Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: SEC Fines Yahoo $35 Million for Data Breach That Affected 500 Million Users

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Think I might need a check up on this log

Started by auto1571 , Apr 11 2016 11:25 AM

This topic is locked

32 replies to this topic

#1 auto1571

Members
295 posts
OFFLINE

Local time:10:40 PM

Posted 11 April 2016 - 11:25 AM

Well a couple of days ago I got a bit drunk and stupidly ended up coming across some troll on the internet. I didn't realize at the time but this was a P2P connection feed and so they got my IP. They they told me that I had a samba port open. I left after this and this chat only lasted about 1 to 2 minutes. I had no idea what this meant and so I looked up. I got quite a few conflicting information here and my main concern here now is if someone was able to gain remote access to my PC here.

And even if they try to gain access Certain Anti-Malware programs like MBAM PRO and EMSISOFT would be able to pick it up right?

Also is ever possible that malware could bypass detection from diagnostic tools like FRST?

Anyway I have performed a scan with FRST of which I will now give you the logs: Just before I do that I want to post a warning screen shot after first trying to run FRST:

FRST LOG:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by jacka (administrator) on DESKTOP-18TF7QT (11-04-2016 17:11:56)
Running from C:\Users\jacka\Desktop
Loaded Profiles: jacka (Available Profiles: jacka)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(VoodooSoft, LLC) C:\Program Files\VoodooShield\VoodooShieldService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(VoodooSoft, LLC) C:\Program Files\VoodooShield\VoodooShield.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [1834944 2015-12-02] (VoodooSoft, LLC)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] ()
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [Workrave] => C:\Program Files (x86)\Workrave\lib\workrave.exe [4480000 2013-01-13] (The Workrave development team)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-02-17] (Nota Inc.)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-04-09] (Siber Systems)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
HKLM\...\AppCertDlls: [cpn32] -> C:\Windows\SysWOW64\cpn32.dll [7168 2014-09-06] ()
HKLM\...\AppCertDlls: [cpn64] -> C:\Windows\System32\cpn64.dll [9216 2014-09-06] ()
Startup: C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-02-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ad1349cb-bedf-416f-aa1d-2911e8c8f575}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-01] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-09] (Siber Systems Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-01] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-09] (Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-09] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-09] (Siber Systems Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default
FF Homepage: hxxp://start.roboform.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Malware Search - C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2016-02-19]
FF Extension: uBlock Origin - C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default\Extensions\uBlock0@raymondhill.net.xpi [2016-04-06]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-04-09]
FF HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://duckduckgo.com/"
CHR DefaultSearchURL: Default -> hxxp://tinychat.com/themanhole
CHR Profile: C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-20]
CHR Extension: (Google Docs) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-20]
CHR Extension: (Google Drive) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20]
CHR Extension: (YouTube) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20]
CHR Extension: (Google Search) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (AdBlock) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-02-14]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-02-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2823920 2016-03-20] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-03-30] (ESET)
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] <==== ATTENTION
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-04-10] (SurfRight B.V.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [254904 2016-04-10] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-08-13] (Reason Software Company Inc.)
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [79384 2015-12-02] (VoodooSoft, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-03-30] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [199680 2015-11-16] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [142976 2015-11-16] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [198096 2016-03-30] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53384 2016-03-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-03-30] (ESET)
R1 epp; C:\EEK\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
S3 MFE_RR; C:\Users\jacka\AppData\Local\Temp\mfe_rr.sys [24120 2016-04-11] (McAfee, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-10] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [247464 2016-04-10] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [247464 2016-04-10] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 17:11 - 2016-04-11 17:12 - 00015191 _____ C:\Users\jacka\Desktop\FRST.txt
2016-04-11 17:11 - 2016-04-11 17:11 - 00000000 ____D C:\FRST
2016-04-11 17:10 - 2016-04-11 17:10 - 02375168 _____ (Farbar) C:\Users\jacka\Desktop\FRST64.exe
2016-04-11 02:11 - 2016-04-11 02:11 - 00897536 _____ C:\Users\jacka\Desktop\RGSA.exe
2016-04-11 01:54 - 2016-04-11 01:54 - 00781312 _____ C:\Users\jacka\Desktop\delfix_1.010.exe
2016-04-11 00:54 - 2016-04-11 00:54 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\jacka\Desktop\FixExec.exe
2016-04-11 00:54 - 2016-04-11 00:54 - 00001238 _____ C:\Users\jacka\Desktop\FixExec.txt
2016-04-11 00:53 - 2016-04-11 16:57 - 00000000 ____D C:\Users\jacka\AppData\Local\CrashDumps
2016-04-11 00:53 - 2016-04-11 00:53 - 00231390 _____ C:\Users\jacka\Desktop\RootkitRevealer.zip
2016-04-11 00:53 - 2016-04-11 00:53 - 00000000 ____D C:\Users\jacka\Desktop\RootkitRevealer
2016-04-11 00:52 - 2016-04-11 00:52 - 08656400 _____ (Trend Micro Inc.) C:\Users\jacka\Desktop\RootkitBuster_v5_1061.exe
2016-04-11 00:52 - 2016-04-11 00:52 - 00000000 ____D C:\Users\jacka\Desktop\TMRBLog
2016-04-11 00:19 - 2016-04-11 00:19 - 00000000 ____D C:\ProgramData\Sophos
2016-04-11 00:17 - 2016-04-11 00:17 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-04-11 00:17 - 2016-04-11 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-04-11 00:17 - 2016-04-11 00:17 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-04-11 00:16 - 2016-04-11 00:16 - 147114072 _____ (Sophos Limited) C:\Users\jacka\Desktop\Sophos Virus Removal Tool.exe
2016-04-11 00:15 - 2016-04-11 00:15 - 01020640 _____ C:\Users\jacka\Desktop\antirootkit.exe
2016-04-11 00:15 - 2016-04-11 00:15 - 00000000 ____D C:\Users\jacka\Pavark
2016-04-11 00:12 - 2016-04-11 00:13 - 00784152 _____ (McAfee, Inc.) C:\Users\jacka\Desktop\rootkitremover.exe
2016-04-11 00:12 - 2016-04-11 00:12 - 01472131 _____ C:\Users\jacka\Desktop\vba32arkit.zip
2016-04-11 00:12 - 2016-04-11 00:12 - 00000000 ____D C:\Users\jacka\Desktop\vba32arkit
2016-04-11 00:07 - 2016-04-11 00:08 - 00033607 _____ C:\Users\jacka\Desktop\MTB.txt
2016-04-11 00:02 - 2016-04-11 00:02 - 00000000 ____D C:\Program Files (x86)\Boredom Software
2016-04-11 00:01 - 2016-04-11 00:01 - 03479769 _____ C:\Users\jacka\Desktop\VT Hash.zip
2016-04-11 00:01 - 2016-04-11 00:01 - 00000000 ____D C:\Users\jacka\Desktop\VT Hash
2016-04-10 23:54 - 2016-04-10 23:54 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-10 23:53 - 2016-04-10 23:54 - 25350712 _____ (SUPERAntiSpyware) C:\Users\jacka\Desktop\SUPERAntiSpyware.exe
2016-04-10 23:40 - 2016-04-10 23:53 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-10 23:40 - 2016-04-10 23:40 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-10 23:32 - 2016-04-10 23:32 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-04-10 23:32 - 2016-04-10 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-04-10 23:32 - 2016-04-10 23:32 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-10 23:31 - 2016-04-10 23:36 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-10 23:31 - 2016-04-10 23:31 - 11441744 _____ (SurfRight B.V.) C:\Users\jacka\Desktop\HitmanPro_x64.exe
2016-04-10 23:14 - 2016-04-11 17:12 - 00050896 _____ C:\Windows\ZAM.krnl.trace
2016-04-10 23:14 - 2016-04-11 17:10 - 00000983 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-04-10 23:14 - 2016-04-10 23:14 - 05013792 _____ ( ) C:\Users\jacka\Desktop\Zemana.AntiMalware.Setup.exe
2016-04-10 23:14 - 2016-04-10 23:14 - 00247464 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-04-10 23:14 - 2016-04-10 23:14 - 00247464 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-04-10 23:14 - 2016-04-10 23:14 - 00001145 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-04-10 23:14 - 2016-04-10 23:14 - 00000000 ____D C:\Users\jacka\AppData\Local\Zemana
2016-04-10 23:14 - 2016-04-10 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-04-10 23:14 - 2016-04-10 23:14 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-04-10 23:13 - 2016-04-11 17:11 - 00000000 ____D C:\ProgramData\VoodooShield
2016-04-10 23:13 - 2016-04-10 23:13 - 00000901 _____ C:\Users\Public\Desktop\Voodoo Shield.lnk
2016-04-10 23:13 - 2016-04-10 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
2016-04-10 23:13 - 2016-04-10 23:13 - 00000000 ____D C:\Program Files\VoodooShield
2016-04-10 23:13 - 2014-09-06 14:26 - 00009216 _____ C:\Windows\system32\cpn64.dll
2016-04-10 23:13 - 2014-09-06 14:26 - 00007168 _____ C:\Windows\SysWOW64\cpn32.dll
2016-04-10 23:12 - 2016-04-10 23:12 - 04664936 _____ (VoodooSoft, LLC ) C:\Users\jacka\Desktop\InstallVoodooShield.exe
2016-04-10 22:12 - 2016-04-10 22:12 - 00003638 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2016-04-10 22:12 - 2016-04-10 22:12 - 00003502 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2016-04-10 22:12 - 2016-04-10 22:12 - 00000000 ____D C:\ProgramData\Reason
2016-04-10 22:11 - 2016-04-10 22:11 - 04257344 _____ (Reason Software Company Inc.) C:\Users\jacka\Desktop\reason-core-security-setup.exe
2016-04-10 22:11 - 2016-04-10 22:11 - 00000956 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2016-04-10 22:11 - 2016-04-10 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2016-04-10 22:11 - 2016-04-10 22:11 - 00000000 ____D C:\Program Files\Reason
2016-04-10 18:55 - 2016-04-10 18:55 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\jacka\Desktop\procexp.exe
2016-04-10 18:39 - 2016-04-10 18:40 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\jacka\Desktop\iExplore.exe
2016-04-10 05:25 - 2016-04-10 05:25 - 00251644 _____ C:\Users\jacka\OneDrive\Documents\just in casew.pcapng
2016-04-10 00:30 - 2016-04-10 00:31 - 25853120 _____ C:\Users\jacka\Desktop\how to spot a predator.webm
2016-04-10 00:30 - 2016-04-10 00:30 - 00000000 ____D C:\Users\jacka\AppData\Local\CrashRpt
2016-04-10 00:29 - 2016-04-10 00:29 - 00130364 _____ C:\Users\jacka\OneDrive\Documents\something to come back to.pcapng
2016-04-08 20:12 - 2016-04-10 18:58 - 00000000 ____D C:\Program Files (x86)\Cryptostorm Client
2016-04-08 20:12 - 2016-04-08 20:12 - 12097842 _____ (Cryptostorm ) C:\Users\jacka\Desktop\setup.exe
2016-04-07 18:52 - 2016-04-08 23:21 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Wireshark
2016-04-07 18:37 - 2016-04-07 18:49 - 47535128 _____ (Wireshark development team) C:\Users\jacka\Desktop\Wireshark-win64-2.0.2.exe
2016-04-07 17:59 - 2016-03-11 11:21 - 00039040 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-04-07 17:58 - 2016-04-07 18:23 - 06323976 _____ C:\Users\jacka\Desktop\TotalVPN.exe
2016-04-04 09:02 - 2016-04-04 09:02 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-04-04 06:13 - 2016-04-04 06:46 - 00000000 _____ C:\Recovery.txt
2016-04-04 01:54 - 2016-04-04 01:54 - 04188760 _____ C:\Users\jacka\Desktop\tweaking.com_simple_system_tweaker_setup.exe
2016-04-04 01:54 - 2016-04-04 01:54 - 00002355 _____ C:\Users\jacka\Desktop\Tweaking.com - Simple System Tweaker.lnk
2016-04-04 01:54 - 2016-04-04 01:54 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-04-04 01:54 - 2016-04-04 01:54 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-04 01:11 - 2016-04-04 01:11 - 00001100 _____ C:\Users\jacka\Desktop\Start Emergency Kit Scanner.exe - Shortcut.lnk
2016-04-04 01:08 - 2016-04-04 01:09 - 224733960 _____ C:\Users\jacka\Desktop\EmsisoftEmergencyKit.exe
2016-04-03 23:08 - 2016-04-11 01:55 - 00003656 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-04-03 23:08 - 2016-04-03 23:08 - 00000000 ____D C:\Windows\ERUNT
2016-04-03 18:06 - 2016-04-03 18:06 - 00000000 ____D C:\Windows\pss
2016-04-03 17:57 - 2016-04-11 01:50 - 00000000 ____D C:\EEK
2016-04-03 00:22 - 2016-04-03 01:23 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2016-04-02 21:13 - 2016-04-02 21:17 - 224733960 _____ C:\Users\jacka\Downloads\EmsisoftEmergencyKit.exe
2016-04-02 21:07 - 2016-04-02 21:08 - 283904000 _____ C:\Users\jacka\Downloads\kav_rescue_10.iso
2016-04-02 20:30 - 2016-04-02 20:37 - 340670464 _____ C:\Users\jacka\Downloads\eset-sysrescue.1.0.9.0.enu.iso
2016-04-01 16:21 - 2016-04-01 16:21 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-03-30 21:54 - 2016-03-30 21:54 - 00000000 ____D C:\Users\jacka\AppData\Local\ElevatedDiagnostics
2016-03-30 17:12 - 2016-03-30 17:12 - 00000000 ____D C:\Users\jacka\AppData\Roaming\KeePass
2016-03-30 17:01 - 2016-03-30 17:02 - 01926960 _____ (Dominik Reichl ) C:\Users\jacka\Downloads\KeePass-1.31-Setup.exe
2016-03-30 00:30 - 2016-04-10 18:11 - 00035840 ___SH C:\Users\jacka\Downloads\Thumbs.db
2016-03-26 00:09 - 2016-03-26 00:12 - 69901947 _____ C:\Users\jacka\Desktop\ice_video_20160325-230936.webm
2016-03-23 23:00 - 2016-03-10 15:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\is-6JNJH.tmp
2016-03-20 00:45 - 2016-03-20 00:49 - 59000670 _____ C:\Users\jacka\Desktop\ice_video_20160319-234552.webm
2016-03-19 23:33 - 2016-03-19 23:38 - 60633889 _____ C:\Users\jacka\Desktop\Windows 10 Privacy.webm
2016-03-19 21:46 - 2016-03-21 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-15 00:35 - 2016-03-15 00:37 - 38199909 _____ C:\Users\jacka\Desktop\How to be safe on Skype Part one.webm
2016-03-15 00:22 - 2016-03-15 00:22 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Gyazo
2016-03-15 00:18 - 2016-03-15 18:53 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-03-15 00:18 - 2016-03-15 00:18 - 09180744 _____ (Nota Inc. ) C:\Users\jacka\Downloads\Gyazo-3.2.1.exe
2016-03-15 00:18 - 2016-03-15 00:18 - 00003544 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-03-15 00:18 - 2016-03-15 00:18 - 00003408 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2016-03-15 00:18 - 2016-03-15 00:18 - 00001051 _____ C:\Users\Public\Desktop\Gyazo.lnk
2016-03-15 00:18 - 2016-03-15 00:18 - 00001051 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
2016-03-15 00:18 - 2016-03-15 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2016-03-14 00:44 - 2016-03-14 00:48 - 42366354 _____ C:\Users\jacka\Desktop\Checking to see if a file is bad.webm
2016-03-14 00:16 - 2016-03-14 00:24 - 89171791 _____ C:\Users\jacka\Desktop\Updating browsers.webm
2016-03-14 00:14 - 2016-03-14 00:14 - 00000000 ____D C:\Users\jacka\AppData\Local\Icecream
2016-03-14 00:14 - 2016-03-14 00:14 - 00000000 ____D C:\Users\jacka\.Icecream Screen Recorder
2016-03-14 00:14 - 2016-03-14 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2016-03-14 00:13 - 2016-03-14 00:13 - 00001188 _____ C:\Users\Public\Desktop\Icecream Screen Recorder.lnk
2016-03-14 00:13 - 2016-03-14 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Screen Recorder
2016-03-14 00:13 - 2016-03-14 00:13 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
2016-03-14 00:13 - 2016-03-14 00:13 - 00000000 ____D C:\Program Files (x86)\Icecream Screen Recorder
2016-03-14 00:09 - 2016-03-14 00:09 - 00000000 ____D C:\Users\jacka\OneDrive\Documents\Avatar
2016-03-14 00:03 - 2016-03-14 00:03 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2016-03-14 00:03 - 2015-03-24 08:02 - 00042968 _____ (CyberLink Corporation) C:\Windows\system32\Drivers\clwvd7.sys
2016-03-14 00:02 - 2016-04-07 18:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-14 00:01 - 2016-03-19 22:49 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-03-14 00:01 - 2016-03-14 00:02 - 00000000 ____D C:\ProgramData\install_clap
2016-03-13 19:55 - 2016-03-13 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-13 19:55 - 2016-03-13 19:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-13 19:55 - 2016-03-13 19:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-13 16:53 - 2016-03-13 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-03-13 16:52 - 2016-03-13 16:52 - 120421344 _____ (Oracle Corporation) C:\Users\jacka\Downloads\VirtualBox-5.0.16-105871-Win.exe
2016-03-12 17:39 - 2016-03-12 17:49 - 1581383680 _____ C:\Users\jacka\Downloads\linuxmint-17.3-cinnamon-64bit.iso

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 17:11 - 2016-02-10 22:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-11 17:09 - 2016-02-15 14:40 - 00000000 ____D C:\ProgramData\MCShield
2016-04-11 17:08 - 2016-02-20 21:30 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-11 17:08 - 2016-02-08 01:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-11 17:08 - 2016-02-08 00:01 - 00000000 __SHD C:\Users\jacka\IntelGraphicsProfiles
2016-04-11 17:08 - 2016-02-08 00:00 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-11 17:05 - 2016-02-07 23:54 - 00838508 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-11 17:05 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2016-04-11 17:01 - 2016-02-19 23:42 - 00000000 ____D C:\ProgramData\VMware
2016-04-11 17:00 - 2016-02-07 23:49 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-11 17:00 - 2015-10-30 07:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-04-11 16:57 - 2016-02-26 19:36 - 00000000 ____D C:\Windows\Minidump
2016-04-11 16:57 - 2016-02-08 07:47 - 00000000 ____D C:\Windows\Panther
2016-04-11 16:54 - 2016-02-08 00:06 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E84198C8-2584-4CE2-83CB-D4C491C59B33}
2016-04-11 01:55 - 2016-02-19 20:36 - 00001542 _____ C:\DelFix.txt
2016-04-11 00:35 - 2016-02-20 21:30 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-11 00:15 - 2016-02-08 00:00 - 00000000 ____D C:\Users\jacka
2016-04-10 20:25 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-04-10 19:52 - 2016-02-20 22:13 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Everything
2016-04-10 18:57 - 2016-02-14 23:30 - 00000000 ____D C:\ProgramData\Skype
2016-04-10 04:11 - 2016-02-14 23:30 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Skype
2016-04-09 20:18 - 2016-02-14 22:48 - 00004230 _____ C:\Windows\System32\Tasks\Open URL by RoboForm
2016-04-09 20:18 - 2016-02-14 22:48 - 00003592 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2016-04-09 20:18 - 2016-02-14 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2016-04-09 20:02 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\AppReadiness
2016-04-08 18:35 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-08 16:11 - 2016-02-10 22:09 - 00003820 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 17:14 - 2016-02-19 23:04 - 00000000 ____D C:\Users\jacka\.VirtualBox
2016-04-04 00:31 - 2016-02-28 23:22 - 00000000 ____D C:\Program Files (x86)\AzTools
2016-04-04 00:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\LiveKernelReports
2016-04-01 03:59 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-01 03:58 - 2016-02-08 01:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-30 17:12 - 2015-11-16 13:21 - 00264552 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00198096 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00084800 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00053384 _____ (ESET) C:\Windows\system32\Drivers\epfwlwf.sys
2016-03-29 22:37 - 2016-02-20 21:31 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-23 23:00 - 2016-02-08 01:09 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-23 23:00 - 2016-02-08 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-23 23:00 - 2016-02-08 01:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-23 00:54 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2016-03-21 22:38 - 2016-02-08 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-19 22:49 - 2016-02-28 23:10 - 00000000 ____D C:\ProgramData\TEMP
2016-03-14 17:41 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-13 21:28 - 2016-02-20 00:15 - 00000000 ____D C:\Users\jacka\AppData\Local\VMware
2016-03-13 21:25 - 2016-02-20 00:15 - 00000000 ____D C:\Users\jacka\AppData\Roaming\VMware
2016-03-13 16:53 - 2016-02-19 23:04 - 00001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk

Some files in TEMP:
====================
C:\Users\jacka\AppData\Local\Temp\BJ.exe
C:\Users\jacka\AppData\Local\Temp\dllnt_dump.dll
C:\Users\jacka\AppData\Local\Temp\ERUNT.exe
C:\Users\jacka\AppData\Local\Temp\rscp_setup.exe
C:\Users\jacka\AppData\Local\Temp\XZOUFFTFQ.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-03 14:19

==================== End of FRST.txt ============================

Addition.txt Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by jacka (2016-04-11 17:12:36)
Running from C:\Users\jacka\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-07 22:56:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3022446708-123597430-1770447347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3022446708-123597430-1770447347-503 - Limited - Disabled)
Guest (S-1-5-21-3022446708-123597430-1770447347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3022446708-123597430-1770447347-1005 - Limited - Enabled)
jacka (S-1-5-21-3022446708-123597430-1770447347-1001 - Administrator - Enabled) => C:\Users\jacka
james (S-1-5-21-3022446708-123597430-1770447347-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.375.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Gyazo 3.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
Icecream Screen Recorder version 3.30 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 3.30 - Icecream Apps)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6741.2021 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.1.0.0 - Reason Software Company Inc.)
RoboForm 7-9-18-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-18-5 - Siber Systems)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Vagrant (HKLM-x32\...\{DBD58741-B374-4518-B0F7-8F33D09E3164}) (Version: 1.8.1 - HashiCorp)
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
VoodooShield version 2.86 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 2.86 - VoodooSoft, LLC)
VT Hash Check 1.56 (HKLM-x32\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.56 - Boredom Software)
WebM Project Directshow Filters (HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
Workrave 1.10 (HKLM-x32\...\Workrave_is1) (Version: - Rob Caelers & Raymond Penners)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.140 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3022446708-123597430-1770447347-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jacka\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {188C31CE-D57C-4C9D-95AA-DC6BD073239A} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-08-13] (Reason Software Company Inc.)
Task: {24EB583A-463E-45CC-9266-85DA335356A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {42F14D69-5C1E-458C-AE44-BFFCB9520E0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {48B1B3F7-76D7-4A34-B4BC-6F853BE3097E} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {512F7D04-54CD-42A8-8EDB-2F1DB8263B3D} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {53AA35C5-0FE5-4B06-BB8D-C16B958FC882} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMMMHMNJMJNJNJJJCNMMKMMMJMCNLMJMNMLJCNNJMMNJMMCNOMMMMMOJOMLMGMJJHMPMPMNJJNJICMIMCNGMCNOMHMFMOMOMCNOMJMNMCNOMPMKMHMJMFMPMCNPMCNOMPMKMHMJMCNNMJNPICMOMFMEKMICNJJCKFMKMLMJNHICMEKMICNJJCKJNBJCMFLOJMJEJPNOLMJAJMJEJJNKJCMJNNICMJNDJ (the data entry has 59 more characters).
Task: {54766D73-F05E-482E-A31B-89DF184B436D} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-08-13] (Reason Software Company Inc.)
Task: {5678114F-D56A-4926-974B-C87CEC041CDF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {6036A827-1236-4DDD-8E76-77F52641114A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)
Task: {ADF5CD87-23B6-41C1-9E10-C19A9452B03C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {AF7674E0-E071-426D-9331-A9873C3880F6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-01] (Microsoft Corporation)
Task: {B88AA8F5-761C-4051-9FC4-1A74AF0EDDA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {C54E4625-CEDD-488E-8C6C-56D8F09A3138} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {C6F7F130-7349-45D0-9D37-A9C5274876C2} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {CACDFA3D-EDD6-405F-9F7C-67205FB16577} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-04-09] (Siber Systems)
Task: {D8197D27-4125-44C0-B06B-B77450BCDC6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-04-10 23:13 - 2014-09-06 14:26 - 00009216 _____ () C:\Windows\System32\cpn64.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-02-20 22:13 - 2014-08-06 02:01 - 01048576 _____ () C:\Program Files (x86)\Everything\Everything.exe
2016-02-08 01:30 - 2016-03-20 13:10 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-04-10 22:12 - 2016-04-10 22:12 - 00254904 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2016-03-02 20:59 - 2016-02-23 12:27 - 02654872 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-03-02 20:59 - 2016-02-23 12:27 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-03-16 18:25 - 2016-04-01 03:56 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-19 02:08 - 2015-12-19 02:08 - 00402344 _____ () C:\Windows\system32\igfxTray.exe
2016-02-08 00:54 - 2016-02-08 00:54 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-08 00:15 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 20:59 - 2016-02-23 09:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-08 00:16 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-08 00:15 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-08 00:16 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-08 00:16 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-10 22:12 - 2016-04-10 22:12 - 00570296 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98017090.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98017090.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2016-04-11 17:01 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Everything"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Workrave"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Gyazo"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FB61C183-5CFC-4ACD-ACAC-541EA43FD903}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49979E48-5D03-4FE5-B77C-4E37B1632EF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4B0C5841-A88B-4D3B-8A0C-5ECAF94B2DD1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{995CA16A-E833-443D-837C-50D4A9730B40}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{AD257DB5-462D-4D09-A0D1-1FE2B0C4CF2B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{15E9FEBA-D927-44A4-B4A4-F5339DB7BB06}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-04-2016 01:55:16 End of disinfection

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2016 04:59:02 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostw (8008) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

Error: (04/11/2016 04:59:02 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (8008) WebCacheLocal: An attempt to open the file "C:\Users\jacka\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/11/2016 04:59:02 PM) (Source: ESENT) (EventID: 490) (User: )
Description: CCleaner64 (5360) testing: An attempt to open the file "C:\Users\jacka\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/11/2016 01:55:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/11/2016 01:21:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-18TF7QT)
Description: Activation of app Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/11/2016 01:03:07 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/11/2016 12:54:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x4b4
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5

Error: (04/11/2016 12:53:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x1088
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5

Error: (04/10/2016 06:12:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/10/2016 05:57:44 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

System errors:
=============
Error: (04/11/2016 05:08:55 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/11/2016 05:08:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/11/2016 05:08:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/11/2016 05:08:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/11/2016 05:08:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/11/2016 05:08:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/11/2016 05:08:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/11/2016 05:08:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/11/2016 05:00:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WMPNetworkSvc service depends on the WSearch service which failed to start because of the following error:
%%1058

Error: (04/11/2016 05:00:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_96fce5 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2016-04-11 17:00:51.418
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 17:00:51.409
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 17:00:51.266
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 17:00:50.516
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 01:51:32.075
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 01:51:32.067
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 01:51:31.700
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 01:51:31.550
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 01:21:13.726
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 01:21:13.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G3258 @ 3.20GHz
Percentage of memory in use: 28%
Total physical RAM: 7885.05 MB
Available physical RAM: 5670.56 MB
Total Virtual: 8397.05 MB
Available Virtual: 6069.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.96 GB) (Free:833.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 000E47F3)

Partition: GPT.

==================== End of Addition.txt ============================

Thanks.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 olgun52

Malware Response Team
3,782 posts
OFFLINE

Gender:Male
Local time:12:40 AM

Posted 11 April 2016 - 03:40 PM

Hello auto1571 and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

Please open as administrator the computer. How is open as administrator the computer?
Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks

Please do the following.

Please Uninstall:

Gyazo
Reason Core Security
Sophos Virus Removal Tool
RoboForm

PC restart now.

========================================================

Step 1:

Scan with Zemana AntiMalware Free:

Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
Please download and install Zemana AntiMalware Free
Double-click software shortcut on the desktop and follow the prompts to install the program .
If an update is available, click the Update now button.
At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
Auto Launch > Untick the box next
Scan type > Smart scan (Default)
Close all open files, folders and browsers
Click scan now ''Run as Administrator'' and a threat Scan will begin.
When the scan is complete, Press report and send me report.
Please PC restart now.

Step 2:

Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search, then Clean.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 4:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

Double-click the downloaded setup file and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.

If the program is already installed:

Run Malwarebytes Antimalware
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply

Best regards

If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

#3 auto1571

Topic Starter

Members
295 posts
OFFLINE

Local time:10:40 PM

Posted 11 April 2016 - 05:05 PM

Hi, all of the reports are as follows:

Latest Zemana Report:

Zemana AntiMalware 2.20.2.140 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/4/11
Operating System       : Windows 10 64-bit
Processor              : 2X Intel® Pentium® CPU G3258 @ 3.20GHz
BIOS Mode              : UEFI
CUID                   : 00EB04FA6D30E5494F40B5
Scan Type              : Smart Scan
Duration               : 2m 0s
Scanned Objects        : 11631
Detected Objects       : 0
Excluded Objects       : 1
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects

AdwCleaner Report:

# AdwCleaner v5.110 - Logfile created 11/04/2016 at 22:38:12
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 10 Home (X64)
# Username : jacka - DESKTOP-18TF7QT
# Running from : C:\Users\jacka\Desktop\adwcleaner_5.110.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [694 bytes] - [11/04/2016 22:38:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [755 bytes] - [11/04/2016 22:36:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [838 bytes] ##########

JRT Report:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64
Ran by jacka (Administrator) on 11/04/2016 at 22:43:27.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Users\jacka\AppData\Local\crashrpt (Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/04/2016 at 22:46:22.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Latest MBAM Report:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/04/2016
Scan Time: 22:49
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.11.06
Rootkit Database: v2016.04.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 10
CPU: x64
File System: NTFS
User: jacka

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344408
Time Elapsed: 10 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

#4 olgun52

Malware Response Team
3,782 posts
OFFLINE

Gender:Male
Local time:12:40 AM

Posted 12 April 2016 - 02:15 PM

Hi there,

Step 1:
FRST Script:
Please download this attached Fixlist.txt 8.42KB 10 downloads and save it in the same directory as FRST

Close any open browsers or any other programs that are open
Start FRST with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

Step 2:

Please download ZHPcleaner to your desktop.

Double click on ZHPCleaner to run the tool.
If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
Please klick
Then press ''Repair'' button.
Browsers will automatically shut down.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.

Step 3:

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 3:
Please run Farbar Service Scanner.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

#5 auto1571

Topic Starter

Members
295 posts
OFFLINE

Local time:10:40 PM

Posted 12 April 2016 - 02:49 PM

Hi,

FIxLog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by jacka (2016-04-12 20:24:43) Run:1
Running from C:\Users\jacka\Desktop
Loaded Profiles: jacka & (Available Profiles: jacka)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\Reason\Security
Task: {188C31CE-D57C-4C9D-95AA-DC6BD073239A} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-08-13] (Reason Software Company Inc.)
Task: {48B1B3F7-76D7-4A34-B4BC-6F853BE3097E} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {512F7D04-54CD-42A8-8EDB-2F1DB8263B3D} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {53AA35C5-0FE5-4B06-BB8D-C16B958FC882} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMMMHMNJMJNJNJJJCNMMKMMMJMCNLMJMNMLJCNNJMMNJMMCNOMMMMMOJOMLMGMJJHMPMPMNJJNJICMIMCNGMCNOMHMFMOMOMCNOMJMNMCNOMPMKMHMJMFMPMCNPMCNOMPMKMHMJMCNNMJNPICMOMFMEKMICNJJCKFMKMLMJNHICMEKMICNJJCKJNBJCMFLOJMJEJPNOLMJAJMJEJJNKJCMJNNICMJNDJ (the data entry has 59 more characters).
Task: {54766D73-F05E-482E-A31B-89DF184B436D} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-08-13] (Reason Software Company Inc.)
Task: {CACDFA3D-EDD6-405F-9F7C-67205FB16577} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-04-09] (Siber Systems)
C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2016-04-10 22:12 - 2016-04-10 22:12 - 00570296 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
Reg: reg delete HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run /v Gyazo /f
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-02-17] (Nota Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-09] (Siber Systems Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-09] (Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-09] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-09] (Siber Systems Inc.)
FF ProfilePath: C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default
FF Homepage: hxxp://start.roboform.com/
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-20] (Google Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-04-09]
FF HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
CHR DefaultSearchURL: Default -> hxxp://tinychat.com/themanhole
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-02-14]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-02-14]
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] <==== ATTENTION
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] ()
C:\Program Files (x86)\Everything\Everything.exe
2016-04-11 00:54 - 2016-04-11 00:54 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\jacka\Desktop\FixExec.exe
2016-04-11 00:54 - 2016-04-11 00:54 - 00001238 _____ C:\Users\jacka\Desktop\FixExec.txt
S3 MFE_RR; C:\Users\jacka\AppData\Local\Temp\mfe_rr.sys [24120 2016-04-11] (McAfee, Inc.)
2016-04-11 00:54 - 2016-04-11 00:54 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\jacka\Desktop\FixExec.exe
2016-04-11 00:54 - 2016-04-11 00:54 - 00001238 _____ C:\Users\jacka\Desktop\FixExec.txt
2016-04-11 00:53 - 2016-04-11 16:57 - 00000000 ____D C:\Users\jacka\AppData\Local\CrashDumps
2016-04-11 00:53 - 2016-04-11 00:53 - 00231390 _____ C:\Users\jacka\Desktop\RootkitRevealer.zip
2016-04-11 00:53 - 2016-04-11 00:53 - 00000000 ____D C:\Users\jacka\Desktop\RootkitRevealer
2016-04-11 00:52 - 2016-04-11 00:52 - 08656400 _____ (Trend Micro Inc.) C:\Users\jacka\Desktop\RootkitBuster_v5_1061.exe
2016-04-11 00:19 - 2016-04-11 00:19 - 00000000 ____D C:\ProgramData\Sophos
2016-04-11 00:17 - 2016-04-11 00:17 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-04-11 00:17 - 2016-04-11 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-04-11 00:17 - 2016-04-11 00:17 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-04-11 00:16 - 2016-04-11 00:16 - 147114072 _____ (Sophos Limited) C:\Users\jacka\Desktop\Sophos Virus Removal Tool.exe
2016-04-11 00:12 - 2016-04-11 00:13 - 00784152 _____ (McAfee, Inc.) C:\Users\jacka\Desktop\rootkitremover.exe
2016-04-10 22:12 - 2016-04-10 22:12 - 00003638 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2016-04-10 22:12 - 2016-04-10 22:12 - 00003502 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2016-04-10 22:12 - 2016-04-10 22:12 - 00000000 ____D C:\ProgramData\Reason
2016-04-10 22:11 - 2016-04-10 22:11 - 04257344 _____ (Reason Software Company Inc.) C:\Users\jacka\Desktop\reason-core-security-setup.exe
2016-04-10 22:11 - 2016-04-10 22:11 - 00000956 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2016-04-10 22:11 - 2016-04-10 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2016-04-10 22:11 - 2016-04-10 22:11 - 00000000 ____D C:\Program Files\Reason
2016-04-07 18:52 - 2016-04-08 23:21 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Wireshark
2016-03-30 00:30 - 2016-04-10 18:11 - 00035840 ___SH C:\Users\jacka\Downloads\Thumbs.db
2016-03-15 00:22 - 2016-03-15 00:22 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Gyazo
2016-03-15 00:18 - 2016-03-15 18:53 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-03-15 00:18 - 2016-03-15 00:18 - 09180744 _____ (Nota Inc. ) C:\Users\jacka\Downloads\Gyazo-3.2.1.exe
2016-03-15 00:18 - 2016-03-15 00:18 - 00003544 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-03-15 00:18 - 2016-03-15 00:18 - 00003408 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2016-03-15 00:18 - 2016-03-15 00:18 - 00001051 _____ C:\Users\Public\Desktop\Gyazo.lnk
2016-03-15 00:18 - 2016-03-15 00:18 - 00001051 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
2016-03-15 00:18 - 2016-03-15 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2016-04-10 19:52 - 2016-02-20 22:13 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Everything
2016-04-09 20:18 - 2016-02-14 22:48 - 00004230 _____ C:\Windows\System32\Tasks\Open URL by RoboForm
2016-04-09 20:18 - 2016-02-14 22:48 - 00003592 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2016-04-09 20:18 - 2016-02-14 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
C:\Users\jacka\AppData\Local\Temp\BJ.exe
C:\Users\jacka\AppData\Local\Temp\dllnt_dump.dll
C:\Users\jacka\AppData\Local\Temp\ERUNT.exe
C:\Users\jacka\AppData\Local\Temp\rscp_setup.exe
C:\Users\jacka\AppData\Local\Temp\XZOUFFTFQ.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
EmptyTemp:
end
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Program Files\Reason\Security" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{188C31CE-D57C-4C9D-95AA-DC6BD073239A} => key not found.
C:\Windows\System32\Tasks\ReasonSecurityStart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReasonSecurityStart => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48B1B3F7-76D7-4A34-B4BC-6F853BE3097E} => key not found.
C:\Windows\System32\Tasks\GyazoUpdateTaskMachine => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachine => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{512F7D04-54CD-42A8-8EDB-2F1DB8263B3D} => key not found.
C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachineDaily => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53AA35C5-0FE5-4B06-BB8D-C16B958FC882} => key not found.
C:\Windows\System32\Tasks\Open URL by RoboForm => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54766D73-F05E-482E-A31B-89DF184B436D} => key not found.
C:\Windows\System32\Tasks\ReasonSecurityScheduledScan => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReasonSecurityScheduledScan => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CACDFA3D-EDD6-405F-9F7C-67205FB16577}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CACDFA3D-EDD6-405F-9F7C-67205FB16577}" => key removed successfully
C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run RoboForm TaskBar Icon" => key removed successfully
"C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe" => not found.
"C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe" => not found.

========= reg delete HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run /v Gyazo /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

C:\Program Files\Reason\Security\rsEngineSvc.exe => No running process found
C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe => No running process found
C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe => No running process found
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe => No running process found
C:\Program Files\Reason\Security\rsUI.exe => No running process found
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Gyazo => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a} => key not found.
"HKCR\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a} => key not found.
HKCR\Wow6432Node\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{724d43a0-0d85-11d4-9908-00400523e39a} => value not found.
"HKCR\CLSID\{724d43a0-0d85-11d4-9908-00400523e39a}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{724d43a0-0d85-11d4-9908-00400523e39a} => value not found.
HKCR\Wow6432Node\CLSID\{724d43a0-0d85-11d4-9908-00400523e39a} => key not found.
FF ProfilePath: C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default => FRST is scripted not to move this directory.
Firefox "homepage" removed successfully
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully
c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully
c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115} => value not found.
C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi => not found.
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Software\Mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115} => value not found.
Chrome DefaultSearchURL => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob => key not found.
"C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob => key not found.
"C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx" => not found.
Everything => service removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Everything => value removed successfully
C:\Program Files (x86)\Everything\Everything.exe => moved successfully
C:\Users\jacka\Desktop\FixExec.exe => moved successfully
C:\Users\jacka\Desktop\FixExec.txt => moved successfully
MFE_RR => service removed successfully
"C:\Users\jacka\Desktop\FixExec.exe" => not found.
"C:\Users\jacka\Desktop\FixExec.txt" => not found.
C:\Users\jacka\AppData\Local\CrashDumps => moved successfully
C:\Users\jacka\Desktop\RootkitRevealer.zip => moved successfully
C:\Users\jacka\Desktop\RootkitRevealer => moved successfully
C:\Users\jacka\Desktop\RootkitBuster_v5_1061.exe => moved successfully
C:\ProgramData\Sophos => moved successfully
"C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos" => not found.
"C:\Program Files (x86)\Sophos" => not found.
C:\Users\jacka\Desktop\Sophos Virus Removal Tool.exe => moved successfully
C:\Users\jacka\Desktop\rootkitremover.exe => moved successfully
"C:\Windows\System32\Tasks\ReasonSecurityScheduledScan" => not found.
"C:\Windows\System32\Tasks\ReasonSecurityStart" => not found.
C:\ProgramData\Reason => moved successfully
C:\Users\jacka\Desktop\reason-core-security-setup.exe => moved successfully
"C:\Users\Public\Desktop\Reason Core Security.lnk" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security" => not found.
C:\Program Files\Reason => moved successfully
C:\Users\jacka\AppData\Roaming\Wireshark => moved successfully
C:\Users\jacka\Downloads\Thumbs.db => moved successfully
C:\Users\jacka\AppData\Roaming\Gyazo => moved successfully
"C:\Program Files (x86)\Gyazo" => not found.
C:\Users\jacka\Downloads\Gyazo-3.2.1.exe => moved successfully
"C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily" => not found.
"C:\Windows\System32\Tasks\GyazoUpdateTaskMachine" => not found.
"C:\Users\Public\Desktop\Gyazo.lnk" => not found.
"C:\Users\Public\Desktop\Gyazo GIF.lnk" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo" => not found.
C:\Users\jacka\AppData\Roaming\Everything => moved successfully
"C:\Windows\System32\Tasks\Open URL by RoboForm" => not found.
"C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm" => not found.
C:\Users\jacka\AppData\Local\Temp\BJ.exe => moved successfully
C:\Users\jacka\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\jacka\AppData\Local\Temp\ERUNT.exe => moved successfully
C:\Users\jacka\AppData\Local\Temp\rscp_setup.exe => moved successfully
C:\Users\jacka\AppData\Local\Temp\XZOUFFTFQ.exe => moved successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 284.4 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 20:25:13 ====

ZHPCleaner:

~ ZHPCleaner v2016.4.11.54 by Nicolas Coolman (2016/04/11)
~ Run by jacka (Administrator) (12/04/2016 20:36:38)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\jacka\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\jacka\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 10586)

---\\ Services (0)
~ No malicious or unnecessary items found.

---\\ Browser internet (0)
~ No malicious or unnecessary items found.

---\\ Hosts file (1)
~ The hosts file is legitimate (1)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (1)
MOVED folder: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashRpt =>.Superfluous.CrashReports

---\\ Registry ( Key, Value, Data) (6)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [SavePass] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\018799DF1AC7042478821A4867183DBF [C:\HashiCorp\Vagrant\embedded\lib\perl5\5.8\ExtUtils\MM_Msys.pm] =>PUP.Optional.Manager
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\037B488853AF0AB4A8AC2C6F971DA76C [C:\HashiCorp\Vagrant\embedded\mingw\i686-w64-mingw32\include\sec_api\stdlib_s.h] =>PUP.Optional.LinkiDoo
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07DFECBED8B458145898DD58E8E22B94 [C:\HashiCorp\Vagrant\embedded\lib\perl5\5.8\ExtUtils\MM_UWIN.pm] =>PUP.Optional.Manager
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\098DFDEC5E55CF84782476F63DB8CA39 [C:\HashiCorp\Vagrant\embedded\lib\perl5\5.8\ExtUtils\Command\MM.pm] =>PUP.Optional.Manager
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1267B8DF2954F4A49AEADA36A70D6D4C [C:\HashiCorp\Vagrant\embedded\lib\perl5\5.8\ExtUtils\testlib.pm] =>PUP.Optional.Manager

---\\ Summary of the elements found (4)
http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.CrashReports
http://www.nicolascoolman.fr/?p=180 =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/?p=354 =>PUP.Optional.Manager
http://www.nicolascoolman.fr/?p=62 =>PUP.Optional.LinkiDoo

---\\ Other deletions. (14)
~ Registry Keys Tracing deleted (14)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 2829
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 7

~ End of clean in 00h00mn19s
===================
ZHPCleaner-[R]-12042016-20_36_57.txt
ZHPCleaner-[S]-12042016-20_35_46.txt

MBT.txt:

MiniToolBox by Farbar Version: 07-02-2016 01
Ran by jacka (administrator) on 12-04-2016 at 20:41:10
Running from "C:\Users\jacka\Desktop"
Microsoft Windows 10 Home (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Intel® Ethernet Connection (2) I218-V = Ethernet (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset

popd
# End of IPv4 configuration

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-18TF7QT
   Primary Dns Suffix . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Intel® Ethernet Connection (2) I218-V
   Physical Address. . . . . . . . . : D0-50-99-43-26-97
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6d60:bab3:ff5b:4115%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 12 April 2016 20:28:32
   Lease Expires . . . . . . . . . . : 13 April 2016 20:28:54
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 63983769
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-49-82-5E-D0-50-99-43-26-97
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 0A-00-27-00-00-05
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::edeb:467b:e5b8:9012%5(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.144.18(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 168427559
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-49-82-5E-D0-50-99-43-26-97
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cdfb:66cc:67e0:35b0%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.192.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 12 April 2016 20:28:54
   Lease Expires . . . . . . . . . . : 12 April 2016 20:58:54
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.192.254
   DHCPv6 IAID . . . . . . . . . . . : 302010454
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-49-82-5E-D0-50-99-43-26-97
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::51be:c94c:358f:2b09%17(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.27.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 12 April 2016 20:28:54
   Lease Expires . . . . . . . . . . : 12 April 2016 20:58:55
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.27.254
   DHCPv6 IAID . . . . . . . . . . . : 335564886
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-49-82-5E-D0-50-99-43-26-97
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   Primary WINS Server . . . . . . . : 192.168.27.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{ADC80BC8-B9DE-4013-9031-B4C50DDBE5B2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:183f:3e4:3f57:fffd(Preferred)
   Link-local IPv6 Address . . . . . : fe80::183f:3e4:3f57:fffd%10(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 100663296
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-49-82-5E-D0-50-99-43-26-97
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{1B84C67F-E4A0-4E6C-976A-CABA8F8E2DEB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{AD1349CB-BEDF-416F-AA1D-2911E8C8F575}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{115B1AD4-96A7-4716-9BCA-A8ED9726C743}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server: routerlogin.net
Address: 192.168.0.1

Name:    google.com
Addresses: 2a00:1450:4009:80f::200e
      216.58.213.78

Pinging google.com [216.58.213.78] with 32 bytes of data:
Reply from 216.58.213.78: bytes=32 time=12ms TTL=54
Reply from 216.58.213.78: bytes=32 time=16ms TTL=54

Ping statistics for 216.58.213.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 16ms, Average = 14ms
Server: routerlogin.net
Address: 192.168.0.1

Name:    yahoo.com
Addresses: 2001:4998:44:204::a7
      2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      98.138.253.109
      98.139.183.24
      206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=164ms TTL=47
Reply from 206.190.36.45: bytes=32 time=165ms TTL=47

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 164ms, Maximum = 165ms, Average = 164ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...d0 50 99 43 26 97 ......Intel® Ethernet Connection (2) I218-V
5...0a 00 27 00 00 05 ......VirtualBox Host-Only Ethernet Adapter
3...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
17...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1 255.255.255.255         On-link         127.0.0.1    306
127.255.255.255 255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    169.254.144.18    266
   169.254.144.18 255.255.255.255         On-link    169.254.144.18    266
169.254.255.255 255.255.255.255         On-link    169.254.144.18    266
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    266
      192.168.0.2 255.255.255.255         On-link       192.168.0.2    266
    192.168.0.255 255.255.255.255         On-link       192.168.0.2    266
     192.168.27.0    255.255.255.0         On-link      192.168.27.1    276
     192.168.27.1 255.255.255.255         On-link      192.168.27.1    276
   192.168.27.255 255.255.255.255         On-link      192.168.27.1    276
    192.168.192.0    255.255.255.0         On-link     192.168.192.1    276
    192.168.192.1 255.255.255.255         On-link     192.168.192.1    276
192.168.192.255 255.255.255.255         On-link     192.168.192.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.192.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.27.1    276
        224.0.0.0        240.0.0.0         On-link    169.254.144.18    266
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    266
255.255.255.255 255.255.255.255         On-link         127.0.0.1    306
255.255.255.255 255.255.255.255         On-link     192.168.192.1    276
255.255.255.255 255.255.255.255         On-link      192.168.27.1    276
255.255.255.255 255.255.255.255         On-link    169.254.144.18    266
255.255.255.255 255.255.255.255         On-link       192.168.0.2    266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
10    306 ::/0                     On-link
1    306 ::1/128                  On-link
10    306 2001::/32                On-link
10    306 2001:0:9d38:6ab8:183f:3e4:3f57:fffd/128
                                    On-link
3    276 fe80::/64                On-link
17    276 fe80::/64                On-link
5    266 fe80::/64                On-link
16    266 fe80::/64                On-link
10    306 fe80::/64                On-link
10    306 fe80::183f:3e4:3f57:fffd/128
                                    On-link
17    276 fe80::51be:c94c:358f:2b09/128
                                    On-link
16    266 fe80::6d60:bab3:ff5b:4115/128
                                    On-link
3    276 fe80::cdfb:66cc:67e0:35b0/128
                                    On-link
5    266 fe80::edeb:467b:e5b8:9012/128
                                    On-link
1    306 ff00::/8                 On-link
3    276 ff00::/8                 On-link
17    276 ff00::/8                 On-link
5    266 ff00::/8                 On-link
16    266 ff00::/8                 On-link
10    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\napinsp.dll [55808] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"

Catalog5 02 C:\Windows\system32\pnrpnsp.dll [70656] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

Catalog5 03 C:\Windows\system32\pnrpnsp.dll [70656] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

Catalog5 04 C:\Windows\system32\NLAapi.dll [65024] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 05 C:\Windows\System32\mswsock.dll [312160] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [23552] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/12/2016 08:24:47 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/12/2016 08:24:44 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ef874aae-ed11-40d3-a8bf-b0b599ab7f96}

Error: (04/12/2016 05:32:23 PM) (Source: Office 2016 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/11/2016 04:59:02 PM) (Source: ESENT) (User: )
Description: taskhostw (8008) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

Error: (04/11/2016 04:59:02 PM) (Source: ESENT) (User: )
Description: taskhostw (8008) WebCacheLocal: An attempt to open the file "C:\Users\jacka\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/11/2016 04:59:02 PM) (Source: ESENT) (User: )
Description: CCleaner64 (5360) testing: An attempt to open the file "C:\Users\jacka\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/11/2016 01:55:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/11/2016 01:21:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-18TF7QT)
Description: Activation of app Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/11/2016 01:03:07 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/11/2016 12:54:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x4b4
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5

System errors:
=============
Error: (04/12/2016 08:29:43 PM) (Source: DCOM) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/12/2016 08:29:13 PM) (Source: DCOM) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/12/2016 08:29:12 PM) (Source: DCOM) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/12/2016 08:29:12 PM) (Source: DCOM) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/12/2016 08:29:12 PM) (Source: DCOM) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/12/2016 08:29:12 PM) (Source: DCOM) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/12/2016 08:29:10 PM) (Source: DCOM) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/12/2016 08:29:10 PM) (Source: DCOM) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/12/2016 08:29:10 PM) (Source: DCOM) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/12/2016 08:28:34 PM) (Source: Service Control Manager) (User: )
Description: The WMPNetworkSvc service depends on the WSearch service which failed to start because of the following error:
%%1058

Microsoft Office Sessions:
=========================
Error: (04/12/2016 08:24:47 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (04/12/2016 08:24:44 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ef874aae-ed11-40d3-a8bf-b0b599ab7f96}

Error: (04/12/2016 05:32:23 PM) (Source: Office 2016 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/11/2016 04:59:02 PM) (Source: ESENT)(User: )
Description: taskhostw8008WebCacheLocal: -1032

Error: (04/11/2016 04:59:02 PM) (Source: ESENT)(User: )
Description: taskhostw8008WebCacheLocal: C:\Users\jacka\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (04/11/2016 04:59:02 PM) (Source: ESENT)(User: )
Description: CCleaner645360testing: C:\Users\jacka\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (04/11/2016 01:55:20 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (04/11/2016 01:21:42 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-18TF7QT)
Description: Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca-2144927149

Error: (04/11/2016 01:03:07 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/11/2016 12:54:07 AM) (Source: Application Error)(User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd4b401d1938444c6318eC:\Users\jacka\Desktop\RootkitRevealer\RootkitRevealer.exeC:\Users\jacka\Desktop\RootkitRevealer\RootkitRevealer.exec73adbf6-8fe4-44c1-987b-03dbbf34b558

CodeIntegrity Errors:
===================================
Date: 2016-04-12 20:28:29.458
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-12 20:28:29.451
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-12 20:28:28.924
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-12 20:28:28.915
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 22:38:49.225
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 22:38:49.216
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 22:38:48.581
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 22:38:48.573
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 22:32:49.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-11 22:32:49.777
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

=========================== Installed Programs ============================

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
Icecream Screen Recorder version 3.30 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 3.30 - Icecream Apps)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6741.2021 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Vagrant (HKLM-x32\...\{DBD58741-B374-4518-B0F7-8F33D09E3164}) (Version: 1.8.1 - HashiCorp)
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
VoodooShield version 2.86 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 2.86 - VoodooSoft, LLC)
VT Hash Check 1.56 (HKLM-x32\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.56 - Boredom Software)
WebM Project Directshow Filters (HKCU\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, https://www.wireshark.org)
Workrave 1.10 (HKLM-x32\...\Workrave_is1) (Version: - Rob Caelers & Raymond Penners)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.140 - Zemana Ltd.)

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 7885.05 MB
Available physical RAM: 5951.21 MB
Total Virtual: 8397.05 MB
Available Virtual: 6557.5 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:930.96 GB) (Free:831.49 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-18TF7QT

Administrator            DefaultAccount           Guest
jacka                    james

**** End of log ****

FSS.txt:

Farbar Service Scanner Version: 27-01-2016
Ran by jacka (administrator) on 12-04-2016 at 20:42:59
Running from "C:\Users\jacka\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

#6 olgun52

Malware Response Team
3,782 posts
OFFLINE

Gender:Male
Local time:12:40 AM

Posted 12 April 2016 - 07:01 PM

Thanks for the Logs.

Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

Download hosts.zip and save it to your desktop
Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
In the hosts folder on your desktop, double click on mvps.bat file to run the program
A prompt will appear, press any key to continue

A good source of information about safe computing is this topic by quietman7.

======================================================================================

Update Adobe Flash Player

Please update your Adobe Flash Player to the latest version

Open İnternet Explorer Browser
Download Adobe Flash Player here and save it to your desktop.
Do not accept the Optional offers
Uncheck "Yes, install McAfee Security Scan Plus + True Key™ by Intel Security- optional"
Close any open browsers
Double click on the icon to launch the installation
If you are presented with a warning popup select "Run"
Once the installation is complete click "Finish"

İmportant Note: Please read. Only this is for the detailed information
Adobe releases the Flash Player 21.0.0.213 emergency update to resolve Critical Vulnerabilities

http://www.bleepingcomputer.com/news/security/adobe-releases-the-flash-player-21-0-0-213-emergency-update-to-resolve-critical-vulnerabilities/

====================================================================================

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

=========================================================================

How is the machine running now and any issues ? Please let me know.

Edited by olgun52, 16 April 2016 - 03:15 PM.

#7 auto1571

Topic Starter

Members
295 posts
OFFLINE

Local time:10:40 PM

Posted 13 April 2016 - 05:33 PM

How is the machine running now and any issues ? Please let me know.

Hi, the ESET scan found no threats but I was not able to find a report. My PC is working okay now. The only issue right now is that Silverlight is not working on Firefox but I doubt that's malware related. I ended up installing Adobe flash player through Firefox as IE stated that it was already integrated with Windows 10.

Also I do have a few questions though if that's okay.

First what was the need for the removal of the installed programs?

Second did you spot any backdoor and/or ZeroAccess infections? It was seeing Catalog5 01 C:\Windows\system32\napinsp.dll [55808] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll" that made me concerned about ZeroAccess.

Third is it possible that malware can hide detection even from diagnostic tools such as FRST?

Finally how do I disable port 139 as I have recently discovered that's a vulnerable port?

Thanks.

#8 olgun52

Malware Response Team
3,782 posts
OFFLINE

Gender:Male
Local time:12:40 AM

Posted 14 April 2016 - 04:57 PM

Hi there,

Hi, the ESET scan found no threats but I was not able to find a report. My PC is working okay now.

A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

The only issue right now is that Silverlight is not working on Firefox

This my can be related with FRST Fixlist -Please try a repair ( c:\Program Files (x86)\Microsoft Silverligh)

First what was the need for the removal of the installed programs?

Reason Core Security+Sophos Virus Removal Tool. There is no need for this software in the system. Very security software is always a problem. We have remove for this. And others, due to the risk

Second did you spot any backdoor and/or ZeroAccess infections?

It was seeing Catalog5 01 C:\Windows\system32\napinsp.dll [55808] (Microsoft Corporation)

ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll" that made me concerned about ZeroAccess.

We continue the process yet. You must be patient.
Please post me Eset Logfile

Third is it possible that malware can hide detection even from diagnostic tools such as FRST?

No,No, İt isn't possible

Finally how do I disable port 139 as I have recently discovered that's a vulnerable port?

Then I try to write

#9 auto1571

Topic Starter

Members
295 posts
OFFLINE

Local time:10:40 PM

Posted 14 April 2016 - 06:50 PM

Hi, all I see on the ESET online scan is to click finish. I don't see any export icon to click on.

#10 olgun52

Malware Response Team
3,782 posts
OFFLINE

Gender:Male
Local time:12:40 AM

Posted 14 April 2016 - 09:02 PM

Okay

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
CreateRestorePoint:
CloseProcesses:
Winsock:Catalog5 01 C:\Windows\system32\napinsp.dll [55808] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock:Catalog5 02 C:\Windows\system32\pnrpnsp.dll [70656] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock:Catalog5 03 C:\Windows\system32\pnrpnsp.dll [70656] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock:Catalog5 04 C:\Windows\system32\NLAapi.dll [65024] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock:Catalog5 05 C:\Windows\System32\mswsock.dll [312160] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock:Catalog5 06 C:\Windows\System32\winrnr.dll [23552] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] <==== ATTENTION
EmptyTemp:
end
Reboot:

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

===============================================================================
PC restart and my for check, please post new FRST Logs.

#11 auto1571

Topic Starter

Members
295 posts
OFFLINE

Local time:10:40 PM

Posted 15 April 2016 - 10:25 AM

Hello again, here are the logs:

Fixlist.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by jacka (2016-04-15 16:17:37) Run:2
Running from C:\Users\jacka\Desktop
Loaded Profiles: jacka (Available Profiles: jacka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Winsock:Catalog5 01 C:\Windows\system32\napinsp.dll [55808] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock:Catalog5 02 C:\Windows\system32\pnrpnsp.dll [70656] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock:Catalog5 03 C:\Windows\system32\pnrpnsp.dll [70656] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock:Catalog5 04 C:\Windows\system32\NLAapi.dll [65024] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock:Catalog5 05 C:\Windows\System32\mswsock.dll [312160] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock:Catalog5 06 C:\Windows\System32\winrnr.dll [23552] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] <==== ATTENTION
EmptyTemp:
end
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
Winsock:Catalog5 01 C:\Windows\system32\napinsp.dll [55808] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll" => Error: No automatic fix found for this entry.
Winsock:Catalog5 02 C:\Windows\system32\pnrpnsp.dll [70656] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll" => Error: No automatic fix found for this entry.
Winsock:Catalog5 03 C:\Windows\system32\pnrpnsp.dll [70656] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll" => Error: No automatic fix found for this entry.
Winsock:Catalog5 04 C:\Windows\system32\NLAapi.dll [65024] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" => Error: No automatic fix found for this entry.
Winsock:Catalog5 05 C:\Windows\System32\mswsock.dll [312160] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" => Error: No automatic fix found for this entry.
Winsock:Catalog5 06 C:\Windows\System32\winrnr.dll [23552] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll" => Error: No automatic fix found for this entry.
Everything => service not found.
EmptyTemp: => 2.3 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 16:18:30 ====

New FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by jacka (administrator) on DESKTOP-18TF7QT (15-04-2016 16:20:48)
Running from C:\Users\jacka\Desktop
Loaded Profiles: jacka (Available Profiles: jacka)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(VoodooSoft, LLC) C:\Program Files\VoodooShield\VoodooShieldService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(VoodooSoft, LLC) C:\Program Files\VoodooShield\VoodooShield.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [1834944 2015-12-02] (VoodooSoft, LLC)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [Workrave] => C:\Program Files (x86)\Workrave\lib\workrave.exe [4480000 2013-01-13] (The Workrave development team)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKLM\...\AppCertDlls: [cpn32] -> C:\Windows\SysWOW64\cpn32.dll [7168 2014-09-06] ()
HKLM\...\AppCertDlls: [cpn64] -> C:\Windows\System32\cpn64.dll [9216 2014-09-06] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-04-15]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-02-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ad1349cb-bedf-416f-aa1d-2911e8c8f575}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-01] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Malware Search - C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2016-02-19]
FF Extension: uBlock Origin - C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default\Extensions\uBlock0@raymondhill.net.xpi [2016-04-06]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://duckduckgo.com/"
CHR Profile: C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-20]
CHR Extension: (Google Docs) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-20]
CHR Extension: (Google Drive) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20]
CHR Extension: (YouTube) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20]
CHR Extension: (Google Search) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (AdBlock) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-23]
CHR Extension: (Skype) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2823920 2016-03-20] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-03-30] (ESET)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-04-10] (SurfRight B.V.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [79384 2015-12-02] (VoodooSoft, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-03-30] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [199680 2015-11-16] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [142976 2015-11-16] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [198096 2016-03-30] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53384 2016-03-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-03-30] (ESET)
R1 epp; C:\EEK\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-10] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [247464 2016-04-10] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [247464 2016-04-10] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-15 16:20 - 2016-04-15 16:21 - 00016190 _____ C:\Users\jacka\Desktop\FRST.txt
2016-04-15 16:17 - 2016-04-15 16:18 - 00002925 _____ C:\Users\jacka\Desktop\Fixlog.txt
2016-04-15 16:17 - 2016-04-15 16:17 - 02375168 _____ (Farbar) C:\Users\jacka\Desktop\FRST64.exe
2016-04-15 02:02 - 2016-04-15 02:02 - 00001168 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-04-15 02:02 - 2016-04-15 02:02 - 00001128 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-04-15 02:02 - 2016-04-15 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-04-15 02:02 - 2016-04-15 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-04-15 02:02 - 2016-04-15 02:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-15 02:02 - 2016-04-15 02:02 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-04-15 02:00 - 2016-04-15 02:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-04-15 01:59 - 2016-04-15 01:59 - 02622792 _____ (Kaspersky Lab) C:\Users\jacka\Desktop\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-04-15 01:58 - 2016-04-15 01:58 - 00594793 _____ C:\Users\jacka\AppData\Local\census.cache
2016-04-15 01:58 - 2016-04-15 01:58 - 00200785 _____ C:\Users\jacka\AppData\Local\ars.cache
2016-04-15 01:54 - 2016-04-15 01:54 - 00000010 _____ C:\Users\jacka\AppData\Local\sponge.last.runtime.cache
2016-04-15 01:50 - 2016-04-15 01:50 - 00000000 ____D C:\ProgramData\Trend Micro
2016-04-15 01:48 - 2016-04-15 01:48 - 00000036 _____ C:\Users\jacka\AppData\Local\housecall.guid.cache
2016-04-15 01:48 - 2015-05-29 08:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-04-15 01:47 - 2016-04-15 01:48 - 02526736 _____ (Trend Micro Inc.) C:\Users\jacka\Desktop\HousecallLauncher64.exe
2016-04-13 21:09 - 2016-04-13 21:09 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-13 21:04 - 2016-04-15 00:54 - 02870984 _____ (ESET) C:\Users\jacka\Desktop\esetsmartinstaller_enu.exe
2016-04-13 20:58 - 2016-04-13 20:58 - 00133979 _____ C:\Users\jacka\Desktop\hosts.zip
2016-04-12 20:50 - 2016-04-02 04:14 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-04-12 20:50 - 2016-03-29 11:20 - 07474016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-12 20:50 - 2016-03-29 11:20 - 02656952 _____ C:\Windows\system32\CoreUIComponents.dll
2016-04-12 20:50 - 2016-03-29 11:18 - 02152280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-04-12 20:50 - 2016-03-29 10:37 - 01862008 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-04-12 20:50 - 2016-03-29 09:41 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-04-12 20:50 - 2016-03-29 09:06 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-04-12 20:50 - 2016-03-29 09:02 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-04-12 20:50 - 2016-03-29 09:01 - 00541304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-04-12 20:50 - 2016-03-29 08:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-04-12 20:50 - 2016-03-29 08:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-12 20:50 - 2016-03-29 08:46 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-04-12 20:50 - 2016-03-29 08:36 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-04-12 20:50 - 2016-03-29 08:19 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-04-12 20:50 - 2016-03-29 08:15 - 01714688 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-04-12 20:50 - 2016-03-29 08:15 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-12 20:50 - 2016-03-29 08:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-04-12 20:50 - 2016-03-29 08:12 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-04-12 20:50 - 2016-03-29 08:12 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-12 20:50 - 2016-03-29 08:07 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-04-12 20:50 - 2016-03-29 08:02 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-04-12 20:50 - 2016-03-29 08:02 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-04-12 20:50 - 2016-03-29 08:00 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-04-12 20:50 - 2016-03-29 07:42 - 03592704 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-04-12 20:50 - 2016-03-29 07:37 - 01444352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-04-12 20:50 - 2016-03-29 07:37 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-04-12 20:50 - 2016-03-29 07:37 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-12 20:50 - 2016-03-29 07:32 - 01731584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-12 20:50 - 2016-03-29 07:31 - 02275328 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-12 20:50 - 2016-03-29 07:28 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-04-12 20:50 - 2016-03-29 07:27 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-04-12 20:50 - 2016-03-29 07:26 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-12 20:50 - 2016-03-29 07:05 - 01500672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-12 20:50 - 2016-03-29 07:05 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-12 20:50 - 2016-03-29 07:02 - 02229760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-12 20:50 - 2016-03-29 07:01 - 13018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 20:50 - 2016-03-29 06:56 - 16985600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-04-12 20:50 - 2016-03-29 06:52 - 11545600 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-04-12 20:50 - 2016-03-29 06:51 - 22378496 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-04-12 20:50 - 2016-03-29 06:51 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-04-12 20:50 - 2016-03-29 06:41 - 24602112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-12 20:50 - 2016-03-29 06:41 - 12125184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-12 20:50 - 2016-03-29 06:39 - 13382656 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-12 20:50 - 2016-03-29 06:38 - 18673664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-04-12 20:50 - 2016-03-29 06:37 - 19340800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-12 20:50 - 2016-03-29 06:27 - 07836160 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-04-12 20:50 - 2016-03-29 06:27 - 05662208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-04-12 20:49 - 2016-04-02 05:13 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-04-12 20:49 - 2016-04-02 05:10 - 00770640 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2016-04-12 20:49 - 2016-04-02 05:10 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 20:49 - 2016-04-02 05:10 - 00374008 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-04-12 20:49 - 2016-04-02 04:30 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-04-12 20:49 - 2016-04-02 04:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-04-12 20:49 - 2016-04-02 04:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 20:49 - 2016-04-02 04:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-04-12 20:49 - 2016-04-02 04:25 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll
2016-04-12 20:49 - 2016-04-02 04:25 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NotificationObjFactory.dll
2016-04-12 20:49 - 2016-04-02 04:23 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-04-12 20:49 - 2016-04-02 04:23 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-04-12 20:49 - 2016-04-02 04:21 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-04-12 20:49 - 2016-04-02 04:19 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-04-12 20:49 - 2016-04-02 04:18 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-04-12 20:49 - 2016-04-02 04:15 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-04-12 20:49 - 2016-04-02 04:09 - 01832448 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-04-12 20:49 - 2016-04-02 04:08 - 02193408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-04-12 20:49 - 2016-04-02 04:07 - 03575296 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 20:49 - 2016-04-02 04:07 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-04-12 20:49 - 2016-04-02 04:03 - 04774912 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-04-12 20:49 - 2016-04-02 04:00 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-04-12 20:49 - 2016-03-29 11:23 - 00277856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-04-12 20:49 - 2016-03-29 11:22 - 01030416 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-12 20:49 - 2016-03-29 11:22 - 00874968 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-04-12 20:49 - 2016-03-29 11:20 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-12 20:49 - 2016-03-29 11:20 - 01141504 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-04-12 20:49 - 2016-03-29 11:15 - 00100232 _____ (Microsoft Corporation) C:\Windows\system32\omadmapi.dll
2016-04-12 20:49 - 2016-03-29 11:11 - 00686976 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-04-12 20:49 - 2016-03-29 11:05 - 01152864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-04-12 20:49 - 2016-03-29 11:02 - 00989536 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-04-12 20:49 - 2016-03-29 11:02 - 00334736 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2016-04-12 20:49 - 2016-03-29 10:56 - 01297752 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-04-12 20:49 - 2016-03-29 10:28 - 00696664 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-04-12 20:49 - 2016-03-29 10:28 - 00535080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-04-12 20:49 - 2016-03-29 10:28 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-04-12 20:49 - 2016-03-29 10:25 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
2016-04-12 20:49 - 2016-03-29 10:25 - 00058400 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-04-12 20:49 - 2016-03-29 10:19 - 00296488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2016-04-12 20:49 - 2016-03-29 10:18 - 00185184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-04-12 20:49 - 2016-03-29 10:17 - 00300104 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-04-12 20:49 - 2016-03-29 10:13 - 00986976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-04-12 20:49 - 2016-03-29 10:11 - 00605440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-04-12 20:49 - 2016-03-29 10:11 - 00074424 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2016-04-12 20:49 - 2016-03-29 10:10 - 00110584 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2016-04-12 20:49 - 2016-03-29 10:09 - 00078040 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2016-04-12 20:49 - 2016-03-29 10:08 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-12 20:49 - 2016-03-29 10:08 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2016-04-12 20:49 - 2016-03-29 10:07 - 00081144 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2016-04-12 20:49 - 2016-03-29 09:44 - 00502104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-04-12 20:49 - 2016-03-29 09:44 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-04-12 20:49 - 2016-03-29 09:41 - 00051128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.dll
2016-04-12 20:49 - 2016-03-29 09:32 - 00253088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-04-12 20:49 - 2016-03-29 09:26 - 02403680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-04-12 20:49 - 2016-03-29 09:26 - 01089888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-04-12 20:49 - 2016-03-29 09:26 - 00073872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2016-04-12 20:49 - 2016-03-29 09:25 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2016-04-12 20:49 - 2016-03-29 09:24 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-12 20:49 - 2016-03-29 09:23 - 00069744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2016-04-12 20:49 - 2016-03-29 09:21 - 00378208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2016-04-12 20:49 - 2016-03-29 09:17 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-04-12 20:49 - 2016-03-29 09:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xinputhid.sys
2016-04-12 20:49 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2016-04-12 20:49 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2016-04-12 20:49 - 2016-03-29 09:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-04-12 20:49 - 2016-03-29 09:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2016-04-12 20:49 - 2016-03-29 09:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2016-04-12 20:49 - 2016-03-29 09:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\oleacchooks.dll
2016-04-12 20:49 - 2016-03-29 09:00 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\NetCfgNotifyObjectHost.exe
2016-04-12 20:49 - 2016-03-29 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2016-04-12 20:49 - 2016-03-29 09:00 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-04-12 20:49 - 2016-03-29 08:59 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2016-04-12 20:49 - 2016-03-29 08:57 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-04-12 20:49 - 2016-03-29 08:57 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 20:49 - 2016-03-29 08:57 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-04-12 20:49 - 2016-03-29 08:57 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2016-04-12 20:49 - 2016-03-29 08:55 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-04-12 20:49 - 2016-03-29 08:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-04-12 20:49 - 2016-03-29 08:55 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\tbauth.dll
2016-04-12 20:49 - 2016-03-29 08:54 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 20:49 - 2016-03-29 08:53 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\FontProvider.dll
2016-04-12 20:49 - 2016-03-29 08:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerCookies.exe
2016-04-12 20:49 - 2016-03-29 08:51 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-04-12 20:49 - 2016-03-29 08:51 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2016-04-12 20:49 - 2016-03-29 08:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-04-12 20:49 - 2016-03-29 08:50 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-04-12 20:49 - 2016-03-29 08:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-04-12 20:49 - 2016-03-29 08:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\OnDemandConnRouteHelper.dll
2016-04-12 20:49 - 2016-03-29 08:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2016-04-12 20:49 - 2016-03-29 08:49 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-04-12 20:49 - 2016-03-29 08:48 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll
2016-04-12 20:49 - 2016-03-29 08:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-04-12 20:49 - 2016-03-29 08:46 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2016-04-12 20:49 - 2016-03-29 08:44 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2016-04-12 20:49 - 2016-03-29 08:42 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-04-12 20:49 - 2016-03-29 08:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-04-12 20:49 - 2016-03-29 08:38 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-04-12 20:49 - 2016-03-29 08:37 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-04-12 20:49 - 2016-03-29 08:36 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2016-04-12 20:49 - 2016-03-29 08:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2016-04-12 20:49 - 2016-03-29 08:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2016-04-12 20:49 - 2016-03-29 08:34 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-04-12 20:49 - 2016-03-29 08:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-04-12 20:49 - 2016-03-29 08:34 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-04-12 20:49 - 2016-03-29 08:34 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-04-12 20:49 - 2016-03-29 08:33 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2016-04-12 20:49 - 2016-03-29 08:32 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-04-12 20:49 - 2016-03-29 08:32 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-04-12 20:49 - 2016-03-29 08:30 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-04-12 20:49 - 2016-03-29 08:30 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-12 20:49 - 2016-03-29 08:28 - 00460288 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-04-12 20:49 - 2016-03-29 08:27 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-04-12 20:49 - 2016-03-29 08:26 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-04-12 20:49 - 2016-03-29 08:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2016-04-12 20:49 - 2016-03-29 08:23 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-04-12 20:49 - 2016-03-29 08:23 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-04-12 20:49 - 2016-03-29 08:22 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\AccountsRt.dll
2016-04-12 20:49 - 2016-03-29 08:21 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 20:49 - 2016-03-29 08:20 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-04-12 20:49 - 2016-03-29 08:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2016-04-12 20:49 - 2016-03-29 08:20 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 20:49 - 2016-03-29 08:20 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2016-04-12 20:49 - 2016-03-29 08:19 - 00556032 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-04-12 20:49 - 2016-03-29 08:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacchooks.dll
2016-04-12 20:49 - 2016-03-29 08:18 - 00676352 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2016-04-12 20:49 - 2016-03-29 08:17 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-04-12 20:49 - 2016-03-29 08:17 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 20:49 - 2016-03-29 08:17 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-04-12 20:49 - 2016-03-29 08:16 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-04-12 20:49 - 2016-03-29 08:16 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-12 20:49 - 2016-03-29 08:14 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-04-12 20:49 - 2016-03-29 08:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-04-12 20:49 - 2016-03-29 08:12 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-04-12 20:49 - 2016-03-29 08:11 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-04-12 20:49 - 2016-03-29 08:11 - 00881664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-04-12 20:49 - 2016-03-29 08:11 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-04-12 20:49 - 2016-03-29 08:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-12 20:49 - 2016-03-29 08:11 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-04-12 20:49 - 2016-03-29 08:11 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2016-04-12 20:49 - 2016-03-29 08:10 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-04-12 20:49 - 2016-03-29 08:10 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-04-12 20:49 - 2016-03-29 08:09 - 01239552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2016-04-12 20:49 - 2016-03-29 08:09 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-04-12 20:49 - 2016-03-29 08:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbauth.dll
2016-04-12 20:49 - 2016-03-29 08:08 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2016-04-12 20:49 - 2016-03-29 08:08 - 00841216 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-04-12 20:49 - 2016-03-29 08:08 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-12 20:49 - 2016-03-29 08:07 - 01902592 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 20:49 - 2016-03-29 08:06 - 01575936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2016-04-12 20:49 - 2016-03-29 08:06 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-04-12 20:49 - 2016-03-29 08:06 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerCookies.exe
2016-04-12 20:49 - 2016-03-29 08:05 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-04-12 20:49 - 2016-03-29 08:05 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 20:49 - 2016-03-29 08:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Devices.dll
2016-04-12 20:49 - 2016-03-29 08:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-04-12 20:49 - 2016-03-29 08:02 - 01211904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2016-04-12 20:49 - 2016-03-29 08:00 - 00235008 _____ C:\Windows\system32\MTF.dll
2016-04-12 20:49 - 2016-03-29 08:00 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 20:49 - 2016-03-29 08:00 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-04-12 20:49 - 2016-03-29 07:59 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-12 20:49 - 2016-03-29 07:59 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2016-04-12 20:49 - 2016-03-29 07:59 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2016-04-12 20:49 - 2016-03-29 07:56 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-04-12 20:49 - 2016-03-29 07:56 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-04-12 20:49 - 2016-03-29 07:55 - 01052160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2016-04-12 20:49 - 2016-03-29 07:53 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2016-04-12 20:49 - 2016-03-29 07:53 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2016-04-12 20:49 - 2016-03-29 07:52 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-04-12 20:49 - 2016-03-29 07:52 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2016-04-12 20:49 - 2016-03-29 07:49 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2016-04-12 20:49 - 2016-03-29 07:48 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-04-12 20:49 - 2016-03-29 07:44 - 00498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-04-12 20:49 - 2016-03-29 07:43 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AccountsRt.dll
2016-04-12 20:49 - 2016-03-29 07:42 - 01410560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2016-04-12 20:49 - 2016-03-29 07:42 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 20:49 - 2016-03-29 07:41 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2016-04-12 20:49 - 2016-03-29 07:40 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2016-04-12 20:49 - 2016-03-29 07:39 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2016-04-12 20:49 - 2016-03-29 07:39 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 20:49 - 2016-03-29 07:39 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-04-12 20:49 - 2016-03-29 07:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-04-12 20:49 - 2016-03-29 07:36 - 03351040 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-12 20:49 - 2016-03-29 07:36 - 00649728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 20:49 - 2016-03-29 07:35 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-04-12 20:49 - 2016-03-29 07:34 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-04-12 20:49 - 2016-03-29 07:34 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-04-12 20:49 - 2016-03-29 07:34 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 20:49 - 2016-03-29 07:34 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 01588224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 00854528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dmcsps.dll
2016-04-12 20:49 - 2016-03-29 07:31 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-04-12 20:49 - 2016-03-29 07:31 - 01117184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2016-04-12 20:49 - 2016-03-29 07:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-04-12 20:49 - 2016-03-29 07:30 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-04-12 20:49 - 2016-03-29 07:29 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-04-12 20:49 - 2016-03-29 07:29 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll
2016-04-12 20:49 - 2016-03-29 07:28 - 00764928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2016-04-12 20:49 - 2016-03-29 07:27 - 07979008 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-04-12 20:49 - 2016-03-29 07:27 - 00162816 _____ C:\Windows\SysWOW64\MTF.dll
2016-04-12 20:49 - 2016-03-29 07:27 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 20:49 - 2016-03-29 07:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-04-12 20:49 - 2016-03-29 07:23 - 00777728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 20:49 - 2016-03-29 07:22 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-04-12 20:49 - 2016-03-29 07:19 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-04-12 20:49 - 2016-03-29 07:17 - 00765952 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-12 20:49 - 2016-03-29 07:14 - 01072128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2016-04-12 20:49 - 2016-03-29 07:13 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2016-04-12 20:49 - 2016-03-29 07:10 - 03671040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-12 20:49 - 2016-03-29 07:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-04-12 20:49 - 2016-03-29 07:05 - 07199232 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-04-12 20:49 - 2016-03-29 07:05 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-04-12 20:49 - 2016-03-29 07:05 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-04-12 20:49 - 2016-03-29 07:05 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-04-12 20:49 - 2016-03-29 07:04 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-12 20:49 - 2016-03-29 07:04 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2016-04-12 20:49 - 2016-03-29 07:01 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-04-12 20:49 - 2016-03-29 07:00 - 06297088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-04-12 20:49 - 2016-03-29 06:58 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-04-12 20:49 - 2016-03-29 06:49 - 05202944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-04-12 20:49 - 2016-03-29 06:45 - 03078144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-04-12 20:49 - 2016-03-29 06:45 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2016-04-12 20:49 - 2016-03-29 06:43 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-04-12 20:49 - 2016-03-29 06:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 20:49 - 2016-03-29 06:38 - 02798080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-04-12 20:49 - 2016-03-29 06:36 - 02722816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-04-12 20:49 - 2016-03-29 06:35 - 00821248 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2016-04-12 20:49 - 2016-03-29 06:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-04-12 20:49 - 2016-03-29 06:27 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-04-12 20:49 - 2016-03-29 06:26 - 00958976 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2016-04-12 20:49 - 2016-03-29 06:26 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-04-12 20:49 - 2016-03-29 06:25 - 00712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 20:49 - 2016-03-29 06:25 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-04-12 20:49 - 2016-03-29 06:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-04-12 20:48 - 2016-04-13 08:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-12 20:31 - 2016-04-12 20:36 - 00000000 ____D C:\Users\jacka\AppData\Roaming\ZHP
2016-04-11 23:13 - 2016-04-11 23:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-11 23:13 - 2016-04-11 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-11 22:42 - 2016-04-11 22:43 - 01610352 _____ (Malwarebytes) C:\Users\jacka\Downloads\JRT.exe
2016-04-11 22:36 - 2016-04-11 22:38 - 00000000 ____D C:\AdwCleaner
2016-04-11 22:20 - 2016-04-11 22:20 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Boredom Software
2016-04-11 22:16 - 2016-04-11 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-04-11 18:26 - 2016-04-11 18:26 - 00001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-04-11 18:26 - 2016-04-11 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-04-11 18:26 - 2016-04-11 18:26 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-04-11 18:25 - 2016-04-11 18:26 - 00000000 ____D C:\Program Files\Wireshark
2016-04-11 18:25 - 2016-04-11 18:25 - 00001569 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-04-11 18:19 - 2016-04-11 18:19 - 00007601 _____ C:\Users\jacka\AppData\Local\Resmon.ResmonCfg
2016-04-11 17:59 - 2016-04-11 17:59 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-04-11 17:59 - 2016-04-11 17:59 - 00000000 ____D C:\Users\jacka\AppData\Roaming\TeamViewer
2016-04-11 17:59 - 2016-04-11 17:59 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-11 17:11 - 2016-04-15 16:20 - 00000000 ____D C:\FRST
2016-04-11 00:15 - 2016-04-11 00:15 - 00000000 ____D C:\Users\jacka\Pavark
2016-04-11 00:02 - 2016-04-11 00:02 - 00000000 ____D C:\Program Files (x86)\Boredom Software
2016-04-10 23:54 - 2016-04-10 23:54 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-10 23:40 - 2016-04-10 23:53 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-10 23:40 - 2016-04-10 23:40 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-10 23:32 - 2016-04-10 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-04-10 23:32 - 2016-04-10 23:32 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-10 23:31 - 2016-04-10 23:36 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-10 23:14 - 2016-04-15 16:20 - 00029432 _____ C:\Windows\ZAM.krnl.trace
2016-04-10 23:14 - 2016-04-15 16:19 - 00000119 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-04-10 23:14 - 2016-04-11 22:16 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-04-10 23:14 - 2016-04-10 23:14 - 00247464 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-04-10 23:14 - 2016-04-10 23:14 - 00247464 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-04-10 23:14 - 2016-04-10 23:14 - 00000000 ____D C:\Users\jacka\AppData\Local\Zemana
2016-04-10 23:13 - 2016-04-15 16:20 - 00000000 ____D C:\ProgramData\VoodooShield
2016-04-10 23:13 - 2016-04-10 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
2016-04-10 23:13 - 2016-04-10 23:13 - 00000000 ____D C:\Program Files\VoodooShield
2016-04-10 23:13 - 2014-09-06 14:26 - 00009216 _____ C:\Windows\system32\cpn64.dll
2016-04-10 23:13 - 2014-09-06 14:26 - 00007168 _____ C:\Windows\SysWOW64\cpn32.dll
2016-04-10 05:25 - 2016-04-10 05:25 - 00251644 _____ C:\Users\jacka\OneDrive\Documents\just in casew.pcapng
2016-04-10 00:29 - 2016-04-10 00:29 - 00130364 _____ C:\Users\jacka\OneDrive\Documents\something to come back to.pcapng
2016-04-08 20:12 - 2016-04-10 18:58 - 00000000 ____D C:\Program Files (x86)\Cryptostorm Client
2016-04-07 17:59 - 2016-03-11 11:21 - 00039040 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-04-04 09:02 - 2016-04-04 09:02 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-04-04 06:13 - 2016-04-04 06:46 - 00000000 _____ C:\Recovery.txt
2016-04-04 01:54 - 2016-04-04 01:54 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-04-04 01:54 - 2016-04-04 01:54 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-04 01:11 - 2016-04-04 01:11 - 00001100 _____ C:\Users\jacka\Desktop\Start Emergency Kit Scanner.exe - Shortcut.lnk
2016-04-03 23:08 - 2016-04-11 01:55 - 00003656 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-04-03 23:08 - 2016-04-03 23:08 - 00000000 ____D C:\Windows\ERUNT
2016-04-03 18:06 - 2016-04-03 18:06 - 00000000 ____D C:\Windows\pss
2016-04-03 17:57 - 2016-04-11 01:50 - 00000000 ____D C:\EEK
2016-04-03 00:22 - 2016-04-03 01:23 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2016-04-02 21:13 - 2016-04-02 21:17 - 224733960 _____ C:\Users\jacka\Downloads\EmsisoftEmergencyKit.exe
2016-04-02 21:07 - 2016-04-02 21:08 - 283904000 _____ C:\Users\jacka\Downloads\kav_rescue_10.iso
2016-04-02 20:30 - 2016-04-02 20:37 - 340670464 _____ C:\Users\jacka\Downloads\eset-sysrescue.1.0.9.0.enu.iso
2016-04-01 16:21 - 2016-04-01 16:21 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-03-30 21:54 - 2016-03-30 21:54 - 00000000 ____D C:\Users\jacka\AppData\Local\ElevatedDiagnostics
2016-03-30 17:12 - 2016-03-30 17:12 - 00000000 ____D C:\Users\jacka\AppData\Roaming\KeePass
2016-03-30 17:01 - 2016-03-30 17:02 - 01926960 _____ (Dominik Reichl ) C:\Users\jacka\Downloads\KeePass-1.31-Setup.exe
2016-03-23 23:00 - 2016-03-10 15:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\is-6JNJH.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-15 16:20 - 2016-02-15 14:40 - 00000000 ____D C:\ProgramData\MCShield
2016-04-15 16:19 - 2016-02-20 21:30 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-15 16:19 - 2016-02-19 23:42 - 00000000 ____D C:\ProgramData\VMware
2016-04-15 16:19 - 2016-02-08 01:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-15 16:19 - 2016-02-08 00:01 - 00000000 __SHD C:\Users\jacka\IntelGraphicsProfiles
2016-04-15 16:19 - 2016-02-08 00:00 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-15 16:19 - 2016-02-07 23:49 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-15 16:18 - 2015-10-30 07:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-04-15 16:16 - 2016-02-07 23:54 - 00838508 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-15 16:16 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2016-04-15 16:14 - 2016-02-08 00:06 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E84198C8-2584-4CE2-83CB-D4C491C59B33}
2016-04-15 01:35 - 2016-02-20 21:30 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-15 01:11 - 2016-02-10 22:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-14 23:35 - 2016-02-14 23:30 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Skype
2016-04-14 22:14 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\AppReadiness
2016-04-14 07:33 - 2016-02-08 00:00 - 00000000 ____D C:\Users\jacka
2016-04-13 23:18 - 2016-02-28 23:22 - 00000000 ____D C:\Program Files (x86)\AzTools
2016-04-13 21:04 - 2016-02-10 22:09 - 00003804 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-13 21:04 - 2016-02-09 23:15 - 00000000 ____D C:\Users\jacka\AppData\Local\Adobe
2016-04-13 21:02 - 2016-02-08 00:01 - 00000000 ____D C:\Users\jacka\AppData\Local\Packages
2016-04-13 21:02 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-13 09:01 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\rescache
2016-04-13 08:45 - 2016-02-08 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 08:45 - 2016-02-07 23:47 - 00333072 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 08:43 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-13 08:43 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 08:43 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-13 08:43 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\bcastdvr
2016-04-12 21:13 - 2016-02-08 00:16 - 00000000 ____D C:\Windows\system32\MRT
2016-04-12 21:13 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2016-04-12 21:10 - 2016-02-08 00:16 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-12 20:25 - 2016-02-20 22:13 - 00000000 ____D C:\Program Files (x86)\Everything
2016-04-11 23:13 - 2016-02-14 23:30 - 00000000 ____D C:\ProgramData\Skype
2016-04-11 22:35 - 2016-02-20 21:31 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 22:11 - 2016-02-14 22:47 - 00000000 ____D C:\Users\jacka\OneDrive\Documents\My RoboForm Data
2016-04-11 22:10 - 2016-02-14 22:47 - 00000000 ____D C:\Program Files (x86)\Siber Systems
2016-04-11 16:57 - 2016-02-26 19:36 - 00000000 ____D C:\Windows\Minidump
2016-04-11 16:57 - 2016-02-08 07:47 - 00000000 ____D C:\Windows\Panther
2016-04-11 01:55 - 2016-02-19 20:36 - 00001542 _____ C:\DelFix.txt
2016-04-10 20:25 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-04-07 18:50 - 2016-03-14 00:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-07 17:14 - 2016-02-19 23:04 - 00000000 ____D C:\Users\jacka\.VirtualBox
2016-04-06 19:32 - 2015-10-30 08:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-06 19:32 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 00:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\LiveKernelReports
2016-04-01 03:59 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-01 03:58 - 2016-02-08 01:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-30 17:12 - 2015-11-16 13:21 - 00264552 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00198096 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00084800 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00053384 _____ (ESET) C:\Windows\system32\Drivers\epfwlwf.sys
2016-03-23 23:00 - 2016-02-08 01:09 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-23 23:00 - 2016-02-08 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-23 23:00 - 2016-02-08 01:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-19 22:49 - 2016-03-14 00:01 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-03-19 22:49 - 2016-02-28 23:10 - 00000000 ____D C:\ProgramData\TEMP

==================== Files in the root of some directories =======

2016-04-15 01:58 - 2016-04-15 01:58 - 0200785 _____ () C:\Users\jacka\AppData\Local\ars.cache
2016-04-15 01:58 - 2016-04-15 01:58 - 0594793 _____ () C:\Users\jacka\AppData\Local\census.cache
2016-04-15 01:48 - 2016-04-15 01:48 - 0000036 _____ () C:\Users\jacka\AppData\Local\housecall.guid.cache
2016-04-11 18:19 - 2016-04-11 18:19 - 0007601 _____ () C:\Users\jacka\AppData\Local\Resmon.ResmonCfg
2016-04-15 01:54 - 2016-04-15 01:54 - 0000010 _____ () C:\Users\jacka\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-13 08:56

==================== End of FRST.txt ============================

New Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by jacka (2016-04-15 16:21:41)
Running from C:\Users\jacka\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-07 22:56:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3022446708-123597430-1770447347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3022446708-123597430-1770447347-503 - Limited - Disabled)
Guest (S-1-5-21-3022446708-123597430-1770447347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3022446708-123597430-1770447347-1005 - Limited - Enabled)
jacka (S-1-5-21-3022446708-123597430-1770447347-1001 - Administrator - Enabled) => C:\Users\jacka
james (S-1-5-21-3022446708-123597430-1770447347-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.375.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
Icecream Screen Recorder version 3.30 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 3.30 - Icecream Apps)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{A19807B6-6057-456E-A560-A2A04862C1C6}) (Version: 1.5.1.202 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.1.202 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6741.2021 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Vagrant (HKLM-x32\...\{DBD58741-B374-4518-B0F7-8F33D09E3164}) (Version: 1.8.1 - HashiCorp)
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
VoodooShield version 2.86 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 2.86 - VoodooSoft, LLC)
VT Hash Check 1.56 (HKLM-x32\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.56 - Boredom Software)
WebM Project Directshow Filters (HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Workrave 1.10 (HKLM-x32\...\Workrave_is1) (Version: - Rob Caelers & Raymond Penners)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.140 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3022446708-123597430-1770447347-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jacka\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {24EB583A-463E-45CC-9266-85DA335356A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {42F14D69-5C1E-458C-AE44-BFFCB9520E0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {5678114F-D56A-4926-974B-C87CEC041CDF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {5FE19D31-690D-46CB-988D-3C8086D77D19} - \Open URL by RoboForm -> No File <==== ATTENTION
Task: {6036A827-1236-4DDD-8E76-77F52641114A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)
Task: {ADF5CD87-23B6-41C1-9E10-C19A9452B03C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-04-12] (Microsoft Corporation)
Task: {AF7674E0-E071-426D-9331-A9873C3880F6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-01] (Microsoft Corporation)
Task: {B88AA8F5-761C-4051-9FC4-1A74AF0EDDA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {C54E4625-CEDD-488E-8C6C-56D8F09A3138} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-13] (Adobe Systems Incorporated)
Task: {C6F7F130-7349-45D0-9D37-A9C5274876C2} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {D8197D27-4125-44C0-B06B-B77450BCDC6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-04-10 23:13 - 2014-09-06 14:26 - 00009216 _____ () C:\Windows\System32\cpn64.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-02-08 01:30 - 2016-03-20 13:10 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-04-12 20:50 - 2016-03-29 11:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-12-19 02:08 - 2015-12-19 02:08 - 00402344 _____ () C:\Windows\system32\igfxTray.exe
2016-04-12 20:50 - 2016-03-29 11:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-03-16 18:25 - 2016-04-01 03:56 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-10 23:14 - 2016-04-10 23:14 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-02-08 00:54 - 2016-02-08 00:54 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-08 00:15 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 20:49 - 2016-04-02 04:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-12 20:49 - 2016-04-02 04:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 20:49 - 2016-04-02 03:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-12 20:49 - 2016-04-02 03:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-12 20:50 - 2016-04-02 04:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2015-11-25 19:10 - 2015-11-25 19:10 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-02-08 00:54 - 2016-02-08 00:54 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-08 00:54 - 2016-02-08 00:54 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-15 13:45 - 2015-12-15 13:45 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2015-12-15 13:45 - 2015-12-15 13:45 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2015-12-15 13:45 - 2015-12-15 13:45 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98017090.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98017090.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2016-04-12 20:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Everything"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Workrave"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Gyazo"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FB61C183-5CFC-4ACD-ACAC-541EA43FD903}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49979E48-5D03-4FE5-B77C-4E37B1632EF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4B0C5841-A88B-4D3B-8A0C-5ECAF94B2DD1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{995CA16A-E833-443D-837C-50D4A9730B40}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{AD257DB5-462D-4D09-A0D1-1FE2B0C4CF2B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{48A6AFC1-A405-4F78-A0B3-9D0B2ED6432F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B33D73FF-93BD-44F1-BC9F-BD634D7B214D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{340C9461-A8AB-4DEE-B983-A9D242304996}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1F7FC8A9-65B4-4D30-AAEB-52702A461FF3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{12E3A71B-0D10-4864-85F4-5AC48A858362}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{40AAA6B0-FDE2-4AE6-A06D-FD6FBA2CFBAC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

11-04-2016 01:55:16 End of disinfection
12-04-2016 20:24:44 Restore Point Created by FRST
15-04-2016 16:17:39 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2016 04:17:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/15/2016 04:17:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fe7557d6-f41a-4a6e-bb06-b2506d8ec6bc}

Error: (04/15/2016 12:54:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/15/2016 12:54:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/15/2016 12:54:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/14/2016 05:18:22 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/13/2016 09:09:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/13/2016 09:09:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/13/2016 09:09:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/13/2016 09:09:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

System errors:
=============
Error: (04/15/2016 04:20:42 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/15/2016 04:20:40 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/15/2016 04:20:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/15/2016 04:20:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/15/2016 04:20:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/15/2016 04:19:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/15/2016 04:19:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/15/2016 04:19:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/15/2016 04:19:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/15/2016 04:19:55 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
Date: 2016-04-15 16:19:12.272
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 16:19:12.263
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 16:19:11.676
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 16:19:11.666
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 16:11:30.562
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 16:11:30.553
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 16:11:30.147
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 16:11:30.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-13 21:00:35.219
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-13 21:00:35.133
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G3258 @ 3.20GHz
Percentage of memory in use: 22%
Total physical RAM: 7885.05 MB
Available physical RAM: 6087 MB
Total Virtual: 8397.05 MB
Available Virtual: 6616.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.96 GB) (Free:829.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 000E47F3)

Partition: GPT.

==================== End of Addition.txt ============================

#12 olgun52

Malware Response Team
3,782 posts
OFFLINE

Gender:Male
Local time:12:40 AM

Posted 15 April 2016 - 04:59 PM

Hi there,

Attention: ''Don't install or uninstall software during the cleanup unless you are told to do so''

I see, new you downloaded the Kaspersky Security Scan + Kaspersky Software Updater Beta softwares. Please remove all

=====================================================================================

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
CreateRestorePoint:
CloseProcesses:
Task: {5FE19D31-690D-46CB-988D-3C8086D77D19} - \Open URL by RoboForm -> No File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98017090.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98017090.sys => ""="Driver"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Gyazo"
Winsock: Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
FF ProfilePath: C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default
2016-04-15 01:50 - 2016-04-15 01:50 - 00000000 ____D C:\ProgramData\Trend Micro
2016-04-15 01:48 - 2015-05-29 08:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-04-15 01:47 - 2016-04-15 01:48 - 02526736 _____ (Trend Micro Inc.) C:\Users\jacka\Desktop\HousecallLauncher64.exe
2016-04-11 22:11 - 2016-02-14 22:47 - 00000000 ____D C:\Users\jacka\OneDrive\Documents\My RoboForm Data
C:\Program Files (x86)\Everything
HKLM\...\StartupApproved\Run32: => "Everything"
HKLM\...\StartupApproved\Run32\Everything
EmptyTemp:
Reboot:

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

==============================================================================

How is the PC running now ?

#13 auto1571

Topic Starter

Members
295 posts
OFFLINE

Local time:10:40 PM

Posted 15 April 2016 - 05:19 PM

Attention: ''Don't install or uninstall software during the cleanup unless you are told to do so''

Yeah, sorry about this. I should have known better here. Those programs are now removed.

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by jacka (2016-04-15 23:14:16) Run:3
Running from C:\Users\jacka\Desktop
Loaded Profiles: jacka (Available Profiles: jacka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {5FE19D31-690D-46CB-988D-3C8086D77D19} - \Open URL by RoboForm -> No File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98017090.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98017090.sys => ""="Driver"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Gyazo"
Winsock: Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
FF ProfilePath: C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default
2016-04-15 01:50 - 2016-04-15 01:50 - 00000000 ____D C:\ProgramData\Trend Micro
2016-04-15 01:48 - 2015-05-29 08:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-04-15 01:47 - 2016-04-15 01:48 - 02526736 _____ (Trend Micro Inc.) C:\Users\jacka\Desktop\HousecallLauncher64.exe
2016-04-11 22:11 - 2016-02-14 22:47 - 00000000 ____D C:\Users\jacka\OneDrive\Documents\My RoboForm Data
C:\Program Files (x86)\Everything
HKLM\...\StartupApproved\Run32: => "Everything"
HKLM\...\StartupApproved\Run32\Everything
EmptyTemp:
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FE19D31-690D-46CB-988D-3C8086D77D19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FE19D31-690D-46CB-988D-3C8086D77D19}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm => key not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\98017090.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\98017090.sys" => key removed successfully
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Gyazo" => value not found.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\napinsp.dll)
Winsock: Catalog5 000000000002\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000004\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5 000000000006\\LibraryPath => restored successfully (%SystemRoot%\System32\winrnr.dll)
FF ProfilePath: C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default => FRST is scripted not to move this directory.
C:\ProgramData\Trend Micro => moved successfully
C:\Windows\system32\Drivers\tmcomm.sys => moved successfully
C:\Users\jacka\Desktop\HousecallLauncher64.exe => moved successfully
C:\Users\jacka\OneDrive\Documents\My RoboForm Data => moved successfully
C:\Program Files (x86)\Everything => moved successfully
HKLM\...\StartupApproved\Run32: => "Everything" => Error: No automatic fix found for this entry.
HKLM\...\StartupApproved\Run32\Everything => Error: No automatic fix found for this entry.
EmptyTemp: => 161.5 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 23:14:23 ====

How is the PC running now ?

The PC is running okay at the moment. Thanks.

#14 olgun52

Malware Response Team
3,782 posts
OFFLINE

Gender:Male
Local time:12:40 AM

Posted 15 April 2016 - 07:26 PM

Thank you for the Logs.

HKLM\...\StartupApproved\Run32\Everything
HKLM\...\StartupApproved\Run32: => "Everything"

Please open the registry and check these folders. If you see, you can delete.

====================================================================

Please post, for my check ,new FRST Logs

Thank you.

#15 auto1571

Topic Starter

Members
295 posts
OFFLINE

Local time:10:40 PM

Posted 16 April 2016 - 11:59 AM

Hi, I was unable to locate the everything program in the registry. However here are the new FRST and Addition logs:

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by jacka (administrator) on DESKTOP-18TF7QT (16-04-2016 17:58:30)
Running from C:\Users\jacka\Desktop
Loaded Profiles: jacka (Available Profiles: jacka)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(VoodooSoft, LLC) C:\Program Files\VoodooShield\VoodooShieldService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(VoodooSoft, LLC) C:\Program Files\VoodooShield\VoodooShield.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40891.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40891.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [1834944 2015-12-02] (VoodooSoft, LLC)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [Workrave] => C:\Program Files (x86)\Workrave\lib\workrave.exe [4480000 2013-01-13] (The Workrave development team)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKLM\...\AppCertDlls: [cpn32] -> C:\Windows\SysWOW64\cpn32.dll [7168 2014-09-06] ()
HKLM\...\AppCertDlls: [cpn64] -> C:\Windows\System32\cpn64.dll [9216 2014-09-06] ()
Startup: C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-02-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ad1349cb-bedf-416f-aa1d-2911e8c8f575}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-01] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Malware Search - C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2016-02-19]
FF Extension: uBlock Origin - C:\Users\jacka\AppData\Roaming\Mozilla\Firefox\Profiles\01jmi428.default\Extensions\uBlock0@raymondhill.net.xpi [2016-04-06]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://duckduckgo.com/"
CHR DefaultSearchURL: Default -> hxxp://tinychat.com/themanhole
CHR Profile: C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-20]
CHR Extension: (Google Docs) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-20]
CHR Extension: (Google Drive) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20]
CHR Extension: (YouTube) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20]
CHR Extension: (Google Search) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (AdBlock) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-16]
CHR Extension: (Skype) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\jacka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2823920 2016-03-20] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-03-30] (ESET)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-04-10] (SurfRight B.V.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [79384 2015-12-02] (VoodooSoft, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12866288 2016-04-08] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-03-30] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [199680 2015-11-16] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [142976 2015-11-16] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [198096 2016-03-30] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53384 2016-03-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-03-30] (ESET)
R1 epp; C:\EEK\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-10] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [247464 2016-04-10] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [247464 2016-04-10] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-15 16:30 - 2016-04-15 16:31 - 00001118 _____ C:\Users\jacka\Desktop\Search.txt
2016-04-15 16:21 - 2016-04-15 16:22 - 00032978 _____ C:\Users\jacka\Desktop\Addition.txt
2016-04-15 16:20 - 2016-04-16 17:58 - 00014701 _____ C:\Users\jacka\Desktop\FRST.txt
2016-04-15 16:17 - 2016-04-15 23:14 - 00004637 _____ C:\Users\jacka\Desktop\Fixlog.txt
2016-04-15 16:17 - 2016-04-15 16:17 - 02375168 _____ (Farbar) C:\Users\jacka\Desktop\FRST64.exe
2016-04-15 02:00 - 2016-04-15 23:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-04-15 01:59 - 2016-04-15 01:59 - 02622792 _____ (Kaspersky Lab) C:\Users\jacka\Desktop\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-04-15 01:58 - 2016-04-15 01:58 - 00594793 _____ C:\Users\jacka\AppData\Local\census.cache
2016-04-15 01:58 - 2016-04-15 01:58 - 00200785 _____ C:\Users\jacka\AppData\Local\ars.cache
2016-04-15 01:54 - 2016-04-15 01:54 - 00000010 _____ C:\Users\jacka\AppData\Local\sponge.last.runtime.cache
2016-04-15 01:48 - 2016-04-15 01:48 - 00000036 _____ C:\Users\jacka\AppData\Local\housecall.guid.cache
2016-04-13 21:09 - 2016-04-13 21:09 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-13 21:04 - 2016-04-15 00:54 - 02870984 _____ (ESET) C:\Users\jacka\Desktop\esetsmartinstaller_enu.exe
2016-04-13 20:58 - 2016-04-13 20:58 - 00133979 _____ C:\Users\jacka\Desktop\hosts.zip
2016-04-12 20:50 - 2016-04-02 04:14 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-04-12 20:50 - 2016-03-29 11:20 - 07474016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-12 20:50 - 2016-03-29 11:20 - 02656952 _____ C:\Windows\system32\CoreUIComponents.dll
2016-04-12 20:50 - 2016-03-29 11:18 - 02152280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-04-12 20:50 - 2016-03-29 10:37 - 01862008 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-04-12 20:50 - 2016-03-29 09:41 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-04-12 20:50 - 2016-03-29 09:06 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-04-12 20:50 - 2016-03-29 09:02 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-04-12 20:50 - 2016-03-29 09:01 - 00541304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-04-12 20:50 - 2016-03-29 08:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-04-12 20:50 - 2016-03-29 08:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-12 20:50 - 2016-03-29 08:46 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-04-12 20:50 - 2016-03-29 08:36 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-04-12 20:50 - 2016-03-29 08:19 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-04-12 20:50 - 2016-03-29 08:15 - 01714688 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-04-12 20:50 - 2016-03-29 08:15 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-12 20:50 - 2016-03-29 08:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-04-12 20:50 - 2016-03-29 08:12 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-04-12 20:50 - 2016-03-29 08:12 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-12 20:50 - 2016-03-29 08:07 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-04-12 20:50 - 2016-03-29 08:02 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-04-12 20:50 - 2016-03-29 08:02 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-04-12 20:50 - 2016-03-29 08:00 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-04-12 20:50 - 2016-03-29 07:42 - 03592704 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-04-12 20:50 - 2016-03-29 07:37 - 01444352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-04-12 20:50 - 2016-03-29 07:37 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-04-12 20:50 - 2016-03-29 07:37 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-12 20:50 - 2016-03-29 07:32 - 01731584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-12 20:50 - 2016-03-29 07:31 - 02275328 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-12 20:50 - 2016-03-29 07:28 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-04-12 20:50 - 2016-03-29 07:27 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-04-12 20:50 - 2016-03-29 07:26 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-12 20:50 - 2016-03-29 07:05 - 01500672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-12 20:50 - 2016-03-29 07:05 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-12 20:50 - 2016-03-29 07:02 - 02229760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-12 20:50 - 2016-03-29 07:01 - 13018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 20:50 - 2016-03-29 06:56 - 16985600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-04-12 20:50 - 2016-03-29 06:52 - 11545600 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-04-12 20:50 - 2016-03-29 06:51 - 22378496 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-04-12 20:50 - 2016-03-29 06:51 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-04-12 20:50 - 2016-03-29 06:41 - 24602112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-12 20:50 - 2016-03-29 06:41 - 12125184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-12 20:50 - 2016-03-29 06:39 - 13382656 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-12 20:50 - 2016-03-29 06:38 - 18673664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-04-12 20:50 - 2016-03-29 06:37 - 19340800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-12 20:50 - 2016-03-29 06:27 - 07836160 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-04-12 20:50 - 2016-03-29 06:27 - 05662208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-04-12 20:49 - 2016-04-02 05:13 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-04-12 20:49 - 2016-04-02 05:10 - 00770640 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2016-04-12 20:49 - 2016-04-02 05:10 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 20:49 - 2016-04-02 05:10 - 00374008 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-04-12 20:49 - 2016-04-02 04:30 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-04-12 20:49 - 2016-04-02 04:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-04-12 20:49 - 2016-04-02 04:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 20:49 - 2016-04-02 04:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-04-12 20:49 - 2016-04-02 04:25 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll
2016-04-12 20:49 - 2016-04-02 04:25 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NotificationObjFactory.dll
2016-04-12 20:49 - 2016-04-02 04:23 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-04-12 20:49 - 2016-04-02 04:23 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-04-12 20:49 - 2016-04-02 04:21 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-04-12 20:49 - 2016-04-02 04:19 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-04-12 20:49 - 2016-04-02 04:18 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-04-12 20:49 - 2016-04-02 04:15 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-04-12 20:49 - 2016-04-02 04:09 - 01832448 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-04-12 20:49 - 2016-04-02 04:08 - 02193408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-04-12 20:49 - 2016-04-02 04:07 - 03575296 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 20:49 - 2016-04-02 04:07 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-04-12 20:49 - 2016-04-02 04:03 - 04774912 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-04-12 20:49 - 2016-04-02 04:00 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-04-12 20:49 - 2016-03-29 11:23 - 00277856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-04-12 20:49 - 2016-03-29 11:22 - 01030416 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-12 20:49 - 2016-03-29 11:22 - 00874968 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-04-12 20:49 - 2016-03-29 11:20 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-12 20:49 - 2016-03-29 11:20 - 01141504 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-04-12 20:49 - 2016-03-29 11:15 - 00100232 _____ (Microsoft Corporation) C:\Windows\system32\omadmapi.dll
2016-04-12 20:49 - 2016-03-29 11:11 - 00686976 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-04-12 20:49 - 2016-03-29 11:05 - 01152864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-04-12 20:49 - 2016-03-29 11:02 - 00989536 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-04-12 20:49 - 2016-03-29 11:02 - 00334736 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2016-04-12 20:49 - 2016-03-29 10:56 - 01297752 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-04-12 20:49 - 2016-03-29 10:28 - 00696664 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-04-12 20:49 - 2016-03-29 10:28 - 00535080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-04-12 20:49 - 2016-03-29 10:28 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-04-12 20:49 - 2016-03-29 10:25 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
2016-04-12 20:49 - 2016-03-29 10:25 - 00058400 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-04-12 20:49 - 2016-03-29 10:19 - 00296488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2016-04-12 20:49 - 2016-03-29 10:18 - 00185184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-04-12 20:49 - 2016-03-29 10:17 - 00300104 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-04-12 20:49 - 2016-03-29 10:13 - 00986976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-04-12 20:49 - 2016-03-29 10:11 - 00605440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-04-12 20:49 - 2016-03-29 10:11 - 00074424 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2016-04-12 20:49 - 2016-03-29 10:10 - 00110584 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2016-04-12 20:49 - 2016-03-29 10:09 - 00078040 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2016-04-12 20:49 - 2016-03-29 10:08 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-12 20:49 - 2016-03-29 10:08 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2016-04-12 20:49 - 2016-03-29 10:07 - 00081144 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2016-04-12 20:49 - 2016-03-29 09:44 - 00502104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-04-12 20:49 - 2016-03-29 09:44 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-04-12 20:49 - 2016-03-29 09:41 - 00051128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.dll
2016-04-12 20:49 - 2016-03-29 09:32 - 00253088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-04-12 20:49 - 2016-03-29 09:26 - 02403680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-04-12 20:49 - 2016-03-29 09:26 - 01089888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-04-12 20:49 - 2016-03-29 09:26 - 00073872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2016-04-12 20:49 - 2016-03-29 09:25 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2016-04-12 20:49 - 2016-03-29 09:24 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-12 20:49 - 2016-03-29 09:23 - 00069744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2016-04-12 20:49 - 2016-03-29 09:21 - 00378208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2016-04-12 20:49 - 2016-03-29 09:17 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-04-12 20:49 - 2016-03-29 09:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xinputhid.sys
2016-04-12 20:49 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2016-04-12 20:49 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2016-04-12 20:49 - 2016-03-29 09:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-04-12 20:49 - 2016-03-29 09:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2016-04-12 20:49 - 2016-03-29 09:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2016-04-12 20:49 - 2016-03-29 09:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\oleacchooks.dll
2016-04-12 20:49 - 2016-03-29 09:00 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\NetCfgNotifyObjectHost.exe
2016-04-12 20:49 - 2016-03-29 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2016-04-12 20:49 - 2016-03-29 09:00 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-04-12 20:49 - 2016-03-29 08:59 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2016-04-12 20:49 - 2016-03-29 08:57 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-04-12 20:49 - 2016-03-29 08:57 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 20:49 - 2016-03-29 08:57 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-04-12 20:49 - 2016-03-29 08:57 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2016-04-12 20:49 - 2016-03-29 08:55 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-04-12 20:49 - 2016-03-29 08:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-04-12 20:49 - 2016-03-29 08:55 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\tbauth.dll
2016-04-12 20:49 - 2016-03-29 08:54 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 20:49 - 2016-03-29 08:53 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\FontProvider.dll
2016-04-12 20:49 - 2016-03-29 08:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerCookies.exe
2016-04-12 20:49 - 2016-03-29 08:51 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-04-12 20:49 - 2016-03-29 08:51 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2016-04-12 20:49 - 2016-03-29 08:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-04-12 20:49 - 2016-03-29 08:50 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-04-12 20:49 - 2016-03-29 08:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-04-12 20:49 - 2016-03-29 08:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\OnDemandConnRouteHelper.dll
2016-04-12 20:49 - 2016-03-29 08:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2016-04-12 20:49 - 2016-03-29 08:49 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-04-12 20:49 - 2016-03-29 08:48 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll
2016-04-12 20:49 - 2016-03-29 08:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-04-12 20:49 - 2016-03-29 08:46 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2016-04-12 20:49 - 2016-03-29 08:44 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2016-04-12 20:49 - 2016-03-29 08:42 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-04-12 20:49 - 2016-03-29 08:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-04-12 20:49 - 2016-03-29 08:38 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-04-12 20:49 - 2016-03-29 08:37 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-04-12 20:49 - 2016-03-29 08:36 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2016-04-12 20:49 - 2016-03-29 08:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2016-04-12 20:49 - 2016-03-29 08:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2016-04-12 20:49 - 2016-03-29 08:34 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-04-12 20:49 - 2016-03-29 08:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-04-12 20:49 - 2016-03-29 08:34 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-04-12 20:49 - 2016-03-29 08:34 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-04-12 20:49 - 2016-03-29 08:33 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2016-04-12 20:49 - 2016-03-29 08:32 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-04-12 20:49 - 2016-03-29 08:32 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-04-12 20:49 - 2016-03-29 08:30 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-04-12 20:49 - 2016-03-29 08:30 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-12 20:49 - 2016-03-29 08:28 - 00460288 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-04-12 20:49 - 2016-03-29 08:27 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-04-12 20:49 - 2016-03-29 08:26 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-04-12 20:49 - 2016-03-29 08:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2016-04-12 20:49 - 2016-03-29 08:23 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-04-12 20:49 - 2016-03-29 08:23 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-04-12 20:49 - 2016-03-29 08:22 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\AccountsRt.dll
2016-04-12 20:49 - 2016-03-29 08:21 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 20:49 - 2016-03-29 08:20 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-04-12 20:49 - 2016-03-29 08:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2016-04-12 20:49 - 2016-03-29 08:20 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 20:49 - 2016-03-29 08:20 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2016-04-12 20:49 - 2016-03-29 08:19 - 00556032 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-04-12 20:49 - 2016-03-29 08:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacchooks.dll
2016-04-12 20:49 - 2016-03-29 08:18 - 00676352 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2016-04-12 20:49 - 2016-03-29 08:17 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-04-12 20:49 - 2016-03-29 08:17 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 20:49 - 2016-03-29 08:17 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-04-12 20:49 - 2016-03-29 08:16 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-04-12 20:49 - 2016-03-29 08:16 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-12 20:49 - 2016-03-29 08:14 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-04-12 20:49 - 2016-03-29 08:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-04-12 20:49 - 2016-03-29 08:12 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-04-12 20:49 - 2016-03-29 08:11 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-04-12 20:49 - 2016-03-29 08:11 - 00881664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-04-12 20:49 - 2016-03-29 08:11 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-04-12 20:49 - 2016-03-29 08:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-12 20:49 - 2016-03-29 08:11 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-04-12 20:49 - 2016-03-29 08:11 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2016-04-12 20:49 - 2016-03-29 08:10 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-04-12 20:49 - 2016-03-29 08:10 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-04-12 20:49 - 2016-03-29 08:09 - 01239552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2016-04-12 20:49 - 2016-03-29 08:09 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-04-12 20:49 - 2016-03-29 08:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbauth.dll
2016-04-12 20:49 - 2016-03-29 08:08 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2016-04-12 20:49 - 2016-03-29 08:08 - 00841216 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-04-12 20:49 - 2016-03-29 08:08 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-12 20:49 - 2016-03-29 08:07 - 01902592 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 20:49 - 2016-03-29 08:06 - 01575936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2016-04-12 20:49 - 2016-03-29 08:06 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-04-12 20:49 - 2016-03-29 08:06 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerCookies.exe
2016-04-12 20:49 - 2016-03-29 08:05 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-04-12 20:49 - 2016-03-29 08:05 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 20:49 - 2016-03-29 08:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Devices.dll
2016-04-12 20:49 - 2016-03-29 08:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-04-12 20:49 - 2016-03-29 08:02 - 01211904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2016-04-12 20:49 - 2016-03-29 08:00 - 00235008 _____ C:\Windows\system32\MTF.dll
2016-04-12 20:49 - 2016-03-29 08:00 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 20:49 - 2016-03-29 08:00 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-04-12 20:49 - 2016-03-29 07:59 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-12 20:49 - 2016-03-29 07:59 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2016-04-12 20:49 - 2016-03-29 07:59 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2016-04-12 20:49 - 2016-03-29 07:56 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-04-12 20:49 - 2016-03-29 07:56 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-04-12 20:49 - 2016-03-29 07:55 - 01052160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2016-04-12 20:49 - 2016-03-29 07:53 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2016-04-12 20:49 - 2016-03-29 07:53 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2016-04-12 20:49 - 2016-03-29 07:52 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-04-12 20:49 - 2016-03-29 07:52 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2016-04-12 20:49 - 2016-03-29 07:49 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2016-04-12 20:49 - 2016-03-29 07:48 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-04-12 20:49 - 2016-03-29 07:44 - 00498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-04-12 20:49 - 2016-03-29 07:43 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AccountsRt.dll
2016-04-12 20:49 - 2016-03-29 07:42 - 01410560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2016-04-12 20:49 - 2016-03-29 07:42 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 20:49 - 2016-03-29 07:41 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2016-04-12 20:49 - 2016-03-29 07:40 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2016-04-12 20:49 - 2016-03-29 07:39 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2016-04-12 20:49 - 2016-03-29 07:39 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 20:49 - 2016-03-29 07:39 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-04-12 20:49 - 2016-03-29 07:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-04-12 20:49 - 2016-03-29 07:36 - 03351040 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-12 20:49 - 2016-03-29 07:36 - 00649728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 20:49 - 2016-03-29 07:35 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-04-12 20:49 - 2016-03-29 07:34 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-04-12 20:49 - 2016-03-29 07:34 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-04-12 20:49 - 2016-03-29 07:34 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 20:49 - 2016-03-29 07:34 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 01588224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 00854528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-04-12 20:49 - 2016-03-29 07:32 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dmcsps.dll
2016-04-12 20:49 - 2016-03-29 07:31 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-04-12 20:49 - 2016-03-29 07:31 - 01117184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2016-04-12 20:49 - 2016-03-29 07:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-04-12 20:49 - 2016-03-29 07:30 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-04-12 20:49 - 2016-03-29 07:29 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-04-12 20:49 - 2016-03-29 07:29 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll
2016-04-12 20:49 - 2016-03-29 07:28 - 00764928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2016-04-12 20:49 - 2016-03-29 07:27 - 07979008 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-04-12 20:49 - 2016-03-29 07:27 - 00162816 _____ C:\Windows\SysWOW64\MTF.dll
2016-04-12 20:49 - 2016-03-29 07:27 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 20:49 - 2016-03-29 07:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-04-12 20:49 - 2016-03-29 07:23 - 00777728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 20:49 - 2016-03-29 07:22 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-04-12 20:49 - 2016-03-29 07:19 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-04-12 20:49 - 2016-03-29 07:17 - 00765952 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-12 20:49 - 2016-03-29 07:14 - 01072128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2016-04-12 20:49 - 2016-03-29 07:13 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2016-04-12 20:49 - 2016-03-29 07:10 - 03671040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-12 20:49 - 2016-03-29 07:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-04-12 20:49 - 2016-03-29 07:05 - 07199232 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-04-12 20:49 - 2016-03-29 07:05 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-04-12 20:49 - 2016-03-29 07:05 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-04-12 20:49 - 2016-03-29 07:05 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-04-12 20:49 - 2016-03-29 07:04 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-12 20:49 - 2016-03-29 07:04 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2016-04-12 20:49 - 2016-03-29 07:01 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-04-12 20:49 - 2016-03-29 07:00 - 06297088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-04-12 20:49 - 2016-03-29 06:58 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-04-12 20:49 - 2016-03-29 06:49 - 05202944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-04-12 20:49 - 2016-03-29 06:45 - 03078144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-04-12 20:49 - 2016-03-29 06:45 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2016-04-12 20:49 - 2016-03-29 06:43 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-04-12 20:49 - 2016-03-29 06:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 20:49 - 2016-03-29 06:38 - 02798080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-04-12 20:49 - 2016-03-29 06:36 - 02722816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-04-12 20:49 - 2016-03-29 06:35 - 00821248 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2016-04-12 20:49 - 2016-03-29 06:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-04-12 20:49 - 2016-03-29 06:27 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-04-12 20:49 - 2016-03-29 06:26 - 00958976 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2016-04-12 20:49 - 2016-03-29 06:26 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-04-12 20:49 - 2016-03-29 06:25 - 00712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 20:49 - 2016-03-29 06:25 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-04-12 20:49 - 2016-03-29 06:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-04-12 20:48 - 2016-04-13 08:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-12 20:31 - 2016-04-12 20:36 - 00000000 ____D C:\Users\jacka\AppData\Roaming\ZHP
2016-04-11 23:13 - 2016-04-11 23:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-11 23:13 - 2016-04-11 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-11 22:42 - 2016-04-11 22:43 - 01610352 _____ (Malwarebytes) C:\Users\jacka\Downloads\JRT.exe
2016-04-11 22:36 - 2016-04-11 22:38 - 00000000 ____D C:\AdwCleaner
2016-04-11 22:20 - 2016-04-11 22:20 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Boredom Software
2016-04-11 22:16 - 2016-04-11 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-04-11 18:26 - 2016-04-11 18:26 - 00001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-04-11 18:26 - 2016-04-11 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-04-11 18:26 - 2016-04-11 18:26 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-04-11 18:25 - 2016-04-11 18:26 - 00000000 ____D C:\Program Files\Wireshark
2016-04-11 18:25 - 2016-04-11 18:25 - 00001569 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-04-11 18:19 - 2016-04-11 18:19 - 00007601 _____ C:\Users\jacka\AppData\Local\Resmon.ResmonCfg
2016-04-11 17:59 - 2016-04-11 17:59 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-04-11 17:59 - 2016-04-11 17:59 - 00000000 ____D C:\Users\jacka\AppData\Roaming\TeamViewer
2016-04-11 17:59 - 2016-04-11 17:59 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-11 17:11 - 2016-04-16 17:58 - 00000000 ____D C:\FRST
2016-04-11 00:15 - 2016-04-11 00:15 - 00000000 ____D C:\Users\jacka\Pavark
2016-04-11 00:02 - 2016-04-11 00:02 - 00000000 ____D C:\Program Files (x86)\Boredom Software
2016-04-10 23:54 - 2016-04-10 23:54 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-10 23:40 - 2016-04-10 23:53 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-10 23:40 - 2016-04-10 23:40 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-10 23:32 - 2016-04-10 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-04-10 23:32 - 2016-04-10 23:32 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-10 23:31 - 2016-04-10 23:36 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-10 23:14 - 2016-04-16 17:07 - 00036736 _____ C:\Windows\ZAM.krnl.trace
2016-04-10 23:14 - 2016-04-16 03:08 - 00000263 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-04-10 23:14 - 2016-04-11 22:16 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-04-10 23:14 - 2016-04-10 23:14 - 00247464 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-04-10 23:14 - 2016-04-10 23:14 - 00247464 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-04-10 23:14 - 2016-04-10 23:14 - 00000000 ____D C:\Users\jacka\AppData\Local\Zemana
2016-04-10 23:13 - 2016-04-16 17:57 - 00000000 ____D C:\ProgramData\VoodooShield
2016-04-10 23:13 - 2016-04-10 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
2016-04-10 23:13 - 2016-04-10 23:13 - 00000000 ____D C:\Program Files\VoodooShield
2016-04-10 23:13 - 2014-09-06 14:26 - 00009216 _____ C:\Windows\system32\cpn64.dll
2016-04-10 23:13 - 2014-09-06 14:26 - 00007168 _____ C:\Windows\SysWOW64\cpn32.dll
2016-04-10 05:25 - 2016-04-10 05:25 - 00251644 _____ C:\Users\jacka\OneDrive\Documents\just in casew.pcapng
2016-04-10 00:29 - 2016-04-10 00:29 - 00130364 _____ C:\Users\jacka\OneDrive\Documents\something to come back to.pcapng
2016-04-08 20:12 - 2016-04-10 18:58 - 00000000 ____D C:\Program Files (x86)\Cryptostorm Client
2016-04-07 17:59 - 2016-03-11 11:21 - 00039040 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-04-04 09:02 - 2016-04-04 09:02 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-04-04 06:13 - 2016-04-04 06:46 - 00000000 _____ C:\Recovery.txt
2016-04-04 01:54 - 2016-04-04 01:54 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-04-04 01:54 - 2016-04-04 01:54 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-04 01:11 - 2016-04-04 01:11 - 00001100 _____ C:\Users\jacka\Desktop\Start Emergency Kit Scanner.exe - Shortcut.lnk
2016-04-03 23:08 - 2016-04-11 01:55 - 00003656 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-04-03 23:08 - 2016-04-03 23:08 - 00000000 ____D C:\Windows\ERUNT
2016-04-03 18:06 - 2016-04-03 18:06 - 00000000 ____D C:\Windows\pss
2016-04-03 17:57 - 2016-04-11 01:50 - 00000000 ____D C:\EEK
2016-04-03 00:22 - 2016-04-03 01:23 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2016-04-02 21:13 - 2016-04-02 21:17 - 224733960 _____ C:\Users\jacka\Downloads\EmsisoftEmergencyKit.exe
2016-04-02 21:07 - 2016-04-02 21:08 - 283904000 _____ C:\Users\jacka\Downloads\kav_rescue_10.iso
2016-04-02 20:30 - 2016-04-02 20:37 - 340670464 _____ C:\Users\jacka\Downloads\eset-sysrescue.1.0.9.0.enu.iso
2016-04-01 16:21 - 2016-04-01 16:21 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-03-30 21:54 - 2016-03-30 21:54 - 00000000 ____D C:\Users\jacka\AppData\Local\ElevatedDiagnostics
2016-03-30 17:12 - 2016-03-30 17:12 - 00000000 ____D C:\Users\jacka\AppData\Roaming\KeePass
2016-03-30 17:01 - 2016-03-30 17:02 - 01926960 _____ (Dominik Reichl ) C:\Users\jacka\Downloads\KeePass-1.31-Setup.exe
2016-03-23 23:00 - 2016-03-10 15:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\is-6JNJH.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-16 16:49 - 2016-02-08 01:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-16 16:37 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-16 16:37 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\AppReadiness
2016-04-16 16:35 - 2016-02-20 21:30 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-16 16:33 - 2016-02-20 21:30 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-16 16:33 - 2016-02-15 14:40 - 00000000 ____D C:\ProgramData\MCShield
2016-04-16 16:33 - 2016-02-08 00:01 - 00000000 __SHD C:\Users\jacka\IntelGraphicsProfiles
2016-04-16 16:33 - 2016-02-08 00:00 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-16 12:11 - 2016-02-10 22:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-16 03:24 - 2016-02-14 23:30 - 00000000 ____D C:\Users\jacka\AppData\Roaming\Skype
2016-04-16 02:52 - 2016-02-08 00:06 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E84198C8-2584-4CE2-83CB-D4C491C59B33}
2016-04-16 00:47 - 2016-02-07 23:54 - 00838508 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-16 00:47 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2016-04-15 23:15 - 2016-02-19 23:42 - 00000000 ____D C:\ProgramData\VMware
2016-04-15 23:14 - 2016-02-07 23:49 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-15 23:14 - 2015-10-30 07:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-04-14 07:33 - 2016-02-08 00:00 - 00000000 ____D C:\Users\jacka
2016-04-13 23:18 - 2016-02-28 23:22 - 00000000 ____D C:\Program Files (x86)\AzTools
2016-04-13 21:04 - 2016-02-10 22:09 - 00003804 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-13 21:04 - 2016-02-09 23:15 - 00000000 ____D C:\Users\jacka\AppData\Local\Adobe
2016-04-13 21:02 - 2016-02-08 00:01 - 00000000 ____D C:\Users\jacka\AppData\Local\Packages
2016-04-13 09:01 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\rescache
2016-04-13 08:45 - 2016-02-08 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 08:45 - 2016-02-07 23:47 - 00333072 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 08:43 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-13 08:43 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 08:43 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-13 08:43 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\bcastdvr
2016-04-12 21:13 - 2016-02-08 00:16 - 00000000 ____D C:\Windows\system32\MRT
2016-04-12 21:13 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2016-04-12 21:10 - 2016-02-08 00:16 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-11 23:13 - 2016-02-14 23:30 - 00000000 ____D C:\ProgramData\Skype
2016-04-11 22:35 - 2016-02-20 21:31 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 22:10 - 2016-02-14 22:47 - 00000000 ____D C:\Program Files (x86)\Siber Systems
2016-04-11 16:57 - 2016-02-26 19:36 - 00000000 ____D C:\Windows\Minidump
2016-04-11 16:57 - 2016-02-08 07:47 - 00000000 ____D C:\Windows\Panther
2016-04-11 01:55 - 2016-02-19 20:36 - 00001542 _____ C:\DelFix.txt
2016-04-10 20:25 - 2015-10-30 08:24 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-04-07 18:50 - 2016-03-14 00:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-07 17:14 - 2016-02-19 23:04 - 00000000 ____D C:\Users\jacka\.VirtualBox
2016-04-06 19:32 - 2015-10-30 08:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-06 19:32 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 00:19 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\LiveKernelReports
2016-04-01 03:59 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-01 03:58 - 2016-02-08 01:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-30 17:12 - 2015-11-16 13:21 - 00264552 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00198096 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00084800 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2016-03-30 17:12 - 2015-11-16 13:21 - 00053384 _____ (ESET) C:\Windows\system32\Drivers\epfwlwf.sys
2016-03-23 23:00 - 2016-02-08 01:09 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-23 23:00 - 2016-02-08 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-23 23:00 - 2016-02-08 01:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-19 22:49 - 2016-03-14 00:01 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-03-19 22:49 - 2016-02-28 23:10 - 00000000 ____D C:\ProgramData\TEMP

==================== Files in the root of some directories =======

2016-04-15 01:58 - 2016-04-15 01:58 - 0200785 _____ () C:\Users\jacka\AppData\Local\ars.cache
2016-04-15 01:58 - 2016-04-15 01:58 - 0594793 _____ () C:\Users\jacka\AppData\Local\census.cache
2016-04-15 01:48 - 2016-04-15 01:48 - 0000036 _____ () C:\Users\jacka\AppData\Local\housecall.guid.cache
2016-04-11 18:19 - 2016-04-11 18:19 - 0007601 _____ () C:\Users\jacka\AppData\Local\Resmon.ResmonCfg
2016-04-15 01:54 - 2016-04-15 01:54 - 0000010 _____ () C:\Users\jacka\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-13 08:56

==================== End of FRST.txt ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by jacka (2016-04-16 17:58:56)
Running from C:\Users\jacka\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-07 22:56:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3022446708-123597430-1770447347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3022446708-123597430-1770447347-503 - Limited - Disabled)
Guest (S-1-5-21-3022446708-123597430-1770447347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3022446708-123597430-1770447347-1005 - Limited - Enabled)
jacka (S-1-5-21-3022446708-123597430-1770447347-1001 - Administrator - Enabled) => C:\Users\jacka
james (S-1-5-21-3022446708-123597430-1770447347-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.375.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
Icecream Screen Recorder version 3.30 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 3.30 - Icecream Apps)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6741.2021 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Vagrant (HKLM-x32\...\{DBD58741-B374-4518-B0F7-8F33D09E3164}) (Version: 1.8.1 - HashiCorp)
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
VoodooShield version 2.86 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 2.86 - VoodooSoft, LLC)
VT Hash Check 1.56 (HKLM-x32\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.56 - Boredom Software)
WebM Project Directshow Filters (HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Workrave 1.10 (HKLM-x32\...\Workrave_is1) (Version: - Rob Caelers & Raymond Penners)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.140 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3022446708-123597430-1770447347-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jacka\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {24EB583A-463E-45CC-9266-85DA335356A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {42F14D69-5C1E-458C-AE44-BFFCB9520E0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {5678114F-D56A-4926-974B-C87CEC041CDF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {6036A827-1236-4DDD-8E76-77F52641114A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)
Task: {ADF5CD87-23B6-41C1-9E10-C19A9452B03C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-04-12] (Microsoft Corporation)
Task: {AF7674E0-E071-426D-9331-A9873C3880F6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-01] (Microsoft Corporation)
Task: {B88AA8F5-761C-4051-9FC4-1A74AF0EDDA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-20] (Google Inc.)
Task: {C54E4625-CEDD-488E-8C6C-56D8F09A3138} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-13] (Adobe Systems Incorporated)
Task: {C6F7F130-7349-45D0-9D37-A9C5274876C2} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {D8197D27-4125-44C0-B06B-B77450BCDC6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2016-04-10 23:13 - 2014-09-06 14:26 - 00009216 _____ () C:\Windows\System32\cpn64.dll
2016-02-08 01:30 - 2016-03-20 13:10 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-04-12 20:50 - 2016-03-29 11:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-12-19 02:08 - 2015-12-19 02:08 - 00402344 _____ () C:\Windows\system32\igfxTray.exe
2016-04-12 20:50 - 2016-03-29 11:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-03-16 18:25 - 2016-04-01 03:56 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-10 23:14 - 2016-04-10 23:14 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-02-08 00:15 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 20:49 - 2016-04-02 04:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-12 20:49 - 2016-04-02 04:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 20:49 - 2016-04-02 03:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-12 20:49 - 2016-04-02 03:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-12 20:50 - 2016-04-02 04:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-08 00:54 - 2016-02-08 00:54 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-11-25 19:10 - 2015-11-25 19:10 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-02-08 00:54 - 2016-02-08 00:54 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-08 00:54 - 2016-02-08 00:54 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2016-04-12 20:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3022446708-123597430-1770447347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jacka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Everything"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Workrave"
HKU\S-1-5-21-3022446708-123597430-1770447347-1001\...\StartupApproved\Run: => "Gyazo"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FB61C183-5CFC-4ACD-ACAC-541EA43FD903}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49979E48-5D03-4FE5-B77C-4E37B1632EF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4B0C5841-A88B-4D3B-8A0C-5ECAF94B2DD1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{995CA16A-E833-443D-837C-50D4A9730B40}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{AD257DB5-462D-4D09-A0D1-1FE2B0C4CF2B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{48A6AFC1-A405-4F78-A0B3-9D0B2ED6432F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B33D73FF-93BD-44F1-BC9F-BD634D7B214D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{340C9461-A8AB-4DEE-B983-A9D242304996}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1F7FC8A9-65B4-4D30-AAEB-52702A461FF3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{12E3A71B-0D10-4864-85F4-5AC48A858362}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{40AAA6B0-FDE2-4AE6-A06D-FD6FBA2CFBAC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

11-04-2016 01:55:16 End of disinfection
12-04-2016 20:24:44 Restore Point Created by FRST
15-04-2016 16:17:39 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2016 12:10:55 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/15/2016 11:14:30 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (1864) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (04/15/2016 04:29:24 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/15/2016 04:17:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/15/2016 04:17:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fe7557d6-f41a-4a6e-bb06-b2506d8ec6bc}

Error: (04/15/2016 12:54:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/15/2016 12:54:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/15/2016 12:54:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/14/2016 05:18:22 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/13/2016 09:09:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

System errors:
=============
Error: (04/16/2016 04:33:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/16/2016 04:33:19 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/16/2016 04:33:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/16/2016 04:33:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/16/2016 04:33:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/16/2016 04:33:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/16/2016 04:33:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/16/2016 04:33:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/16/2016 04:33:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/16/2016 04:33:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-18TF7QT)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-18TF7QTjackaS-1-5-21-3022446708-123597430-1770447347-1001LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
Date: 2016-04-16 16:37:21.562
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-16 16:37:21.371
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 23:14:55.372
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 23:14:55.364
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 23:14:55.025
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 23:14:55.014
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 20:19:56.708
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-15 16:19:12.272
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 16:19:12.263
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\cpn32.dll that did not meet the Windows signing level requirements.

Date: 2016-04-15 16:19:11.676
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cpn64.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G3258 @ 3.20GHz
Percentage of memory in use: 25%
Total physical RAM: 7885.05 MB
Available physical RAM: 5855.45 MB
Total Virtual: 8397.05 MB
Available Virtual: 6106.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.96 GB) (Free:827.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 000E47F3)

Partition: GPT.

==================== End of Addition.txt ============================