Well a couple of days ago I got a bit drunk and stupidly ended up coming across some troll on the internet. I didn't realize at the time but this was a P2P connection feed and so they got my IP. They they told me that I had a samba port open. I left after this and this chat only lasted about 1 to 2 minutes. I had no idea what this meant and so I looked up. I got quite a few conflicting information here and my main concern here now is if someone was able to gain remote access to my PC here.
And even if they try to gain access Certain Anti-Malware programs like MBAM PRO and EMSISOFT would be able to pick it up right?
Also is ever possible that malware could bypass detection from diagnostic tools like FRST?
Anyway I have performed a scan with FRST of which I will now give you the logs: Just before I do that I want to post a warning screen shot after first trying to run FRST:
FRST LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by jacka (administrator) on DESKTOP-18TF7QT (11-04-2016 17:11:56)
Running from C:\Users\jacka\Desktop
Loaded Profiles: jacka (Available Profiles: jacka)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(VoodooSoft, LLC) C:\Program Files\VoodooShield\VoodooShieldService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(VoodooSoft, LLC) C:\Program Files\VoodooShield\VoodooShield.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [1834944 2015-12-02] (VoodooSoft, LLC)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] ()
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [Workrave] => C:\Program Files (x86)\Workrave\lib\workrave.exe [4480000 2013-01-13] (The Workrave development team)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-02-17] (Nota Inc.)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-04-09] (Siber Systems)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
HKLM\...\AppCertDlls: [cpn32] -> C:\Windows\SysWOW64\cpn32.dll [7168 2014-09-06] ()
HKLM\...\AppCertDlls: [cpn64] -> C:\Windows\System32\cpn64.dll [9216 2014-09-06] ()
Startup: C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-02-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ad1349cb-bedf-416f-aa1d-2911e8c8f575}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-01] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-09] (Siber Systems Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-01] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-09] (Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-09] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-09] (Siber Systems Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default
FF Homepage: hxxp://start.roboform.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Malware Search - C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2016-02-19]
FF Extension: uBlock Origin - C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default\Extensions\uBlock0@raymondhill.net.xpi [2016-04-06]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-04-09]
FF HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://duckduckgo.com/"
CHR DefaultSearchURL: Default -> hxxp://tinychat.com/themanhole
CHR Profile: C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-20]
CHR Extension: (Google Docs) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-20]
CHR Extension: (Google Drive) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20]
CHR Extension: (YouTube) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20]
CHR Extension: (Google Search) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (AdBlock) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-02-14]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-02-14]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2823920 2016-03-20] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-03-30] (ESET)
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] <==== ATTENTION
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-04-10] (SurfRight B.V.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [254904 2016-04-10] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-08-13] (Reason Software Company Inc.)
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [79384 2015-12-02] (VoodooSoft, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-03-30] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [199680 2015-11-16] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [142976 2015-11-16] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [198096 2016-03-30] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53384 2016-03-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-03-30] (ESET)
R1 epp; C:\EEK\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
S3 MFE_RR; C:\Users\jacka\AppData\Local\Temp\mfe_rr.sys [24120 2016-04-11] (McAfee, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-10] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [247464 2016-04-10] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [247464 2016-04-10] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-11 17:11 - 2016-04-11 17:12 - 00015191 _____ C:\Users\jacka\Desktop\FRST.txt
2016-04-11 17:11 - 2016-04-11 17:11 - 00000000 ____D C:\FRST
2016-04-11 17:10 - 2016-04-11 17:10 - 02375168 _____ (Farbar) C:\Users\jacka\Desktop\FRST64.exe
2016-04-11 02:11 - 2016-04-11 02:11 - 00897536 _____ C:\Users\jacka\Desktop\RGSA.exe
2016-04-11 01:54 - 2016-04-11 01:54 - 00781312 _____ C:\Users\jacka\Desktop\delfix_1.010.exe
2016-04-11 00:54 - 2016-04-11 00:54 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\jacka\Desktop\FixExec.exe
2016-04-11 00:54 - 2016-04-11 00:54 - 00001238 _____ C:\Users\jacka\Desktop\FixExec.txt
2016-04-11 00:53 - 2016-04-11 16:57 - 00000000 ____D C:\Users\jacka\AppData\Local\CrashDumps
2016-04-11 00:53 - 2016-04-11 00:53 - 00231390 _____ C:\Users\jacka\Desktop\RootkitRevealer.zip
2016-04-11 00:53 - 2016-04-11 00:53 - 00000000 ____D C:\Users\jacka\Desktop\RootkitRevealer
2016-04-11 00:52 - 2016-04-11 00:52 - 08656400 _____ (Trend Micro Inc.) C:\Users\jacka\Desktop\RootkitBuster_v5_1061.exe
2016-04-11 00:52 - 2016-04-11 00:52 - 00000000 ____D C:\Users\jacka\Desktop\TMRBLog
2016-04-11 00:19 - 2016-04-11 00:19 - 00000000 ____D C:\ProgramData\Sophos
2016-04-11 00:17 - 2016-04-11 00:17 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-04-11 00:17 - 2016-04-11 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-04-11 00:17 - 2016-04-11 00:17 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-04-11 00:16 - 2016-04-11 00:16 - 147114072 _____ (Sophos Limited) C:\Users\jacka\Desktop\Sophos Virus Removal Tool.exe
2016-04-11 00:15 - 2016-04-11 00:15 - 01020640 _____ C:\Users\jacka\Desktop\antirootkit.exe
2016-04-11 00:15 - 2016-04-11 00:15 - 00000000 ____D C:\Users\jacka\Pavark
2016-04-11 00:12 - 2016-04-11 00:13 - 00784152 _____ (McAfee, Inc.) C:\Users\jacka\Desktop\rootkitremover.exe
2016-04-11 00:12 - 2016-04-11 00:12 - 01472131 _____ C:\Users\jacka\Desktop\vba32arkit.zip
2016-04-11 00:12 - 2016-04-11 00:12 - 00000000 ____D C:\Users\jacka\Desktop\vba32arkit
2016-04-11 00:07 - 2016-04-11 00:08 - 00033607 _____ C:\Users\jacka\Desktop\MTB.txt
2016-04-11 00:02 - 2016-04-11 00:02 - 00000000 ____D C:\Program Files (x86)\Boredom Software
2016-04-11 00:01 - 2016-04-11 00:01 - 03479769 _____ C:\Users\jacka\Desktop\VT Hash.zip
2016-04-11 00:01 - 2016-04-11 00:01 - 00000000 ____D C:\Users\jacka\Desktop\VT Hash
2016-04-10 23:54 - 2016-04-10 23:54 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-10 23:53 - 2016-04-10 23:54 - 25350712 _____ (SUPERAntiSpyware) C:\Users\jacka\Desktop\SUPERAntiSpyware.exe
2016-04-10 23:40 - 2016-04-10 23:53 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-10 23:40 - 2016-04-10 23:40 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-10 23:32 - 2016-04-10 23:32 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-04-10 23:32 - 2016-04-10 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-04-10 23:32 - 2016-04-10 23:32 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-10 23:31 - 2016-04-10 23:36 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-10 23:31 - 2016-04-10 23:31 - 11441744 _____ (SurfRight B.V.) C:\Users\jacka\Desktop\HitmanPro_x64.exe
2016-04-10 23:14 - 2016-04-11 17:12 - 00050896 _____ C:\Windows\ZAM.krnl.trace
2016-04-10 23:14 - 2016-04-11 17:10 - 00000983 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-04-10 23:14 - 2016-04-10 23:14 - 05013792 _____ ( ) C:\Users\jacka\Desktop\Zemana.AntiMalware.Setup.exe
2016-04-10 23:14 - 2016-04-10 23:14 - 00247464 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-04-10 23:14 - 2016-04-10 23:14 - 00247464 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-04-10 23:14 - 2016-04-10 23:14 - 00001145 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-04-10 23:14 - 2016-04-10 23:14 - 00000000 ____D C:\Users\jacka\AppData\Local\Zemana
2016-04-10 23:14 - 2016-04-10 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-04-10 23:14 - 2016-04-10 23:14 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-04-10 23:13 - 2016-04-11 17:11 - 00000000 ____D C:\ProgramData\VoodooShield
2016-04-10 23:13 - 2016-04-10 23:13 - 00000901 _____ C:\Users\Public\Desktop\Voodoo Shield.lnk
2016-04-10 23:13 - 2016-04-10 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
2016-04-10 23:13 - 2016-04-10 23:13 - 00000000 ____D C:\Program Files\VoodooShield
2016-04-10 23:13 - 2014-09-06 14:26 - 00009216 _____ C:\Windows\system32\cpn64.dll
2016-04-10 23:13 - 2014-09-06 14:26 - 00007168 _____ C:\Windows\SysWOW64\cpn32.dll
2016-04-10 23:12 - 2016-04-10 23:12 - 04664936 _____ (VoodooSoft, LLC ) C:\Users\jacka\Desktop\InstallVoodooShield.exe
2016-04-10 22:12 - 2016-04-10 22:12 - 00003638 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2016-04-10 22:12 - 2016-04-10 22:12 - 00003502 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2016-04-10 22:12 - 2016-04-10 22:12 - 00000000 ____D C:\ProgramData\Reason
2016-04-10 22:11 - 2016-04-10 22:11 - 04257344 _____ (Reason Software Company Inc.) C:\Users\jacka\Desktop\reason-core-security-setup.exe
2016-04-10 22:11 - 2016-04-10 22:11 - 00000956 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2016-04-10 22:11 - 2016-04-10 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2016-04-10 22:11 - 2016-04-10 22:11 - 00000000 ____D C:\Program Files\Reason
2016-04-10 18:55 - 2016-04-10 18:55 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\jacka\Desktop\procexp.exe
2016-04-10 18:39 - 2016-04-10 18:40 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\jacka\Desktop\iExplore.exe
2016-04-10 05:25 - 2016-04-10 05:25 - 00251644 _____ C:\Users\jacka\OneDrive\Documents\just in casew.pcapng
2016-04-10 00:30 - 2016-04-10 00:31 - 25853120 _____ C:\Users\jacka\Desktop\how to spot a predator.webm
2016-04-10 00:30 - 2016-04-10 00:30 - 00000000 ____D C:\Users\jacka\AppData\Local\CrashRpt
2016-04-10 00:29 - 2016-04-10 00:29 - 00130364 _____ C:\Users\jacka\OneDrive\Documents\something to come back to.pcapng
2016-04-08 20:12 - 2016-04-10 18:58 - 00000000 ____D C:\Program Files (x86)\Cryptostorm Client
2016-04-08 20:12 - 2016-04-08 20:12 - 12097842 _____ (Cryptostorm ) C:\Users\jacka\Desktop\setup.exe
2016-04-07 18:52 - 2016-04-08 23:21 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Wireshark
2016-04-07 18:37 - 2016-04-07 18:49 - 47535128 _____ (Wireshark development team) C:\Users\jacka\Desktop\Wireshark-win64-2.0.2.exe
2016-04-07 17:59 - 2016-03-11 11:21 - 00039040 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-04-07 17:58 - 2016-04-07 18:23 - 06323976 _____ C:\Users\jacka\Desktop\TotalVPN.exe
2016-04-04 09:02 - 2016-04-04 09:02 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-04-04 06:13 - 2016-04-04 06:46 - 00000000 _____ C:\Recovery.txt
2016-04-04 01:54 - 2016-04-04 01:54 - 04188760 _____ C:\Users\jacka\Desktop\tweaking.com_simple_system_tweaker_setup.exe
2016-04-04 01:54 - 2016-04-04 01:54 - 00002355 _____ C:\Users\jacka\Desktop\Tweaking.com - Simple System Tweaker.lnk
2016-04-04 01:54 - 2016-04-04 01:54 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-04-04 01:54 - 2016-04-04 01:54 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-04 01:11 - 2016-04-04 01:11 - 00001100 _____ C:\Users\jacka\Desktop\Start Emergency Kit Scanner.exe - Shortcut.lnk
2016-04-04 01:08 - 2016-04-04 01:09 - 224733960 _____ C:\Users\jacka\Desktop\EmsisoftEmergencyKit.exe
2016-04-03 23:08 - 2016-04-11 01:55 - 00003656 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-04-03 23:08 - 2016-04-03 23:08 - 00000000 ____D C:\Windows\ERUNT
2016-04-03 18:06 - 2016-04-03 18:06 - 00000000 ____D C:\Windows\pss
2016-04-03 17:57 - 2016-04-11 01:50 - 00000000 ____D C:\EEK
2016-04-03 00:22 - 2016-04-03 01:23 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2016-04-02 21:13 - 2016-04-02 21:17 - 224733960 _____ C:\Users\jacka\Downloads\EmsisoftEmergencyKit.exe
2016-04-02 21:07 - 2016-04-02 21:08 - 283904000 _____ C:\Users\jacka\Downloads\kav_rescue_10.iso
2016-04-02 20:30 - 2016-04-02 20:37 - 340670464 _____ C:\Users\jacka\Downloads\eset-sysrescue.1.0.9.0.enu.iso
2016-04-01 16:21 - 2016-04-01 16:21 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-03-30 21:54 - 2016-03-30 21:54 - 00000000 ____D C:\Users\jacka\AppData\Local\ElevatedDiagnostics
2016-03-30 17:12 - 2016-03-30 17:12 - 00000000 ____D C:\Users\jacka\AppData\Roaming\KeePass
2016-03-30 17:01 - 2016-03-30 17:02 - 01926960 _____ (Dominik Reichl ) C:\Users\jacka\Downloads\KeePass-1.31-Setup.exe
2016-03-30 00:30 - 2016-04-10 18:11 - 00035840 ___SH C:\Users\jacka\Downloads\Thumbs.db
2016-03-26 00:09 - 2016-03-26 00:12 - 69901947 _____ C:\Users\jacka\Desktop\ice_video_20160325-230936.webm
2016-03-23 23:00 - 2016-03-10 15:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\is-6JNJH.tmp
2016-03-20 00:45 - 2016-03-20 00:49 - 59000670 _____ C:\Users\jacka\Desktop\ice_video_20160319-234552.webm
2016-03-19 23:33 - 2016-03-19 23:38 - 60633889 _____ C:\Users\jacka\Desktop\Windows 10 Privacy.webm
2016-03-19 21:46 - 2016-03-21 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-15 00:35 - 2016-03-15 00:37 - 38199909 _____ C:\Users\jacka\Desktop\How to be safe on Skype Part one.webm
2016-03-15 00:22 - 2016-03-15 00:22 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Gyazo
2016-03-15 00:18 - 2016-03-15 18:53 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-03-15 00:18 - 2016-03-15 00:18 - 09180744 _____ (Nota Inc. ) C:\Users\jacka\Downloads\Gyazo-3.2.1.exe
2016-03-15 00:18 - 2016-03-15 00:18 - 00003544 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-03-15 00:18 - 2016-03-15 00:18 - 00003408 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2016-03-15 00:18 - 2016-03-15 00:18 - 00001051 _____ C:\Users\Public\Desktop\Gyazo.lnk
2016-03-15 00:18 - 2016-03-15 00:18 - 00001051 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
2016-03-15 00:18 - 2016-03-15 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2016-03-14 00:44 - 2016-03-14 00:48 - 42366354 _____ C:\Users\jacka\Desktop\Checking to see if a file is bad.webm
2016-03-14 00:16 - 2016-03-14 00:24 - 89171791 _____ C:\Users\jacka\Desktop\Updating browsers.webm
2016-03-14 00:14 - 2016-03-14 00:14 - 00000000 ____D C:\Users\jacka\AppData\Local\Icecream
2016-03-14 00:14 - 2016-03-14 00:14 - 00000000 ____D C:\Users\jacka\.Icecream Screen Recorder
2016-03-14 00:14 - 2016-03-14 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2016-03-14 00:13 - 2016-03-14 00:13 - 00001188 _____ C:\Users\Public\Desktop\Icecream Screen Recorder.lnk
2016-03-14 00:13 - 2016-03-14 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Screen Recorder
2016-03-14 00:13 - 2016-03-14 00:13 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
2016-03-14 00:13 - 2016-03-14 00:13 - 00000000 ____D C:\Program Files (x86)\Icecream Screen Recorder
2016-03-14 00:09 - 2016-03-14 00:09 - 00000000 ____D C:\Users\jacka\OneDrive\Documents\Avatar
2016-03-14 00:03 - 2016-03-14 00:03 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2016-03-14 00:03 - 2015-03-24 08:02 - 00042968 _____ (CyberLink Corporation) C:\Windows\system32\Drivers\clwvd7.sys
2016-03-14 00:02 - 2016-04-07 18:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-14 00:01 - 2016-03-19 22:49 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-03-14 00:01 - 2016-03-14 00:02 - 00000000 ____D C:\ProgramData\install_clap
2016-03-13 19:55 - 2016-03-13 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-13 19:55 - 2016-03-13 19:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-13 19:55 - 2016-03-13 19:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-13 16:53 - 2016-03-13 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-03-13 16:52 - 2016-03-13 16:52 - 120421344 _____ (Oracle Corporation) C:\Users\jacka\Downloads\VirtualBox-5.0.16-105871-Win.exe
2016-03-12 17:39 - 2016-03-12 17:49 - 1581383680 _____ C:\Users\jacka\Downloads\linuxmint-17.3-cinnamon-64bit.iso
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-11 17:11 - 2016-02-10 22:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-11 17:09 - 2016-02-15 14:40 - 00000000 ____D C:\ProgramData\MCShield
2016-04-11 17:08 - 2016-02-20 21:30 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-11 17:08 - 2016-02-08 01:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-11 17:08 - 2016-02-08 00:01 - 00000000 __SHD C:\Users\jacka\IntelGraphicsProfiles
2016-04-11 17:08 - 2016-02-08 00:00 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-11 17:05 - 2016-02-07 23:54 - 00838508 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-11 17:05 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2016-04-11 17:01 - 2016-02-19 23:42 - 00000000 ____D C:\ProgramData\VMware
2016-04-11 17:00 - 2016-02-07 23:49 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-11 17:00 - 2015-10-30 07:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-04-11 16:57 - 2016-02-26 19:36 - 00000000 ____D C:\Windows\Minidump
2016-04-11 16:57 - 2016-02-08 07:47 - 00000000 ____D C:\Windows\Panther
2016-04-11 16:54 - 2016-02-08 00:06 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E84198C8-2584-4CE2-83CB-D4C491C59B33}
2016-04-11 01:55 - 2016-02-19 20:36 - 00001542 _____ C:\DelFix.txt
2016-04-11 00:35 - 2016-02-20 21:30 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-11 00:15 - 2016-02-08 00:00 - 00000000 ____D C:\Users\jacka
2016-04-10 20:25 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-04-10 19:52 - 2016-02-20 22:13 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Everything
2016-04-10 18:57 - 2016-02-14 23:30 - 00000000 ____D C:\ProgramData\Skype
2016-04-10 04:11 - 2016-02-14 23:30 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Skype
2016-04-09 20:18 - 2016-02-14 22:48 - 00004230 _____ C:\Windows\System32\Tasks\Open URL by RoboForm
2016-04-09 20:18 - 2016-02-14 22:48 - 00003592 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2016-04-09 20:18 - 2016-02-14 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2016-04-09 20:02 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\AppReadiness
2016-04-08 18:35 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-08 16:11 - 2016-02-10 22:09 - 00003820 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 17:14 - 2016-02-19 23:04 - 00000000 ____D C:\Users\jacka\.VirtualBox
2016-04-04 00:31 - 2016-02-28 23:22 - 00000000 ____D C:\Program Files (x86)\AzTools
2016-04-04 00:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\LiveKernelReports
2016-04-01 03:59 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-01 03:58 - 2016-02-08 01:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-30 17:12 - 2015-11-16 13:21 - 00264552 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00198096 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00084800 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00053384 _____ (ESET) C:\Windows\system32\Drivers\epfwlwf.sys
2016-03-29 22:37 - 2016-02-20 21:31 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-23 23:00 - 2016-02-08 01:09 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-23 23:00 - 2016-02-08 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-23 23:00 - 2016-02-08 01:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-23 00:54 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2016-03-21 22:38 - 2016-02-08 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-19 22:49 - 2016-02-28 23:10 - 00000000 ____D C:\ProgramData\TEMP
2016-03-14 17:41 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-13 21:28 - 2016-02-20 00:15 - 00000000 ____D C:\Users\jacka\AppData\Local\VMware
2016-03-13 21:25 - 2016-02-20 00:15 - 00000000 ____D C:\Users\jacka\AppData\Roaming\VMware
2016-03-13 16:53 - 2016-02-19 23:04 - 00001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
Some files in TEMP:
====================
C:\Users\jacka\AppData\Local\Temp\BJ.exe
C:\Users\jacka\AppData\Local\Temp\dllnt_dump.dll
C:\Users\jacka\AppData\Local\Temp\ERUNT.exe
C:\Users\jacka\AppData\Local\Temp\rscp_setup.exe
C:\Users\jacka\AppData\Local\Temp\XZOUFFTFQ.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-03 14:19
==================== End of FRST.txt ============================
Addition.txt Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by jacka (2016-04-11 17:12:36)
Running from C:\Users\jacka\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-07 22:56:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3022446708-123597430-1770447347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3022446708-123597430-1770447347-503 - Limited - Disabled)
Guest (S-1-5-21-3022446708-123597430-1770447347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3022446708-123597430-1770447347-1005 - Limited - Enabled)
jacka (S-1-5-21-3022446708-123597430-1770447347-1001 - Administrator - Enabled) => C:\Users\jacka
james (S-1-5-21-3022446708-123597430-1770447347-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.375.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Gyazo 3.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
Icecream Screen Recorder version 3.30 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 3.30 - Icecream Apps)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6741.2021 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.1.0.0 - Reason Software Company Inc.)
RoboForm 7-9-18-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-18-5 - Siber Systems)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Vagrant (HKLM-x32\...\{DBD58741-B374-4518-B0F7-8F33D09E3164}) (Version: 1.8.1 - HashiCorp)
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
VoodooShield version 2.86 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 2.86 - VoodooSoft, LLC)
VT Hash Check 1.56 (HKLM-x32\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.56 - Boredom Software)
WebM Project Directshow Filters (HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
Workrave 1.10 (HKLM-x32\...\Workrave_is1) (Version: - Rob Caelers & Raymond Penners)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.140 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3022446708-123597430-1770447347-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jacka\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {188C31CE-D57C-4C9D-95AA-DC6BD073239A} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-08-13] (Reason Software Company Inc.)
Task: {24EB583A-463E-45CC-9266-85DA335356A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {42F14D69-5C1E-458C-AE44-BFFCB9520E0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {48B1B3F7-76D7-4A34-B4BC-6F853BE3097E} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {512F7D04-54CD-42A8-8EDB-2F1DB8263B3D} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {53AA35C5-0FE5-4B06-BB8D-C16B958FC882} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMMMHMNJMJNJNJJJCNMMKMMMJMCNLMJMNMLJCNNJMMNJMMCNOMMMMMOJOMLMGMJJHMPMPMNJJNJICMIMCNGMCNOMHMFMOMOMCNOMJMNMCNOMPMKMHMJMFMPMCNPMCNOMPMKMHMJMCNNMJNPICMOMFMEKMICNJJCKFMKMLMJNHICMEKMICNJJCKJNBJCMFLOJMJEJPNOLMJAJMJEJJNKJCMJNNICMJNDJ (the data entry has 59 more characters).
Task: {54766D73-F05E-482E-A31B-89DF184B436D} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-08-13] (Reason Software Company Inc.)
Task: {5678114F-D56A-4926-974B-C87CEC041CDF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {6036A827-1236-4DDD-8E76-77F52641114A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)
Task: {ADF5CD87-23B6-41C1-9E10-C19A9452B03C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {AF7674E0-E071-426D-9331-A9873C3880F6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-01] (Microsoft Corporation)
Task: {B88AA8F5-761C-4051-9FC4-1A74AF0EDDA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {C54E4625-CEDD-488E-8C6C-56D8F09A3138} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {C6F7F130-7349-45D0-9D37-A9C5274876C2} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {CACDFA3D-EDD6-405F-9F7C-67205FB16577} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-04-09] (Siber Systems)
Task: {D8197D27-4125-44C0-B06B-B77450BCDC6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-04-10 23:13 - 2014-09-06 14:26 - 00009216 _____ () C:\Windows\System32\cpn64.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-02-20 22:13 - 2014-08-06 02:01 - 01048576 _____ () C:\Program Files (x86)\Everything\Everything.exe
2016-02-08 01:30 - 2016-03-20 13:10 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-04-10 22:12 - 2016-04-10 22:12 - 00254904 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2016-03-02 20:59 - 2016-02-23 12:27 - 02654872 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-03-02 20:59 - 2016-02-23 12:27 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-03-16 18:25 - 2016-04-01 03:56 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-19 02:08 - 2015-12-19 02:08 - 00402344 _____ () C:\Windows\system32\igfxTray.exe
2016-02-08 00:54 - 2016-02-08 00:54 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-08 00:15 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 20:59 - 2016-02-23 09:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-08 00:16 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-08 00:15 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-08 00:16 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-08 00:16 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-10 22:12 - 2016-04-10 22:12 - 00570296 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98017090.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98017090.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2016-04-11 17:01 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Everything"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Workrave"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Gyazo"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FB61C183-5CFC-4ACD-ACAC-541EA43FD903}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49979E48-5D03-4FE5-B77C-4E37B1632EF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4B0C5841-A88B-4D3B-8A0C-5ECAF94B2DD1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{995CA16A-E833-443D-837C-50D4A9730B40}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{AD257DB5-462D-4D09-A0D1-1FE2B0C4CF2B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{15E9FEBA-D927-44A4-B4A4-F5339DB7BB06}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
11-04-2016 01:55:16 End of disinfection
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/11/2016 04:59:02 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostw (8008) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.
Error: (04/11/2016 04:59:02 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (8008) WebCacheLocal: An attempt to open the file "C:\Users\jacka\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (04/11/2016 04:59:02 PM) (Source: ESENT) (EventID: 490) (User: )
Description: CCleaner64 (5360) testing: An attempt to open the file "C:\Users\jacka\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (04/11/2016 01:55:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (04/11/2016 01:21:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-18TF7QT)
Description: Activation of app Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/11/2016 01:03:07 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (04/11/2016 12:54:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x4b4
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5
Error: (04/11/2016 12:53:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x1088
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5
Error: (04/10/2016 06:12:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (04/10/2016 05:57:44 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
System errors:
=============
Error: (04/11/2016 05:08:55 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (04/11/2016 05:08:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (04/11/2016 05:08:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (04/11/2016 05:08:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (04/11/2016 05:08:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (04/11/2016 05:08:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (04/11/2016 05:08:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (04/11/2016 05:08:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (04/11/2016 05:00:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WMPNetworkSvc service depends on the WSearch service which failed to start because of the following error:
%%1058
Error: (04/11/2016 05:00:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_96fce5 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-04-11 17:00:51.418
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.
Date: 2016-04-11 17:00:51.409
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.
Date: 2016-04-11 17:00:51.266
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.
Date: 2016-04-11 17:00:50.516
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.
Date: 2016-04-11 01:51:32.075
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.
Date: 2016-04-11 01:51:32.067
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.
Date: 2016-04-11 01:51:31.700
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.
Date: 2016-04-11 01:51:31.550
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.
Date: 2016-04-11 01:21:13.726
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.
Date: 2016-04-11 01:21:13.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU G3258 @ 3.20GHz
Percentage of memory in use: 28%
Total physical RAM: 7885.05 MB
Available physical RAM: 5670.56 MB
Total Virtual: 8397.05 MB
Available Virtual: 6069.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.96 GB) (Free:833.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 000E47F3)
Partition: GPT.
==================== End of Addition.txt ============================
Thanks.