root of some directories =======
 
2015-05-22 18:40 - 2015-07-23 18:55 - 0002234 _____ () C:\Users\Nathan\AppData\Roaming\FileDrTool.log
2016-03-11 19:29 - 2016-03-11 19:29 - 0002636 _____ () C:\Users\Nathan\AppData\Local\cookies.bin
2015-12-14 17:05 - 2015-12-14 17:05 - 0000335 _____ () C:\Users\Nathan\AppData\Local\LMIR0001.tmp_r.bat
2014-09-26 18:36 - 2016-03-29 00:16 - 0007611 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2014-12-16 17:40 - 2014-11-17 14:16 - 0010240 _____ () C:\Users\Nathan\AppData\Local\Z@!-978579a0-f59b-4d9a-9708-3a119a277d67.tmp
2014-12-16 17:40 - 2014-11-17 14:16 - 0010240 _____ () C:\Users\Nathan\AppData\Local\Z@!-b96611f4-bf60-4bca-9455-433158ef92eb.tmp
2014-12-16 17:40 - 2014-11-17 14:16 - 0009216 _____ () C:\Users\Nathan\AppData\Local\Z@S!-61497e7f-9665-49c4-ade0-3457323a36c7.tmp
2012-05-19 19:19 - 2012-05-19 19:23 - 0000000 _____ () C:\ProgramData\-5hHphM3JoNFdWO
2012-05-19 19:19 - 2012-05-19 19:23 - 0000152 _____ () C:\ProgramData\-5hHphM3JoNFdWOr
2012-05-19 19:19 - 2012-05-19 19:23 - 0000256 _____ () C:\ProgramData\5hHphM3JoNFdWO
2009-12-30 10:23 - 2010-11-07 18:24 - 0000024 _____ () C:\ProgramData\CinemaNowSvc.ini
2010-11-23 13:31 - 2010-11-23 13:31 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2009-10-30 10:30 - 2009-09-10 12:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2014-06-09 14:04 - 2014-06-09 17:48 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2009-10-30 10:12 - 2009-10-30 10:13 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-10-30 10:12 - 2009-10-30 10:12 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\Nathan\AppData\Local\Temp\GUR44C1.exe
C:\Users\Nathan\AppData\Local\Temp\GUR59F9.exe
C:\Users\Nathan\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Nathan\AppData\Local\Temp\jre-8u73-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-25 11:03
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 PM

Posted 31 March 2016 - 10:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Failed to access process -> ElanTPCfg64.exe
Failed to access process -> FBAgent.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-579598394-4230413160-2855374277-1001 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=WmzxJmX8DXyhfe5IAjixX5mdzf8?q={searchTerms}
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-579598394-4230413160-2855374277-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
CHR Plugin: (Shockwave Flash) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
S2 RtkAudioService; "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" [X]
S4 LMIRfsClientNP; no ImagePath
U3 idsvc; no ImagePath
U1 PAGEDFRG; \??\C:\WINDOWS\system32\Drivers\PAGEDFRG.SYS [X]
C:\Users\Nathan\AppData\Local\Temp\GUR44C1.exe
C:\Users\Nathan\AppData\Local\Temp\GUR59F9.exe
C:\Users\Nathan\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Nathan\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
CustomCLSID: HKU\S-1-5-21-579598394-4230413160-2855374277-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-579598394-4230413160-2855374277-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-579598394-4230413160-2855374277-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-579598394-4230413160-2855374277-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {01B24035-DE44-4EC5-85D3-3ED132B4A445} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {110EC2AA-8865-44CD-861D-8249F5681C75} - \ASUSControlDeck -> No File <==== ATTENTION
Task: {30E7E648-12EE-440A-B7A7-22F3F5F383BC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {44588B93-2A31-4273-B315-B582ED0DFC5C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {47D7ED1A-3B1E-4268-B278-76C3125722BA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4D117C21-8DB2-46B7-A8E3-8E7911023200} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {61C426CE-C1C1-4C0A-B472-D8678B0F36A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {94EA5C8D-E80A-469C-8FFC-96A8AA73B591} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B1957868-2C7D-4A6C-837B-D32F392DEEB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B9A3E1AD-DCB1-4AEE-97F1-723B9D5E37C9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E099971B-21C2-45D0-9594-12133D980D92} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F43CA429-828F-43BA-A869-2B4378D5C256} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F7593D1F-AF37-47F0-A190-F452E14EF207} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8 [130]
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8 [286]
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8 [121]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please let me know what problem persists with this computer.

#3 pivotmach

pivotmach
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 01 April 2016 - 07:01 AM

I performed everything you recommended and everything is now running great!! There doesn't appear to be any more symptoms.  Thank you, thank you, thank you!!!

 

Below is the log file results from the AdwCleaner clean:

 

 

# AdwCleaner v5.108 - Logfile created 31/03/2016 at 15:52:24
# Updated 30/03/2016 by Xplode
# Database : 2016-03-30.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Nathan - NATHAN-LAPTOP
# Running from : C:\Users\Nathan\Desktop\adwcleaner_5.108.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
[-] Folder Deleted : C:\Program Files (x86)\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\S5
[-] Folder Deleted : C:\ProgramData\SearchModule
[-] Folder Deleted : C:\ProgramData\Service1291
[-] Folder Deleted : C:\Users\Nathan\AppData\Local\Birds365
[-] Folder Deleted : C:\Users\Nathan\AppData\Local\DE8128A8-1457722501-F6BD-AC00-90E6BA941951
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
[-] [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2787 bytes] - [31/03/2016 15:52:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [2792 bytes] - [31/03/2016 15:45:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2933 bytes] ##########
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 PM

Posted 01 April 2016 - 07:48 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 pivotmach

pivotmach
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 04 April 2016 - 07:32 AM

Well it looks like I spoke too soon.  My display preferences keep changing repeatedly.  The task bar keeps getting changed to "auto hide" and my display background has been changed.  Anything else I should do?  Thank you.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 PM

Posted 04 April 2016 - 07:44 AM


Could be a driver issues.

Navigate to this page.
http://secunia.com/vulnerability_scanning/personal/

Download and install the Secunia PSI.

Run the application and updates all the programs/drivers that needs to be updated.

Keep me posted.

#7 pivotmach

pivotmach
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 04 April 2016 - 07:07 PM

I ran Secunia PSI and I still have the same problems.  Both of the problems happen randomly while the PC is turned on and always when rebooting.  Also, the system sound "critical stop" plays randomly.  This sound is also now the "windows startup" sound and screen wake sound.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 PM

Posted 05 April 2016 - 08:22 AM

Run a check disk on this computer.
http://www.howtogeek.com/howto/windows-vista/guide-to-using-check-disk-in-windows-vista/

From the Command prompt execute this command.

chkdsk /f < leave a space before the /f switch.


Any improvement?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 PM

Posted 11 April 2016 - 08:58 AM

Are you still with me?

#10 pivotmach

pivotmach
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 11 April 2016 - 09:41 AM

Yes I am. Sorry I have been traveling and not with my laptop.  Everything seems to be ok now.  It looks like the problem was somehow the system power settings were reset and when unplugged it would change the display etc.  Since I change the settings back I haven't had a problem.  Thanks again. 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 PM

Posted 12 April 2016 - 06:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users