Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please view my FRST Report


  • This topic is locked This topic is locked
11 replies to this topic

#1 palaceman

palaceman

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 15 April 2016 - 03:58 PM

Per the forum instructions, I am posting my FRST report here.  I might have some rootkit viruses or malware going.  I am posting here to be sure.  I also have DDS, RSIT and GMER reports if those are handy.  For now, I will just post the FRST so as not to overburden the helpful people here at bleeping computer.  Thank you in advance for your help.  Here's FRST:  

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-04-2016
Ran by Owner (administrator) on MININT-IPM9K5V (15-04-2016 16:44:12)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\AEstSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\scalc.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.bin
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [292208 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-15] (IDT, Inc.)
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.)
HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-30] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-16] (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2014-09-19]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk [2014-09-19]
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{68177976-20FD-47DC-AE59-84629739A82F}: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2236139444-673811295-2680157343-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2236139444-673811295-2680157343-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-30] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-16] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-30] (Oracle Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p23duq77.default
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin HKU\S-1-5-21-2236139444-673811295-2680157343-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2236139444-673811295-2680157343-1002: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2236139444-673811295-2680157343-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2236139444-673811295-2680157343-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2014-09-19] [not signed]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-09-19] [not signed]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2014-09-19] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-16]
 
Chrome: 
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-30]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-30]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-30]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-30]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-03-30]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-30]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-30]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-03-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803584 2010-05-10] (AuthenTec, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-16] (AVAST Software)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-30] (Dropbox, Inc.)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\STacSV.exe [229458 2010-03-15] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-07-26] (ST Microelectronics)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-03-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-03-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-16] (AVAST Software)
S3 d554gps; C:\Windows\system32\drivers\d554gps.sys [82984 2010-07-26] (Ericsson AB)
S3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2010-07-26] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2010-07-26] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [301440 2010-07-26] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [351488 2010-07-26] (MCCI Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [5248 2010-07-26] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [106368 2010-07-26] (QUALCOMM Incorporated)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-07-26] (REDC)
S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38912 2010-07-26] (REDC)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-15] ()
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.) [File not signed]
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
U3 kwriipog; \??\C:\Users\Owner\AppData\Local\Temp\kwriipog.sys [X]
U3 mbr; \??\C:\Users\Owner\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-15 16:44 - 2016-04-15 16:44 - 00020098 _____ C:\Users\Owner\Downloads\FRST.txt
2016-04-15 16:44 - 2016-04-15 16:44 - 00000000 ____D C:\FRST
2016-04-15 16:43 - 2016-04-15 16:43 - 01725952 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2016-04-15 16:19 - 2016-04-15 16:19 - 00380928 _____ C:\Users\Owner\Downloads\o9lsvwsb.exe
2016-04-15 16:13 - 2016-04-15 16:13 - 00000000 ____D C:\rsit
2016-04-15 16:13 - 2016-04-15 16:13 - 00000000 ____D C:\Program Files\trend micro
2016-04-15 16:12 - 2016-04-15 16:12 - 01107968 _____ C:\Users\Owner\Downloads\RSIT.exe
2016-04-15 16:07 - 2016-04-15 16:07 - 00021715 _____ C:\Users\Owner\Desktop\dds.txt
2016-04-15 16:07 - 2016-04-15 16:07 - 00006209 _____ C:\Users\Owner\Desktop\attach.txt
2016-04-15 16:04 - 2016-04-15 16:04 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2016-04-15 15:52 - 2016-04-15 15:52 - 00023928 _____ C:\ComboFix.txt
2016-04-13 15:09 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-04-13 15:09 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 15:09 - 2016-03-17 18:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 15:09 - 2016-03-17 18:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 15:09 - 2016-03-17 18:33 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 15:09 - 2016-03-17 18:30 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 15:09 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 15:09 - 2016-03-17 18:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 15:09 - 2016-03-17 18:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 15:09 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 15:09 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 15:09 - 2016-03-17 18:29 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 15:09 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 15:09 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 15:09 - 2016-03-17 18:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 15:09 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 15:09 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 15:09 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 15:09 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 15:09 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 15:09 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 15:09 - 2016-03-17 18:26 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 15:09 - 2016-03-17 18:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 15:09 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 15:09 - 2016-03-17 18:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 15:09 - 2016-03-17 18:25 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 15:09 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 17:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 15:09 - 2016-03-17 17:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 15:09 - 2016-03-17 17:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 15:09 - 2016-03-17 17:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 15:09 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 15:09 - 2016-03-17 17:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 15:09 - 2016-03-17 17:35 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 15:09 - 2016-03-17 17:30 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 15:09 - 2016-03-17 17:30 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 15:09 - 2016-03-17 17:30 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 15:09 - 2016-03-17 17:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 15:09 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 15:09 - 2016-03-17 17:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 15:09 - 2016-03-17 17:29 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 15:09 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 15:09 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 15:09 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-04-13 15:09 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 15:08 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 15:08 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 15:08 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 15:08 - 2016-03-30 20:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 15:08 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 15:08 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 15:08 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 15:08 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 15:08 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 15:08 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 15:08 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 15:08 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 15:08 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 15:08 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 15:08 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 15:08 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 15:08 - 2016-03-30 19:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 15:08 - 2016-03-30 19:41 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 15:08 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 15:08 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 15:08 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 15:08 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 15:08 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 15:08 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 15:08 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 15:08 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 15:08 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 15:08 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 15:08 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 15:08 - 2016-03-30 19:23 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 15:08 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 15:08 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 15:08 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 15:08 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 15:08 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 15:08 - 2016-03-15 19:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 15:08 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 15:08 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 15:07 - 2016-04-04 13:54 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 15:07 - 2016-04-04 13:42 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 15:07 - 2016-04-02 09:07 - 01218048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 15:07 - 2016-03-29 13:35 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 15:07 - 2016-03-23 10:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 15:07 - 2016-03-17 14:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 15:07 - 2016-03-17 14:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 15:07 - 2016-03-17 14:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 15:07 - 2016-03-17 14:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 15:07 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 15:07 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 13:39 - 2016-04-13 13:39 - 00441163 _____ C:\Users\Owner\Downloads\eStmt_2015-06-30.pdf
2016-04-13 13:39 - 2016-04-13 13:39 - 00437188 _____ C:\Users\Owner\Downloads\eStmt_2015-11-30.pdf
2016-04-13 13:39 - 2016-04-13 13:39 - 00426895 _____ C:\Users\Owner\Downloads\eStmt_2015-08-31.pdf
2016-04-13 13:39 - 2016-04-13 13:39 - 00422073 _____ C:\Users\Owner\Downloads\eStmt_2015-12-31.pdf
2016-04-13 13:39 - 2016-04-13 13:39 - 00405263 _____ C:\Users\Owner\Downloads\eStmt_2015-07-31.pdf
2016-04-13 13:39 - 2016-04-13 13:39 - 00392895 _____ C:\Users\Owner\Downloads\eStmt_2015-10-30.pdf
2016-04-13 13:39 - 2016-04-13 13:39 - 00387602 _____ C:\Users\Owner\Downloads\eStmt_2015-09-30.pdf
2016-04-13 13:38 - 2016-04-13 13:38 - 00422527 _____ C:\Users\Owner\Downloads\eStmt_2015-05-29.pdf
2016-04-13 13:38 - 2016-04-13 13:38 - 00417702 _____ C:\Users\Owner\Downloads\eStmt_2015-04-30.pdf
2016-04-13 13:38 - 2016-04-13 13:38 - 00413578 _____ C:\Users\Owner\Downloads\eStmt_2015-03-31.pdf
2016-04-13 13:38 - 2016-04-13 13:38 - 00369426 _____ C:\Users\Owner\Downloads\eStmt_2015-02-27.pdf
2016-04-13 13:38 - 2016-04-13 13:38 - 00364566 _____ C:\Users\Owner\Downloads\eStmt_2015-01-30.pdf
2016-04-13 12:35 - 2016-04-13 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-04-13 12:35 - 2016-04-13 12:35 - 00000000 ____D C:\Program Files\RogueKiller
2016-04-11 12:15 - 2016-04-15 16:20 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2236139444-673811295-2680157343-1002UA.job
2016-04-11 12:15 - 2016-04-15 12:20 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2236139444-673811295-2680157343-1002Core.job
2016-04-11 12:15 - 2016-04-11 12:15 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleVoiceAndVideoSetup.exe
2016-04-10 19:13 - 2016-04-10 19:13 - 00006754 _____ C:\Users\Owner\Downloads\Summary2016041018130253.csv
2016-04-10 19:13 - 2016-04-10 19:13 - 00003913 _____ C:\Users\Owner\Downloads\Summary2016041018132034.csv
2016-04-10 19:12 - 2016-04-10 19:12 - 00007332 _____ C:\Users\Owner\Downloads\Summary2016041018124170.csv
2016-04-10 19:12 - 2016-04-10 19:12 - 00007271 _____ C:\Users\Owner\Downloads\Summary2016041018121853.csv
2016-04-10 19:11 - 2016-04-10 19:11 - 00007231 _____ C:\Users\Owner\Downloads\Summary2016041018115710.csv
2016-04-10 19:11 - 2016-04-10 19:11 - 00007231 _____ C:\Users\Owner\Downloads\Summary2016041018113638.csv
2016-04-10 19:09 - 2016-04-10 19:09 - 00007303 _____ C:\Users\Owner\Downloads\Summary2016041018091880.csv
2016-04-10 19:08 - 2016-04-10 19:08 - 00007290 _____ C:\Users\Owner\Downloads\Summary2016041018085383.csv
2016-04-10 19:08 - 2016-04-10 19:08 - 00007264 _____ C:\Users\Owner\Downloads\Summary2016041018083458.csv
2016-04-10 19:07 - 2016-04-10 19:07 - 00007368 _____ C:\Users\Owner\Downloads\Summary2016041018071824.csv
2016-04-10 19:07 - 2016-04-10 19:07 - 00007249 _____ C:\Users\Owner\Downloads\Summary2016041018070174.csv
2016-04-10 19:07 - 2016-04-10 19:07 - 00007203 _____ C:\Users\Owner\Downloads\Summary2016041018073424.csv
2016-04-10 19:06 - 2016-04-10 19:06 - 00007130 _____ C:\Users\Owner\Downloads\Summary2016041018064639.csv
2016-04-10 19:04 - 2016-04-10 19:04 - 00007113 _____ C:\Users\Owner\Downloads\Summary2016041018041203.csv
2016-04-10 19:03 - 2016-04-10 19:03 - 00007440 _____ C:\Users\Owner\Downloads\Summary2016041018033904.csv
2016-04-10 19:03 - 2016-04-10 19:03 - 00007270 _____ C:\Users\Owner\Downloads\Summary2016041018035329.csv
2016-04-10 19:03 - 2016-04-10 19:03 - 00007260 _____ C:\Users\Owner\Downloads\Summary2016041018032128.csv
2016-04-10 19:03 - 2016-04-10 19:03 - 00007160 _____ C:\Users\Owner\Downloads\Summary2016041018030665.csv
2016-04-10 19:02 - 2016-04-10 19:02 - 00007274 _____ C:\Users\Owner\Downloads\Summary2016041018020396.csv
2016-04-10 19:02 - 2016-04-10 19:02 - 00007257 _____ C:\Users\Owner\Downloads\Summary2016041018023673.csv
2016-04-10 19:02 - 2016-04-10 19:02 - 00007247 _____ C:\Users\Owner\Downloads\Summary2016041018025206.csv
2016-04-10 19:02 - 2016-04-10 19:02 - 00007184 _____ C:\Users\Owner\Downloads\Summary2016041018021973.csv
2016-04-10 19:01 - 2016-04-10 19:01 - 00007250 _____ C:\Users\Owner\Downloads\Summary2016041018011796.csv
2016-04-10 19:01 - 2016-04-10 19:01 - 00007240 _____ C:\Users\Owner\Downloads\Summary2016041018013613.csv
2016-04-10 19:00 - 2016-04-10 19:00 - 00007310 _____ C:\Users\Owner\Downloads\Summary2016041018002402.csv
2016-04-10 19:00 - 2016-04-10 19:00 - 00007102 _____ C:\Users\Owner\Downloads\Summary2016041018000247.csv
2016-04-10 18:59 - 2016-04-10 18:59 - 00007158 _____ C:\Users\Owner\Downloads\Summary2016041017594821.csv
2016-04-10 18:57 - 2016-04-10 18:57 - 00007332 _____ C:\Users\Owner\Downloads\Summary2016041017565998.csv
2016-04-10 18:57 - 2016-04-10 18:57 - 00007318 _____ C:\Users\Owner\Downloads\Summary2016041017573150.csv
2016-04-10 18:57 - 2016-04-10 18:57 - 00007158 _____ C:\Users\Owner\Downloads\Summary2016041017575319.csv
2016-04-10 18:57 - 2016-04-10 18:57 - 00007096 _____ C:\Users\Owner\Downloads\Summary2016041017571740.csv
2016-04-10 18:56 - 2016-04-10 18:56 - 00007262 _____ C:\Users\Owner\Downloads\Summary2016041017564329.csv
2016-04-10 18:55 - 2016-04-10 18:55 - 00007265 _____ C:\Users\Owner\Downloads\Summary2016041017550743.csv
2016-04-10 18:55 - 2016-04-10 18:55 - 00007259 _____ C:\Users\Owner\Downloads\Summary2016041017553920.csv
2016-04-10 18:55 - 2016-04-10 18:55 - 00007235 _____ C:\Users\Owner\Downloads\Summary2016041017552209.csv
2016-04-10 18:53 - 2016-04-10 18:53 - 00007304 _____ C:\Users\Owner\Downloads\Summary2016041017530399.csv
2016-04-10 18:53 - 2016-04-10 18:53 - 00007248 _____ C:\Users\Owner\Downloads\Summary2016041017532182.csv
2016-04-10 18:53 - 2016-04-10 18:53 - 00007141 _____ C:\Users\Owner\Downloads\Summary2016041017535691.csv
2016-04-10 18:53 - 2016-04-10 18:53 - 00007086 _____ C:\Users\Owner\Downloads\Summary2016041017533704.csv
2016-04-10 18:52 - 2016-04-10 18:52 - 00007246 _____ C:\Users\Owner\Downloads\Summary2016041017524724.csv
2016-04-10 18:52 - 2016-04-10 18:52 - 00007053 _____ C:\Users\Owner\Downloads\Summary2016041017520839.csv
2016-04-10 18:52 - 2016-04-10 18:52 - 00006958 _____ C:\Users\Owner\Downloads\Summary2016041017522632.csv
2016-04-10 18:51 - 2016-04-10 18:51 - 00007162 _____ C:\Users\Owner\Downloads\Summary2016041017515007.csv
2016-04-10 18:51 - 2016-04-10 18:51 - 00007151 _____ C:\Users\Owner\Downloads\Summary2016041017510124.csv
2016-04-10 18:51 - 2016-04-10 18:51 - 00007032 _____ C:\Users\Owner\Downloads\Summary2016041017511650.csv
2016-04-10 18:51 - 2016-04-10 18:51 - 00006991 _____ C:\Users\Owner\Downloads\Summary2016041017513210.csv
2016-04-10 18:50 - 2016-04-10 18:50 - 00007215 _____ C:\Users\Owner\Downloads\Summary2016041017501430.csv
2016-04-10 18:50 - 2016-04-10 18:50 - 00007050 _____ C:\Users\Owner\Downloads\Summary2016041017503078.csv
2016-04-10 18:50 - 2016-04-10 18:50 - 00007047 _____ C:\Users\Owner\Downloads\Summary2016041017504567.csv
2016-04-10 18:49 - 2016-04-10 18:49 - 00007426 _____ C:\Users\Owner\Downloads\Summary2016041017491948.csv
2016-04-10 18:49 - 2016-04-10 18:49 - 00007357 _____ C:\Users\Owner\Downloads\Summary2016041017490439.csv
2016-04-10 18:49 - 2016-04-10 18:49 - 00007258 _____ C:\Users\Owner\Downloads\Summary2016041017495792.csv
2016-04-10 18:49 - 2016-04-10 18:49 - 00007235 _____ C:\Users\Owner\Downloads\Summary2016041017494201.csv
2016-04-10 18:48 - 2016-04-10 18:48 - 00007244 _____ C:\Users\Owner\Downloads\Summary2016041017481297.csv
2016-04-10 18:48 - 2016-04-10 18:48 - 00007189 _____ C:\Users\Owner\Downloads\Summary2016041017483028.csv
2016-04-10 18:48 - 2016-04-10 18:48 - 00007185 _____ C:\Users\Owner\Downloads\Summary2016041017484747.csv
2016-04-10 18:47 - 2016-04-10 18:47 - 00007317 _____ C:\Users\Owner\Downloads\Summary2016041017470788.csv
2016-04-10 18:47 - 2016-04-10 18:47 - 00007116 _____ C:\Users\Owner\Downloads\Summary2016041017475639.csv
2016-04-10 18:46 - 2016-04-10 18:46 - 00007299 _____ C:\Users\Owner\Downloads\Summary2016041017463498.csv
2016-04-10 18:46 - 2016-04-10 18:46 - 00007243 _____ C:\Users\Owner\Downloads\Summary2016041017461970.csv
2016-04-10 18:46 - 2016-04-10 18:46 - 00007217 _____ C:\Users\Owner\Downloads\Summary2016041017460388.csv
2016-04-10 18:46 - 2016-04-10 18:46 - 00007129 _____ C:\Users\Owner\Downloads\Summary2016041017465160.csv
2016-04-10 18:45 - 2016-04-10 18:45 - 00007168 _____ C:\Users\Owner\Downloads\Summary2016041017452171.csv
2016-04-10 18:45 - 2016-04-10 18:45 - 00007153 _____ C:\Users\Owner\Downloads\Summary2016041017454996.csv
2016-04-10 18:45 - 2016-04-10 18:45 - 00007152 _____ C:\Users\Owner\Downloads\Summary2016041017450740.csv
2016-04-10 18:45 - 2016-04-10 18:45 - 00007082 _____ C:\Users\Owner\Downloads\Summary2016041017453652.csv
2016-04-10 18:44 - 2016-04-10 18:44 - 00007289 _____ C:\Users\Owner\Downloads\Summary2016041017441794.csv
2016-04-10 18:44 - 2016-04-10 18:44 - 00007186 _____ C:\Users\Owner\Downloads\Summary2016041017444730.csv
2016-04-10 18:44 - 2016-04-10 18:44 - 00007173 _____ C:\Users\Owner\Downloads\Summary2016041017440271.csv
2016-04-10 18:44 - 2016-04-10 18:44 - 00007155 _____ C:\Users\Owner\Downloads\Summary2016041017443365.csv
2016-04-10 18:43 - 2016-04-10 18:43 - 00007109 _____ C:\Users\Owner\Downloads\Summary2016041017431244.csv
2016-04-10 18:42 - 2016-04-10 18:42 - 00007242 _____ C:\Users\Owner\Downloads\Summary2016041017423803.csv
2016-04-10 18:42 - 2016-04-10 18:42 - 00007087 _____ C:\Users\Owner\Downloads\Summary2016041017425686.csv
2016-04-10 17:55 - 2016-04-10 17:55 - 00070656 _____ C:\Users\Owner\Downloads\Northpointe Pre qualification form - NZ.xls
2016-04-10 17:36 - 2016-04-10 17:36 - 00007307 _____ C:\Users\Owner\Downloads\Summary2016041016362205.csv
2016-04-10 14:36 - 2016-04-10 14:36 - 00007211 _____ C:\Users\Owner\Downloads\Summary2016041013362970.csv
2016-04-10 14:36 - 2016-04-10 14:36 - 00006887 _____ C:\Users\Owner\Downloads\Summary2016041013360775.csv
2016-04-10 14:36 - 2016-04-10 14:36 - 00003994 _____ C:\Users\Owner\Downloads\Summary2016041013364955.csv
2016-04-10 14:35 - 2016-04-10 14:35 - 00007213 _____ C:\Users\Owner\Downloads\Summary2016041013350919.csv
2016-04-10 14:35 - 2016-04-10 14:35 - 00006979 _____ C:\Users\Owner\Downloads\Summary2016041013353023.csv
2016-04-10 14:35 - 2016-04-10 14:35 - 00006585 _____ C:\Users\Owner\Downloads\Summary2016041013354883.csv
2016-04-10 14:34 - 2016-04-10 14:34 - 00007365 _____ C:\Users\Owner\Downloads\Summary2016041013345011.csv
2016-04-10 14:34 - 2016-04-10 14:34 - 00007178 _____ C:\Users\Owner\Downloads\Summary2016041013341017.csv
2016-04-10 14:34 - 2016-04-10 14:34 - 00006962 _____ C:\Users\Owner\Downloads\Summary2016041013343112.csv
2016-04-10 14:33 - 2016-04-10 14:33 - 00007270 _____ C:\Users\Owner\Downloads\Summary2016041013334915.csv
2016-04-10 14:33 - 2016-04-10 14:33 - 00007207 _____ C:\Users\Owner\Downloads\Summary2016041013332707.csv
2016-04-10 14:33 - 2016-04-10 14:33 - 00007145 _____ C:\Users\Owner\Downloads\Summary2016041013330904.csv
2016-04-10 14:32 - 2016-04-10 14:32 - 00007378 _____ C:\Users\Owner\Downloads\Summary2016041013323319.csv
2016-04-10 14:32 - 2016-04-10 14:32 - 00007307 _____ C:\Users\Owner\Downloads\Summary2016041013321277.csv
2016-04-10 14:32 - 2016-04-10 14:32 - 00007084 _____ C:\Users\Owner\Downloads\Summary2016041013325096.csv
2016-04-10 14:31 - 2016-04-10 14:31 - 00007283 _____ C:\Users\Owner\Downloads\Summary2016041013315337.csv
2016-04-10 14:31 - 2016-04-10 14:31 - 00007185 _____ C:\Users\Owner\Downloads\Summary2016041013310908.csv
2016-04-10 14:31 - 2016-04-10 14:31 - 00007173 _____ C:\Users\Owner\Downloads\Summary2016041013313400.csv
2016-04-10 14:30 - 2016-04-10 14:30 - 00007268 _____ C:\Users\Owner\Downloads\Summary2016041013304369.csv
2016-04-10 14:29 - 2016-04-10 14:29 - 00007361 _____ C:\Users\Owner\Downloads\Summary2016041013290583.csv
2016-04-10 14:29 - 2016-04-10 14:29 - 00007268 _____ C:\Users\Owner\Downloads\Summary2016041013294899.csv
2016-04-10 14:29 - 2016-04-10 14:29 - 00007259 _____ C:\Users\Owner\Downloads\Summary2016041013292303.csv
2016-04-10 14:28 - 2016-04-10 14:28 - 00007342 _____ C:\Users\Owner\Downloads\Summary2016041013283939.csv
2016-04-10 14:28 - 2016-04-10 14:28 - 00007177 _____ C:\Users\Owner\Downloads\Summary2016041013281890.csv
2016-04-10 14:27 - 2016-04-10 14:27 - 00007199 _____ C:\Users\Owner\Downloads\Summary2016041013271760.csv
2016-04-10 14:27 - 2016-04-10 14:27 - 00007181 _____ C:\Users\Owner\Downloads\Summary2016041013275839.csv
2016-04-10 14:27 - 2016-04-10 14:27 - 00007072 _____ C:\Users\Owner\Downloads\Summary2016041013273543.csv
2016-04-10 14:26 - 2016-04-10 14:26 - 00007137 _____ C:\Users\Owner\Downloads\Summary2016041013265615.csv
2016-04-10 14:26 - 2016-04-10 14:26 - 00007039 _____ C:\Users\Owner\Downloads\Summary2016041013263246.csv
2016-04-07 10:38 - 2016-04-07 10:38 - 00211287 _____ C:\Users\Owner\Downloads\Revised Master List.xlsx
2016-04-07 10:00 - 2016-04-07 10:00 - 00233441 _____ C:\Users\Owner\Downloads\winmail (1).csv
2016-04-07 09:59 - 2016-04-07 09:59 - 00233441 _____ C:\Users\Owner\Downloads\winmail.dat
2016-04-07 09:37 - 2016-04-15 15:34 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-07 09:36 - 2016-04-07 09:47 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-07 09:36 - 2016-04-07 09:36 - 19765320 _____ C:\Users\Owner\Downloads\RogueKiller.exe
2016-04-07 09:26 - 2016-04-07 09:35 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-07 09:25 - 2016-04-07 09:27 - 10457272 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro.exe
2016-04-07 09:15 - 2016-04-13 12:12 - 00003000 _____ C:\Users\Owner\Desktop\Rkill.txt
2016-04-07 09:14 - 2016-04-07 09:14 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.exe
2016-04-07 08:55 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-07 08:55 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-07 08:55 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-07 08:55 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-07 08:55 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-07 08:55 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-07 08:55 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-07 08:55 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-07 08:53 - 2016-04-15 15:52 - 00000000 ____D C:\Qoobox
2016-04-07 08:53 - 2016-04-13 13:01 - 00000000 ____D C:\Windows\erdnt
2016-04-07 08:51 - 2016-04-13 11:54 - 05660069 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2016-04-07 08:46 - 2016-04-15 15:52 - 00247554 _____ C:\Windows\ntbtlog.txt
2016-04-06 17:01 - 2016-04-06 17:01 - 01333370 _____ C:\Users\Owner\Desktop\How_to_easily_clean_an_infected_computer.pdf
2016-04-06 16:48 - 2016-04-06 16:48 - 00130337 _____ C:\Users\Owner\Downloads\getservices.zip
2016-04-06 16:48 - 2016-04-06 16:48 - 00000000 ____D C:\Users\Owner\Downloads\getservices
2016-04-06 16:48 - 2016-04-06 16:48 - 00000000 _____ C:\Windows\system32\getservice.txt
2016-04-06 10:16 - 2016-04-06 10:16 - 00276161 _____ C:\Users\Owner\Downloads\Dan Humes New List 2016.zip
2016-04-05 16:19 - 2016-04-05 16:19 - 00078029 _____ C:\Users\Owner\Downloads\April 4.odt
2016-04-05 13:12 - 2016-04-05 13:12 - 00095233 _____ C:\Users\Owner\Downloads\Direct Marketing Lead Generation Proposal.odt
2016-04-05 09:16 - 2016-04-13 14:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2016-04-01 11:24 - 2016-04-13 12:13 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-30 05:12 - 2016-04-15 15:59 - 00000000 ___RD C:\Users\Owner\Dropbox
2016-03-30 05:12 - 2016-03-30 05:12 - 00001190 _____ C:\Users\Owner\Desktop\Dropbox.lnk
2016-03-30 05:09 - 2016-03-30 05:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-30 05:06 - 2016-03-30 05:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2016-03-30 05:04 - 2016-04-15 16:11 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-30 05:04 - 2016-04-15 15:56 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-30 05:04 - 2016-03-30 05:04 - 00691096 _____ (Dropbox, Inc.) C:\Users\Owner\Downloads\DropboxInstaller.exe
2016-03-30 05:00 - 2016-03-30 05:00 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-30 04:48 - 2016-04-15 15:57 - 00000000 ____D C:\Users\Owner\AppData\Local\Dropbox
2016-03-30 04:48 - 2016-03-30 05:09 - 00000000 ____D C:\Program Files\Dropbox
2016-03-30 04:48 - 2016-03-30 04:48 - 00000000 ____D C:\ProgramData\Dropbox
2016-03-30 04:45 - 2016-03-30 04:45 - 00000000 ____D C:\Users\Owner\AppData\Local\GWX
2016-03-30 03:41 - 2016-03-30 03:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\OpenOffice
2016-03-30 03:40 - 2016-03-30 03:40 - 00022016 _____ C:\Users\Owner\Downloads\US Turbine & Accessory.xls
2016-03-30 03:23 - 2016-04-11 12:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2016-03-30 03:23 - 2016-03-30 03:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Mozilla
2016-03-30 00:19 - 2016-04-11 12:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-03-16 03:05 - 2016-03-16 03:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
2016-03-16 03:04 - 2016-04-15 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-16 03:04 - 2016-03-16 03:04 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-16 03:04 - 2016-03-16 03:04 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-03-16 03:04 - 2016-03-16 03:04 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-03-16 03:04 - 2016-03-16 03:04 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-16 03:04 - 2016-03-16 03:04 - 00002099 _____ C:\Users\Owner\Desktop\Avast Free Antivirus.lnk
2016-03-16 03:04 - 2016-03-16 03:04 - 00002081 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-16 03:04 - 2016-03-16 03:04 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-16 03:04 - 2016-03-16 03:03 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-16 03:04 - 2016-03-16 03:03 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-16 03:04 - 2016-03-16 03:03 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-16 03:04 - 2016-03-16 03:03 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-16 03:03 - 2016-03-16 03:03 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-16 03:03 - 2016-03-16 03:03 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-16 03:02 - 2016-04-01 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-16 03:02 - 2016-04-01 12:17 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-16 03:02 - 2016-03-16 03:02 - 00064024 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-16 03:02 - 2016-03-16 03:02 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-16 03:02 - 2016-03-16 03:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-16 03:02 - 2016-03-16 03:02 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-16 03:02 - 2016-03-16 03:02 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-16 03:02 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-16 03:02 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-16 03:02 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-16 03:01 - 2016-03-16 03:01 - 00001893 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2016-03-16 03:01 - 2016-03-16 03:01 - 00001851 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-03-16 03:01 - 2016-03-16 03:01 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-03-16 03:01 - 2016-03-16 03:01 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-03-16 03:01 - 2016-03-16 03:01 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Canneverbe Limited
2016-03-16 03:01 - 2016-03-16 03:01 - 00000000 ____D C:\Program Files\CDBurnerXP
2016-03-16 03:00 - 2016-03-16 03:01 - 00000000 ____D C:\Program Files\OpenOffice 4
2016-03-16 02:58 - 2016-04-06 17:01 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Foxit Software
2016-03-16 02:58 - 2016-03-16 02:58 - 00002097 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-03-16 02:58 - 2016-03-16 02:58 - 00001137 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
2016-03-16 02:58 - 2016-03-16 02:58 - 00000000 ____D C:\Users\Public\Foxit Software
2016-03-16 02:58 - 2016-03-16 02:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Foxit AgentInformation
2016-03-16 02:58 - 2016-03-16 02:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-03-16 02:58 - 2016-03-16 02:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-03-16 02:58 - 2016-03-16 02:58 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2016-03-16 02:58 - 2016-03-16 02:58 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2016-03-16 02:58 - 2016-03-16 02:58 - 00000000 ____D C:\Program Files\Foxit Software
2016-03-16 02:57 - 2016-03-16 02:57 - 00001030 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-16 02:57 - 2016-03-16 02:57 - 00000000 ____D C:\Windows\system32\Adobe
2016-03-16 02:57 - 2016-03-16 02:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-16 02:57 - 2016-03-16 02:57 - 00000000 ____D C:\Program Files\VideoLAN
2016-03-16 02:56 - 2016-03-30 04:59 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-03-16 02:56 - 2016-03-30 04:59 - 00000000 ____D C:\Users\Owner\.oracle_jre_usage
2016-03-16 02:56 - 2016-03-30 04:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-16 02:56 - 2016-03-16 02:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Sun
2016-03-16 02:56 - 2016-03-16 02:56 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Sun
2016-03-16 02:55 - 2016-03-30 04:58 - 00000000 ____D C:\Program Files\Java
2016-03-16 02:55 - 2016-03-16 02:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2016-03-16 02:55 - 2016-03-16 02:55 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Oracle
2016-03-16 02:55 - 2016-03-16 02:55 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2016-03-16 02:55 - 2016-03-16 02:55 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-03-16 02:55 - 2016-03-16 02:55 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-03-16 02:55 - 2016-03-16 02:55 - 00000000 ____D C:\ProgramData\Oracle
2016-03-16 02:55 - 2016-03-16 02:55 - 00000000 ____D C:\ProgramData\Adobe
2016-03-16 02:55 - 2016-03-16 02:55 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-03-16 02:55 - 2016-03-16 02:55 - 00000000 ____D C:\Program Files\Adobe
2016-03-16 02:54 - 2016-04-15 15:59 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-16 02:54 - 2016-04-15 15:56 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-16 02:54 - 2016-04-13 14:07 - 00002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-16 02:54 - 2016-04-13 14:07 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-16 02:54 - 2016-04-12 10:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-16 02:54 - 2016-03-16 02:54 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-16 02:54 - 2016-03-16 02:54 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-16 02:54 - 2016-03-16 02:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-16 02:54 - 2016-03-16 02:54 - 00000000 ____D C:\Program Files\Google
2016-03-16 00:25 - 2016-02-02 14:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-03-16 00:25 - 2016-02-01 15:02 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-16 00:25 - 2016-02-01 14:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-03-16 00:25 - 2016-02-01 14:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-03-16 00:25 - 2016-02-01 14:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-03-16 00:25 - 2016-02-01 14:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-16 00:25 - 2016-02-01 14:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-16 00:25 - 2016-01-20 20:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-03-16 00:24 - 2016-02-05 14:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-03-16 00:24 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-03-16 00:24 - 2015-06-03 16:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-03-16 00:01 - 2015-12-20 14:45 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-03-16 00:01 - 2015-12-20 14:45 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-03-16 00:01 - 2015-12-20 12:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-03-16 00:01 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-03-16 00:01 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-03-16 00:01 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-03-16 00:01 - 2015-07-16 11:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-03-16 00:01 - 2014-12-11 13:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-03-16 00:01 - 2012-02-11 01:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-03-16 00:00 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2016-03-16 00:00 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2016-03-16 00:00 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2016-03-16 00:00 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2016-03-16 00:00 - 2014-07-08 21:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2016-03-16 00:00 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-15 16:08 - 2009-07-14 00:34 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-15 16:08 - 2009-07-14 00:34 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-15 15:56 - 2016-03-14 09:46 - 00000000 _____ C:\Users\Owner\AppData\Local\WavXMapDrive.bat
2016-04-15 15:55 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-15 15:50 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
2016-04-14 15:14 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2016-04-14 09:13 - 2010-11-20 17:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-14 09:13 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-04-14 09:06 - 2009-07-14 00:33 - 00286472 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-14 09:03 - 2016-03-14 20:44 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-14 08:59 - 2016-03-14 04:23 - 00000000 ____D C:\Windows\system32\MRT
2016-04-14 08:33 - 2016-03-14 04:23 - 132539272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-06 10:18 - 2016-03-14 10:03 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-04 11:00 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF
2016-03-30 05:12 - 2016-03-14 09:45 - 00000000 ____D C:\Users\Owner
2016-03-30 05:11 - 2016-03-14 09:45 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2016-03-30 05:08 - 2016-03-14 10:31 - 01099814 ____H C:\Users\Owner\AppData\Local\IconCache.db.backup
2016-03-30 04:39 - 2016-03-14 20:44 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-30 00:18 - 2014-09-19 16:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-16 02:55 - 2016-03-14 20:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-03-16 02:55 - 2014-09-19 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-16 00:32 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\PolicyDefinitions
 
==================== Files in the root of some directories =======
 
2016-03-14 09:46 - 2016-04-15 15:56 - 0000000 _____ () C:\Users\Owner\AppData\Local\WavXMapDrive.bat
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-08 16:16
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:11 PM

Posted 16 April 2016 - 07:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please run the Farbar tool one more time and post a fresh FRST log.
Include also the contents of the Addition.txt file that was also created.

Wait for further instructions.

#3 palaceman

palaceman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 17 April 2016 - 08:46 AM

I ran ad cleaner.  It didn't find anything.  You didn't see any hing suspicious by way of rootkits in my FRST above?  Also, here is a DDS report below if that helps.  Thanks again:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.18283  BrowserJavaVersion: 11.77.2
Run by Owner at 16:06:32 on 2016-04-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3510.1449 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\STacSV.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ceeab700ee77b121\aestsrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\OpenOffice 4\program\scalc.exe
C:\Program Files\OpenOffice 4\program\soffice.exe
C:\Program Files\OpenOffice 4\program\soffice.bin
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_77\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_77\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Dropbox] "c:\program files\dropbox\client\Dropbox.exe" /systemstartup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{68177976-20FD-47DC-AE59-84629739A82F} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\50.0.2661.75\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\p23duq77.default\
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_77\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_77\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.41212.0\npctrlui.dll
FF - plugin: c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1224194.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2016-3-16 58776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswvmm.sys [2016-3-16 221240]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2016-3-16 816304]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2016-3-16 447848]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_ceeab700ee77b121\AEstSrv.exe [2014-9-19 81920]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-3-16 32792]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2016-3-16 91168]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-3-16 127432]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-5-10 1803584]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2016-3-16 237096]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 388464]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2014-9-19 59904]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2014-9-19 42672]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2014-9-19 274984]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2014-9-19 132352]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2014-9-19 209920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 dbupdate;Dropbox Update Service (dbupdate);c:\program files\dropbox\update\DropboxUpdate.exe [2016-3-30 143144]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2014-9-19 134144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2014-9-19 143968]
S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps.sys [2014-9-19 82984]
S3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\dropbox\update\DropboxUpdate.exe [2016-3-30 143144]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\system32\drivers\wwanuss.sys [2014-9-19 23592]
S3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\drivers\wwanussf.sys [2014-9-19 26152]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2016-4-13 102912]
S3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys [2014-9-19 301440]
S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM;c:\windows\system32\drivers\Mbm3DevMt.sys [2014-9-19 351488]
S3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\drivers\qcfilterdl2k.sys [2014-9-19 5248]
S3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\drivers\qcusbserdl2k.sys [2014-9-19 106368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2016-3-14 14848]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2014-9-19 48640]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2014-9-19 38912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2016-3-14 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2016-04-15 20:05:23 9302992 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{baca082b-82b8-46ad-9966-c8977b6fef2c}\mpengine.dll
2016-04-15 19:51:51 -------- d-sh--w- C:\$RECYCLE.BIN
2016-04-13 19:08:47 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 19:07:57 2397184 ----a-w- c:\windows\system32\win32k.sys
2016-04-13 19:07:54 957952 ----a-w- c:\windows\system32\aeinv.dll
2016-04-13 19:07:54 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-04-13 19:07:54 560640 ----a-w- c:\windows\system32\generaltel.dll
2016-04-13 19:07:54 424960 ----a-w- c:\windows\system32\devinv.dll
2016-04-13 19:07:54 34024 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-13 19:07:54 232960 ----a-w- c:\windows\system32\invagent.dll
2016-04-13 19:07:54 177664 ----a-w- c:\windows\system32\aepic.dll
2016-04-13 19:07:54 1218048 ----a-w- c:\windows\system32\appraiser.dll
2016-04-13 19:07:53 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-04-13 19:07:53 1240576 ----a-w- c:\windows\system32\msxml3.dll
2016-04-13 16:35:09 -------- d-----w- c:\program files\RogueKiller
2016-04-07 13:37:36 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-07 13:36:52 -------- d-----w- c:\programdata\RogueKiller
2016-04-07 13:26:09 -------- d-----w- c:\programdata\HitmanPro
2016-04-07 13:06:34 -------- d-----w- c:\users\owner\appdata\local\temp
2016-04-07 12:55:51 98816 ----a-w- c:\windows\sed.exe
2016-04-07 12:55:51 256000 ----a-w- c:\windows\PEV.exe
2016-04-07 12:55:51 208896 ----a-w- c:\windows\MBR.exe
2016-04-03 23:48:14 -------- d-----w- c:\users\owner\appdata\local\Diagnostics
2016-04-01 15:24:14 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-30 09:12:15 -------- d-----r- c:\users\owner\Dropbox
2016-03-30 09:06:31 -------- d-----w- c:\users\owner\appdata\roaming\Dropbox
2016-03-30 08:48:14 -------- d-----w- c:\program files\Dropbox
2016-03-30 08:48:07 -------- d-----w- c:\users\owner\appdata\local\Dropbox
2016-03-30 08:48:07 -------- d-----w- c:\programdata\Dropbox
2016-03-30 08:45:51 -------- d-----w- c:\users\owner\appdata\local\GWX
2016-03-30 07:41:11 -------- d-----w- c:\users\owner\appdata\roaming\OpenOffice
2016-03-30 07:23:44 -------- d-----w- c:\users\owner\appdata\local\Mozilla
2016-03-30 04:19:30 -------- d-----w- c:\users\owner\appdata\local\Google
.
==================== Find3M  ====================
.
2016-04-06 14:18:42 374944 ------w- c:\windows\system32\MpSigStub.exe
2016-03-31 00:02:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-03-31 00:02:46 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-03-30 23:53:52 496640 ----a-w- c:\windows\system32\vbscript.dll
2016-03-30 23:52:58 62464 ----a-w- c:\windows\system32\iesetup.dll
2016-03-30 23:52:36 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-03-30 23:52:30 341504 ----a-w- c:\windows\system32\html.iec
2016-03-30 23:52:15 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-03-30 23:45:45 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-03-30 23:45:41 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2016-03-30 23:45:24 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2016-03-30 23:41:07 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-03-30 23:30:42 4611072 ----a-w- c:\windows\system32\jscript9.dll
2016-03-30 23:23:09 2056192 ----a-w- c:\windows\system32\inetcpl.cpl
2016-03-30 23:22:53 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-03-30 23:05:23 2121216 ----a-w- c:\windows\system32\wininet.dll
2016-03-30 08:59:18 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-03-17 22:36:28 3998952 ----a-w- c:\windows\system32\ntkrnlpa.exe
2016-03-17 22:36:28 3943144 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-03-17 22:36:27 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-03-17 22:36:27 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-03-17 22:33:29 1310528 ----a-w- c:\windows\system32\ntdll.dll
2016-03-17 22:30:52 171008 ----a-w- c:\windows\system32\winsrv.dll
2016-03-17 22:30:43 171520 ----a-w- c:\windows\system32\wdigest.dll
2016-03-17 22:30:35 65536 ----a-w- c:\windows\system32\TSpkg.dll
2016-03-17 22:30:02 99840 ----a-w- c:\windows\system32\sspicli.dll
2016-03-17 22:30:00 43008 ----a-w- c:\windows\system32\srclient.dll
2016-03-17 22:30:00 400896 ----a-w- c:\windows\system32\srcore.dll
2016-03-17 22:29:31 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2016-03-17 22:29:26 22016 ----a-w- c:\windows\system32\secur32.dll
2016-03-17 22:29:24 251392 ----a-w- c:\windows\system32\schannel.dll
2016-03-17 22:29:22 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2016-03-17 22:29:22 141312 ----a-w- c:\windows\system32\rpchttp.dll
2016-03-17 22:28:21 1414144 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:27:53 223232 ----a-w- c:\windows\system32\ncrypt.dll
2016-03-17 22:27:50 260608 ----a-w- c:\windows\system32\msv1_0.dll
2016-03-17 22:27:46 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-03-17 22:27:31 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-03-17 22:26:32 1062400 ----a-w- c:\windows\system32\lsasrv.dll
2016-03-17 22:26:26 553984 ----a-w- c:\windows\system32\kerberos.dll
2016-03-17 22:26:26 294400 ----a-w- c:\windows\system32\KernelBase.dll
2016-03-17 22:25:01 38912 ----a-w- c:\windows\system32\csrsrv.dll
2016-03-17 22:25:00 17408 ----a-w- c:\windows\system32\credssp.dll
2016-03-17 21:42:24 97792 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2016-03-17 21:42:22 50688 ----a-w- c:\windows\system32\drivers\appid.sys
2016-03-17 21:42:15 29696 ----a-w- c:\windows\system32\appidsvc.dll
2016-03-17 21:42:14 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2016-03-17 21:41:01 50176 ----a-w- c:\windows\system32\auditpol.exe
2016-03-17 21:36:22 271360 ----a-w- c:\windows\system32\conhost.exe
2016-03-17 21:35:10 262656 ----a-w- c:\windows\system32\rstrui.exe
2016-03-17 21:30:47 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-03-17 21:30:41 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-03-17 21:30:35 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-03-17 21:29:13 36352 ----a-w- c:\windows\system32\cryptbase.dll
2016-03-17 21:29:12 22016 ----a-w- c:\windows\system32\lsass.exe
2016-03-17 21:29:10 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-03-17 21:29:07 69632 ----a-w- c:\windows\system32\smss.exe
2016-03-17 21:29:00 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-17 21:29:00 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-17 21:29:00 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-17 21:29:00 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-16 18:28:15 111616 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-16 18:28:12 176128 ----a-w- c:\windows\system32\msorcl32.dll
2016-03-16 07:04:42 91168 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-03-16 07:04:42 816304 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-03-16 07:04:38 221240 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-03-16 07:03:55 91232 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-03-16 07:03:55 58776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-03-16 07:03:55 32792 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-03-16 07:03:55 127432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-03-16 07:03:42 52184 ----a-w- c:\windows\avastSS.scr
2016-03-15 23:53:30 60416 ----a-w- c:\windows\system32\samlib.dll
2016-03-15 23:53:30 566272 ----a-w- c:\windows\system32\samsrv.dll
2016-03-14 07:39:11 231424 ----a-w- c:\windows\system32\mswsock.dll
2016-03-14 07:38:59 49152 ----a-w- c:\windows\system32\taskhost.exe
2016-03-14 07:36:46 1505280 ----a-w- c:\windows\system32\d3d11.dll
2016-03-11 18:35:16 2048 ----a-w- c:\windows\system32\tzres.dll
2016-03-10 18:09:04 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-10 18:08:56 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-10 18:08:52 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-12 18:39:55 2956288 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:39:55 174080 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:26:42 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:05:17 93696 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:05:13 35328 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:05:07 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-09 09:51:32 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:50:10 21504 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:13:14 4096 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:13:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:13:10 8192 ----a-w- c:\windows\system32\spwmp.dll
2016-02-05 18:44:42 26112 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:44:06 97792 ----a-w- c:\windows\system32\fveapibase.dll
2016-02-05 18:44:06 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:42:42 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:42:15 8192 ----a-w- c:\windows\system32\drivers\en-us\tpm.sys.mui
2016-02-05 17:43:59 299520 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 17:33:29 15360 ----a-w- c:\windows\system32\tbs.dll
2016-02-04 18:41:25 296448 ----a-w- c:\windows\system32\mfds.dll
.

============ FINISH: 16:07:35.86 ===============

Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-04-2016
Ran by Owner (2016-04-15 16:44:55)
Running from C:\Users\Owner\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2016-03-14 13:45:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2236139444-673811295-2680157343-500 - Administrator - Disabled)
Guest (S-1-5-21-2236139444-673811295-2680157343-501 - Limited - Disabled)
Owner (S-1-5-21-2236139444-673811295-2680157343-1002 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Control Point (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.055 - Dell Inc.)
Dell System Manager (HKLM\...\{C8B8C745-D288-41B4-9512-01E397F77449}) (Version: 1.5.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.101.210 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Document Manager Lite (Version: 06.09.00.159 - Wave Systems Corp.) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.35.1 - Dropbox, Inc.) Hidden
EMBASSY Security Center (Version: 04.00.00.101 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.090 - Wave Systems Corp) Hidden
ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\{105817D8-7339-361E-BCA0-80B068E68137}) (Version: 50.0.2661.75 - Google, Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 12.0.1 Full (HKLM\...\KLiteCodecPack_is1) (Version: 12.0.1 - KLCP)
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
O2Micro OZ776 SCR Driver (HKLM\...\InstallShield_{95EF5536-580A-4E57-8EF3-B6ACBFBFAF96}) (Version: 1.1.4.209GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 1.1.4.209GS - O2Micro) Hidden
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Preboot Manager (Version: 03.00.00.154 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.065 - Wave Systems Corp.) Hidden
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Security Wizards (Version: 01.07.00.026 - Your Company Name) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Wave Infrastructure Installer (Version: 07.01.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.073 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2236139444-673811295-2680157343-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2236139444-673811295-2680157343-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2236139444-673811295-2680157343-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2236139444-673811295-2680157343-1002_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2236139444-673811295-2680157343-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2236139444-673811295-2680157343-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2236139444-673811295-2680157343-1002_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2236139444-673811295-2680157343-1002_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2236139444-673811295-2680157343-1002_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2236139444-673811295-2680157343-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2236139444-673811295-2680157343-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27675EEE-2E11-46C6-9704-4E6FAECB300D} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-03-02] ()
Task: {36A30232-4076-42D9-9567-D47B8413FAA0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-16] (AVAST Software)
Task: {3802D0EE-792D-49F7-A648-AD050F09E095} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-03-30] (Dropbox, Inc.)
Task: {39992AD0-81D2-4777-9053-70044174E77C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-16] (Google Inc.)
Task: {47E50558-C4EB-4EBA-8F41-9877ACE05A35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2236139444-673811295-2680157343-1002UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-11] (Google Inc.)
Task: {61A0B45B-BA0E-4BB9-9DBC-29B52453A098} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-16] (Google Inc.)
Task: {6418E40F-44FF-41CB-9BFD-D556E58A2A6E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-16] (AVAST Software)
Task: {E0B559E0-0890-44C2-A575-6794E3BC09A1} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-03-30] (Dropbox, Inc.)
Task: {E7698553-1A9A-42A2-A663-6F50EBA1BE0A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2236139444-673811295-2680157343-1002Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-11] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2236139444-673811295-2680157343-1002Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2236139444-673811295-2680157343-1002UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-16 03:03 - 2016-03-16 03:03 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-16 03:03 - 2016-03-16 03:03 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-15 10:51 - 2016-04-15 10:51 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16041500\algo.dll
2016-04-14 09:14 - 2016-04-14 09:14 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2010-01-19 13:44 - 2010-01-19 13:44 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2010-03-02 13:46 - 2010-03-02 13:46 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 14:24 - 2008-11-12 14:24 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2016-03-16 03:03 - 2016-03-16 03:03 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-03-30 05:09 - 2016-02-23 14:19 - 00034768 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2016-03-30 05:08 - 2016-02-23 14:20 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2016-03-30 05:08 - 2016-02-23 14:19 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2016-03-30 05:09 - 2016-02-23 14:19 - 00093640 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2016-03-30 05:09 - 2016-02-23 14:19 - 00018376 _____ () C:\Program Files\Dropbox\Client\select.pyd
2016-03-30 05:09 - 2016-03-11 20:18 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2016-03-30 05:08 - 2016-02-23 14:19 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2016-03-30 05:09 - 2016-03-11 20:18 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2016-03-30 05:09 - 2016-02-23 14:19 - 00692688 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-03-30 05:09 - 2016-02-23 14:20 - 00112592 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 01682760 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-03-30 05:09 - 2016-03-11 20:18 - 00020800 _____ () C:\Program Files\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2016-03-30 05:09 - 2016-03-11 20:18 - 00021840 _____ () C:\Program Files\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2016-03-30 05:08 - 2016-02-23 14:21 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00114640 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2016-03-30 05:09 - 2016-03-11 20:18 - 00021832 _____ () C:\Program Files\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00026456 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00117056 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-03-30 05:08 - 2016-02-23 14:21 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2016-03-30 05:09 - 2016-03-11 20:18 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-03-30 05:09 - 2016-02-23 14:19 - 00134608 _____ () C:\Program Files\Dropbox\Client\_elementtree.pyd
2016-03-30 05:08 - 2016-02-23 14:19 - 00134088 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2016-03-30 05:08 - 2016-02-23 14:20 - 00240584 _____ () C:\Program Files\Dropbox\Client\jpegtran.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2016-03-30 05:09 - 2016-03-11 20:18 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-03-30 05:09 - 2016-03-11 20:18 - 00021824 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-03-30 05:09 - 2016-03-11 20:18 - 00019776 _____ () C:\Program Files\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-03-30 05:09 - 2016-03-11 20:18 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-03-30 05:09 - 2016-02-23 14:21 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2016-03-30 05:09 - 2016-03-11 20:18 - 00022352 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00084792 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-03-30 05:08 - 2016-03-11 20:18 - 01826096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2016-03-30 05:09 - 2016-02-23 14:20 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 03928880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 01971504 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00531248 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00132912 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00223544 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00158008 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00042808 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-03-30 05:08 - 2016-02-23 14:23 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2016-03-30 05:08 - 2016-02-23 14:23 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2016-03-30 05:09 - 2016-03-11 20:18 - 00024904 _____ () C:\Program Files\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00546096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2016-03-30 05:08 - 2016-03-11 20:18 - 00357680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2016-03-30 05:07 - 2016-02-23 14:25 - 00697304 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-21 15:50 - 2015-10-21 15:50 - 00988160 _____ () C:\Program Files\OpenOffice 4\program\libxml2.dll
2015-10-21 15:49 - 2015-10-21 15:49 - 00170496 _____ () C:\Program Files\OpenOffice 4\program\libxslt.dll
2016-04-13 14:06 - 2016-04-13 04:37 - 01738904 _____ () C:\Program Files\Google\Chrome\Application\50.0.2661.75\libglesv2.dll
2016-04-13 14:06 - 2016-04-13 04:36 - 00086168 _____ () C:\Program Files\Google\Chrome\Application\50.0.2661.75\libegl.dll
2016-04-13 14:06 - 2016-04-13 04:37 - 17536664 _____ () C:\Program Files\Google\Chrome\Application\50.0.2661.75\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2016-04-13 13:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2236139444-673811295-2680157343-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2CB74B5E-07F7-4DAE-917E-3F3FACE2E7B1}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C123CE40-94C8-47DA-8091-F4186C67AE46}] => (Allow) LPort=2869
FirewallRules: [{E4F582CB-2BBB-41CF-A004-6A6AB904DEC5}] => (Allow) LPort=1900
FirewallRules: [{F08BD5BE-07A0-4A35-8111-51D945DE3A50}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FF8380CC-F4A3-4650-92E9-FD2D12CFAB38}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CB480E84-5499-4A49-A108-B915018C8DE8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{234B212E-E9FA-4CB7-A895-B6634E31F47D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7B26B2C9-FEBC-4373-B5D5-43A15E880F30}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{EBB50302-B286-4A49-AB0D-A4C2145D7D5D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-04-2016 13:24:30 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Integrated Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: DW1520 Wireless-N WLAN Half-Mini Card
Description: DW1520 Wireless-N WLAN Half-Mini Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ECP Printer Port (LPT1)
Description: ECP Printer Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Parport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2016 03:56:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2016 03:45:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (04/15/2016 03:45:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (04/15/2016 03:45:09 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (04/15/2016 03:44:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (04/15/2016 03:44:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (04/15/2016 03:44:27 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (04/15/2016 03:34:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2016 03:23:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2016 09:06:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/15/2016 04:01:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (04/15/2016 03:56:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1058

Error: (04/15/2016 03:56:01 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends the following service: TBS. This service might not be installed.

Error: (04/15/2016 03:50:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/15/2016 03:48:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/15/2016 03:45:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/15/2016 03:44:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (04/15/2016 03:33:32 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/15/2016 03:33:32 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/15/2016 03:33:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 55%
Total physical RAM: 3509.85 MB
Available physical RAM: 1567.29 MB
Total Virtual: 7018.03 MB
Available Virtual: 4924.26 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:135.37 GB) (Free:33.51 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.68 GB) (Free:9.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 2E5BA542)
Partition 1: (Active) - (Size=135.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by nasdaq, 17 April 2016 - 10:26 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:11 PM

Posted 17 April 2016 - 10:33 AM


If still present remove this old version of Java via the Control Panel > Programs > Programs and Features applet.
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2236139444-673811295-2680157343-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-03-30]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-03-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-16]
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
U3 kwriipog; \??\C:\Users\Owner\AppData\Local\Temp\kwriipog.sys [X]
U3 mbr; \??\C:\Users\Owner\AppData\Local\Temp\mbr.sys [X]
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

===

p.s.
I copied the Addition.txt file from the previous post to this one.

#5 palaceman

palaceman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 17 April 2016 - 02:09 PM

Here is my fixlog.  My main issue with my PC is that it says I am not connected to the Internet in the lower right icon but I can connect.  This is troublesome as I recently had two different but old PC and laptop crash/die within days of each other.  The PC was giving the same message.  
 
I even changed my DSL service to broadband but still get the "not connected -- no connections are available."  This makes me think perhaps someone has hijacked my prefix or I am connecting to a hacker's internet.  
 
I have had issues with hackers and even break-ins since kicking this hypersocial oral surgeon out of my home.  (Unfortunately, suburban Detroiters see gossipy dentists as really, really cool.)  Thanks for your help and here is the fixlog:
 
Fix result of Farbar Recovery Scan Tool (x86) Version:13-04-2016
Ran by Owner (2016-04-17 14:51:16) Run:1
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2236139444-673811295-2680157343-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-03-30]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-03-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-16]
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
U3 kwriipog; \??\C:\Users\Owner\AppData\Local\Temp\kwriipog.sys [X]
U3 mbr; \??\C:\Users\Owner\AppData\Local\Temp\mbr.sys [X]
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2236139444-673811295-2680157343-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
catchme => service removed successfully.
kwriipog => service not found.
mbr => service not found.
"C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
EmptyTemp: => 648.2 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-17 14:54:56)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 14:54:56 ====

Edited by palaceman, 17 April 2016 - 02:13 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:11 PM

Posted 18 April 2016 - 06:54 AM

my PC is that it says I am not connected to the Internet in the lower right icon but I can connect.


Try the fix suggested on this Windows 7 forum

http://www.sevenforums.com/network-sharing/317618-network-icon-shows-not-connected-but-im-connected.html

===

Keep me posted.

#7 palaceman

palaceman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 19 April 2016 - 04:33 PM

Roguekiller detected and supposedly fixed a problem with my MBR, then today in safemode I ran GMER and turned up this.  Are these rootkit viruses?  That epoch@epoch doesn't look very Windowsy/official.  Also, GMER just detects problems and doesn't fix them?  I see there are many posts lately so extra special thanks for your attention:

 

GMER 2.2.19882 - http://www.gmer.net

Rootkit scan 2016-04-19 17:21:49

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.01.0 149.05GB

Running: o9lsvwsb.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kwriipog.sys

 

 

---- Kernel code sections - GMER 2.2 ----

 

.text ntkrnlpa.exe!ZwRenameKey + 1579 81E88F15 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EC3232 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

 

---- Registry - GMER 2.2 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 580

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\GfxUI.exe 0xBA 0x84 0x2E 0x5A ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe 0xEA 0xF7 0xE7 0x5C ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x6C 0x53 0x83 0x2C ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 0xB9 0xC7 0xCB 0xB0 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x43 0xA7 0x70 0xFF ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0xF7 0x95 0xE9 0x03 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\mmc.exe 0xCD 0x06 0xFB 0xC4 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbam.exe 0x62 0x78 0xAD 0xBE ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\Owner\Downloads\FRST.exe 0x57 0xF3 0xF4 0xBD ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x9E 0x25 0xC8 0x2C ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTelRunner.exe 0xAE 0x54 0x66 0x65 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0x36 0x8C 0x20 0xC2 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x48 0x62 0xDC 0x9F ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbam.exe 0x0A 0xF1 0xA0 0x65 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0x95 0xC6 0x43 0xB4 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\Owner\Downloads\o9lsvwsb.exe 0x81 0x57 0xF6 0x7F ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@8AB6A220     



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:11 PM

Posted 20 April 2016 - 07:07 AM

The only reference I found on Epoch2@Epoch is this page.

http://www.bleepingcomputer.com/forums/t/406536/double-checking-some-gmer-results/

---


GMER is good but I'm more familiar with this tool.
You may wish to run it and post the log.


Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#9 palaceman

palaceman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 22 April 2016 - 02:13 PM

 

my PC is that it says I am not connected to the Internet in the lower right icon but I can connect.


Try the fix suggested on this Windows 7 forum

http://www.sevenforums.com/network-sharing/317618-network-icon-shows-not-connected-but-im-connected.html

===

Keep me posted.

 

 

Thanks for your help, Nasdaq.  This did not work.  I ran the fix that they suggested but my Internet still says that I am not connected when I am.  Also, when I went to the website it directs us to at beginning I did see the text I was supposed to see, but I suspect I am operating on a hacker's hijacked Internet for all the reasons I mentioned previously.

 

GMER is good but I'm more familiar with this tool.
You may wish to run it and post the log.


Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

 

 

Here is my logfile from aswMBR below.  As a reminder, this is a precaution you suggested as RogueKiller had found and (hopefully) fixed a problem with my MBR last week.  Here it is:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-04-22 14:43:56
-----------------------------
14:43:56.185    OS Version: Windows 6.1.7601 Service Pack 1
14:43:56.185    Number of processors: 4 586 0x2502
14:43:56.187    ComputerName: MININT-IPM9K5V  UserName: Owner
14:44:25.714    Initialize success
14:44:25.886    VM: initialized successfully
14:44:25.886    VM: Intel CPU supported 
14:44:35.978    VM: supported disk I/O iaStor.sys
14:44:38.037    AVAST engine defs: 16042201
14:45:09.719    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:45:09.719    Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
14:45:09.891    VM: Disk 0 MBR read successfully
14:45:09.891    Disk 0 MBR scan
14:45:09.891    Disk 0 Windows 7 default MBR code
14:45:09.906    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       138615 MB offset 2048
14:45:09.922    Disk 0 default boot code
14:45:09.937    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14010 MB offset 283885568
14:45:09.953    Disk 0 scanning sectors +312578048
14:45:10.031    Disk 0 scanning C:\Windows\system32\drivers
14:45:20.097    Service scanning
14:45:42.031    Modules scanning
14:45:42.031    Disk 0 trace - called modules:
14:45:42.077    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
14:45:42.077    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87ddbac8]
14:45:42.077    3 CLASSPNP.SYS[8c40459e] -> nt!IofCallDriver -> [0x86268918]
14:45:42.093    5 ACPI.sys[8be333d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8621c028]
14:45:42.795    AVAST engine scan C:\Windows
14:45:45.057    AVAST engine scan C:\Windows\system32
14:48:12.851    AVAST engine scan C:\Windows\system32\drivers
14:48:24.261    AVAST engine scan C:\Users\Owner
14:49:33.062    Disk 0 statistics 2459841/0/274 @ 7.36 MB/s
14:49:33.073    Scan stopped
14:57:12.254    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
14:57:12.254    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
 
Thanks again, Nasdaq, for all of your help.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:11 PM

Posted 23 April 2016 - 07:05 AM

I suggest you check with the experts in the Networking forum to make sure that all your setting are good.
This is not my forte.

Forum link:
http://www.bleepingcomputer.com/forums/f/21/networking/

Before you start a new topic download and run this tool and post the log in your new topic.
It should expedite the matter.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
The tool will reset some of the settings.

Start a new topic only if the problem persists.

I will leave this topic open for 6 days. Return if you need to.

#11 palaceman

palaceman
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 28 April 2016 - 10:26 AM

I suggest you check with the experts in the Networking forum to make sure that all your setting are good.
This is not my forte....

Thanks, Nasdaq.  I did as you asked two days ago.  No admins have chimed in yet and my mini-log looks like something wonky is going on.  Here is my http://www.bleepingcomputer.com/forums/t/612378/says-not-connected-but-am-please-review-minitoolbox/  

 

Could you maybe put a bug in one of your friends' ears in the Networking forums to prompt a reply.  Thanks again, Nasdaq.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:11 PM

Posted 28 April 2016 - 12:50 PM

Try the fix from this answer on this topic.
http://answers.microsoft.com/en-us/windows/forum/windows_vista-desktop/network-icon-in-the-notification-area-shows/0ae097a3-1ff9-44b4-bd54-31f850307005

Hope is helps.

MikeCleveland, and others who come after looking for that "easy fix"
Siramic pointed out that resetting netsh winsock through Command Prompt did the trick, exactly how to do this is hidden a little in SpiritX's original post:
- Click on the Start menu
- Type "Command" or "CMD" and start Command Prompt (Has to be run as administrator)
- In the new window, type "netsh winsock reset" and hit Enter (without quotations)
- Now reboot the system
I've had this issue on my current and previous build. When booting Windows I'd get a message from the taskbar saying "Couldn't reconnect to all Network locations" and the icons in Computer would have big red X's. Doubleclicking them would give me access anyway and usually changed the icon to "connected".
Inserting that command in Command Prompt solved the issue. Thanks Siramic and SpirtiX.
Be the first person to mark this helpful






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users