Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bank Details Compromised


  • This topic is locked This topic is locked
17 replies to this topic

#1 mrtubs

mrtubs

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 02 May 2016 - 06:00 PM

Hi
My bank account has been emptied and the bank, although they have refunded the money, are suggesting that I may have some kind of virus on my pc as the verified by visa password was known by the criminals.  I use windows 10 and have both windows defender and Malwarebytes pro running and up to date.  Although the pc is a little slow at times there doesn't seem to be any issue when using it.  Is there anything else I should run or install to ensure that this doesn't happen again?

Thanks for any help.

Ian



BC AdBot (Login to Remove)

 


#2 mrtubs

mrtubs
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 02 May 2016 - 06:04 PM

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 23:18:12, on 02/05/2016

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.10586.0020)

 

 

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\TeamViewer\TeamViewer.exe

C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

C:\Users\Ian\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe

C:\Users\Ian\AppData\Local\Microsoft\OneDrive\OneDrive.exe

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files (x86)\DVDVideoSoft\Free MP4 Video Converter\FreeMP4VideoConverter.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Users\Ian\AppData\Local\Microsoft\Windows\INetCache\IE\V89LZFTJ\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe

O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon

O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

O4 - HKCU\..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey

O4 - HKCU\..\Run: [TouchFreeze] C:\Users\Ian\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ian\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKUS\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey (User '?')

O4 - HKUS\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [TouchFreeze] C:\Users\Ian\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe (User '?')

O4 - HKUS\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')

O4 - HKUS\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDrive] "C:\Users\Ian\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?')

O4 - HKUS\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User '?')

O4 - S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (User '?')

O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html

O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105

O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll

O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: ADU Service (Nokia Software Recovery Tool) (ADUServiceNSRT) - Unknown owner - C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Broadcom Card Reader Service (BrcmCardReader) - Broadcom Corp. - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)

O23 - Service: Digital Wave Update Service (DigitalWave.Update.Service) - Digital Wave Ltd. - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 15475 bytes

I tried to run a hijack this log hoping it would help but i got the following error message:

 

"for some reason your system denied write access to the hosts file. If any hijacked domains are in this file , hijack this may not be able to fix this"

 

The log is as follows:



#3 mrtubs

mrtubs
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 02 May 2016 - 06:05 PM

Sorry, this bit should have been at the top:

 

I tried to run a hijack this log hoping it would help but i got the following error message:

 

"for some reason your system denied write access to the hosts file. If any hijacked domains are in this file , hijack this may not be able to fix this"

 

The log is as follows:



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:07 AM

Posted 02 May 2016 - 07:25 PM

Greetings Ian and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • [First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. That error message is normal. I would like to run a different program to get more detailed information. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Edited by Oh My!, 02 May 2016 - 07:28 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 mrtubs

mrtubs
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 May 2016 - 05:29 AM

Hi Gary

 

Thank you for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-05-2016
Ran by Ian (administrator) on TUBS-PC (03-05-2016 11:24:45)
Running from C:\Users\Ian\Desktop
Loaded Profiles: Ian &  (Available Profiles: Ian)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Ian\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.9.4260.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\msinfo32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935912 2015-08-01] (Synaptics Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27911888 2016-03-15] (Microsoft Corporation)
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\...\Run: [TouchFreeze] => C:\Users\Ian\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] ()
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-02] (Siber Systems)
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57864728 2015-09-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27911888 2016-03-15] (Microsoft Corporation)
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TouchFreeze] => C:\Users\Ian\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] ()
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-12-02] (Siber Systems)
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57864728 2015-09-17] (Skype Technologies S.A.)
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2740a0ea-bb14-40a0-b1e2-7807b44e3aeb}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5CD39E02-F7F8-4371-8A3C-EEF9A48F1B4F}: [DhcpNameServer] 46.166.179.40 46.166.179.42
Tcpip\..\Interfaces\{96891ff0-c1be-41db-830b-1d013a58b9cc}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-12-02] (Siber Systems Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-12-03] (Siber Systems Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-12-02] (Siber Systems Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-12-03] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2076736937-1727937113-2630792067-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-12-02] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2076736937-1727937113-2630792067-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-12-02] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-18] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-30]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-06-08]
CHR Extension: (RoboForm Password Manager) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-02-02]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-12-02]
CHR HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-12-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-05-30] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-31] (Broadcom Corp.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-23] (Digital Wave Ltd.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2372080 2016-03-23] (IBM Corp.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-08-01] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
R3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 RapportCerberus_1609035; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609035.sys [1156456 2016-04-28] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-03-23] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-03-23] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-03-23] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [523432 2016-03-23] (IBM Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-01] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-03 11:15 - 2016-05-03 11:20 - 00042975 _____ C:\Users\Ian\Desktop\Addition.txt
2016-05-03 11:13 - 2016-05-03 11:24 - 00022877 _____ C:\Users\Ian\Desktop\FRST.txt
2016-05-03 11:12 - 2016-05-03 11:24 - 00000000 ____D C:\FRST
2016-05-03 11:12 - 2016-05-03 11:12 - 00104487 _____ C:\Users\Ian\Desktop\Summary.zip
2016-05-03 10:08 - 2016-05-03 11:12 - 02377216 _____ (Farbar) C:\Users\Ian\Desktop\FRST64.exe
2016-05-02 23:56 - 2016-05-02 23:56 - 00000000 ____D C:\Users\Ian\Desktop\desktopclone
2016-05-02 23:45 - 2016-05-02 23:45 - 00001184 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2016-05-02 23:45 - 2016-05-02 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2016-05-02 23:45 - 2016-05-02 23:45 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2016-04-29 00:26 - 2015-10-16 07:55 - 00000000 ____D C:\Users\Ian\Desktop\KnockKnock15.1080pBluRay.DTS.5.1
2016-04-28 01:46 - 2016-03-23 19:18 - 00470056 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2016-04-28 01:46 - 2016-03-23 19:18 - 00215560 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2016-04-28 01:45 - 2016-04-28 01:45 - 00000000 ____D C:\Users\Ian\AppData\Local\Trusteer
2016-04-28 01:44 - 2016-04-28 01:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-04-28 01:44 - 2016-04-28 01:44 - 00000000 ____D C:\Program Files (x86)\Trusteer
2016-04-28 01:42 - 2016-04-28 01:42 - 00000000 ____D C:\ProgramData\Trusteer
2016-04-26 17:18 - 2016-04-26 17:18 - 00000000 ___HD C:\OneDriveTemp
2016-04-25 13:20 - 2016-04-25 13:20 - 00143130 _____ C:\Users\Ian\Desktop\Insurance Schedule.pdf
2016-04-23 01:40 - 2016-04-23 01:40 - 00001309 _____ C:\Users\Ian\Desktop\ConvertXToDVD 6.lnk
2016-04-23 01:40 - 2016-04-23 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2016-04-13 13:55 - 2016-03-29 11:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 13:55 - 2016-03-29 11:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 13:55 - 2016-03-29 11:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 13:55 - 2016-03-29 10:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 13:55 - 2016-03-29 09:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 13:55 - 2016-03-29 09:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 13:55 - 2016-03-29 09:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 13:55 - 2016-03-29 08:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 13:55 - 2016-03-29 08:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 13:55 - 2016-03-29 08:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 13:55 - 2016-03-29 08:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 13:55 - 2016-03-29 08:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 13:55 - 2016-03-29 08:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 13:55 - 2016-03-29 08:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 13:55 - 2016-03-29 08:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 13:55 - 2016-03-29 08:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 13:55 - 2016-03-29 08:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 13:55 - 2016-03-29 08:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 13:55 - 2016-03-29 08:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 13:55 - 2016-03-29 07:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 13:55 - 2016-03-29 07:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 13:55 - 2016-03-29 07:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 13:55 - 2016-03-29 07:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 13:55 - 2016-03-29 07:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 13:55 - 2016-03-29 07:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 13:55 - 2016-03-29 07:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 13:55 - 2016-03-29 07:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 13:55 - 2016-03-29 07:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 13:55 - 2016-03-29 07:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 13:55 - 2016-03-29 06:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 13:55 - 2016-03-29 06:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 13:55 - 2016-03-29 06:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 13:55 - 2016-03-29 06:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 13:55 - 2016-03-29 06:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 13:55 - 2016-03-29 06:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 13:55 - 2016-03-29 06:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 13:54 - 2016-04-02 05:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 13:54 - 2016-04-02 05:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 13:54 - 2016-04-02 04:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 13:54 - 2016-04-02 04:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 13:54 - 2016-04-02 04:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 13:54 - 2016-04-02 04:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 13:54 - 2016-04-02 04:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 13:54 - 2016-04-02 04:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 13:54 - 2016-04-02 04:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 13:54 - 2016-04-02 04:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 13:54 - 2016-04-02 04:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 13:54 - 2016-04-02 04:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 13:54 - 2016-03-29 11:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 13:54 - 2016-03-29 11:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 13:54 - 2016-03-29 11:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 13:54 - 2016-03-29 11:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 13:54 - 2016-03-29 11:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 13:54 - 2016-03-29 10:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 13:54 - 2016-03-29 10:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 13:54 - 2016-03-29 10:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 13:54 - 2016-03-29 10:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 13:54 - 2016-03-29 10:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 13:54 - 2016-03-29 10:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 13:54 - 2016-03-29 09:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 13:54 - 2016-03-29 09:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 13:54 - 2016-03-29 09:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 13:54 - 2016-03-29 09:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 13:54 - 2016-03-29 09:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 13:54 - 2016-03-29 09:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 13:54 - 2016-03-29 08:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 13:54 - 2016-03-29 08:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 13:54 - 2016-03-29 08:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 13:54 - 2016-03-29 08:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 13:54 - 2016-03-29 08:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 13:54 - 2016-03-29 08:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 13:54 - 2016-03-29 08:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 13:54 - 2016-03-29 08:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 13:54 - 2016-03-29 08:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 13:54 - 2016-03-29 08:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 13:54 - 2016-03-29 08:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 13:54 - 2016-03-29 08:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 13:54 - 2016-03-29 08:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 13:54 - 2016-03-29 08:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 13:54 - 2016-03-29 08:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 13:54 - 2016-03-29 08:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 13:54 - 2016-03-29 08:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 13:54 - 2016-03-29 08:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 13:54 - 2016-03-29 08:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 13:54 - 2016-03-29 08:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 13:54 - 2016-03-29 08:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 13:54 - 2016-03-29 08:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 13:54 - 2016-03-29 08:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 13:54 - 2016-03-29 08:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 13:54 - 2016-03-29 08:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 13:54 - 2016-03-29 08:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 13:54 - 2016-03-29 08:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 13:54 - 2016-03-29 08:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 13:54 - 2016-03-29 08:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 13:54 - 2016-03-29 08:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 13:54 - 2016-03-29 08:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 13:54 - 2016-03-29 08:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 13:54 - 2016-03-29 07:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 13:54 - 2016-03-29 07:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 13:54 - 2016-03-29 07:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 13:54 - 2016-03-29 07:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 13:54 - 2016-03-29 07:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 13:54 - 2016-03-29 07:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 13:54 - 2016-03-29 07:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 13:54 - 2016-03-29 07:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 13:54 - 2016-03-29 07:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 13:54 - 2016-03-29 07:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 13:54 - 2016-03-29 07:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 13:54 - 2016-03-29 07:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 13:54 - 2016-03-29 07:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 13:54 - 2016-03-29 07:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 13:54 - 2016-03-29 07:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 13:54 - 2016-03-29 07:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 13:54 - 2016-03-29 07:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 13:54 - 2016-03-29 07:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 13:54 - 2016-03-29 07:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 13:54 - 2016-03-29 07:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 13:54 - 2016-03-29 07:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 13:54 - 2016-03-29 07:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 13:54 - 2016-03-29 07:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 13:54 - 2016-03-29 07:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 13:54 - 2016-03-29 07:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 13:54 - 2016-03-29 07:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 13:54 - 2016-03-29 07:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 13:54 - 2016-03-29 07:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 13:54 - 2016-03-29 07:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 13:54 - 2016-03-29 07:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 13:54 - 2016-03-29 07:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 13:54 - 2016-03-29 07:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 13:54 - 2016-03-29 07:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 13:54 - 2016-03-29 07:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 13:54 - 2016-03-29 06:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 13:54 - 2016-03-29 06:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 13:54 - 2016-03-29 06:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 13:54 - 2016-03-29 06:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 13:54 - 2016-03-29 06:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 13:54 - 2016-03-29 06:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 13:54 - 2016-03-29 06:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 13:54 - 2016-03-29 06:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 13:54 - 2016-03-29 06:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 13:54 - 2016-03-29 06:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 13:54 - 2016-03-29 06:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 13:54 - 2016-03-29 06:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 13:53 - 2016-04-02 05:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 13:53 - 2016-04-02 05:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 13:53 - 2016-04-02 04:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 13:53 - 2016-04-02 04:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 13:53 - 2016-04-02 04:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 13:53 - 2016-04-02 04:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 13:53 - 2016-04-02 04:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 13:53 - 2016-04-02 04:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 13:53 - 2016-04-02 04:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 13:53 - 2016-04-02 04:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 13:53 - 2016-04-02 04:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 13:53 - 2016-03-29 11:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 13:53 - 2016-03-29 11:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 13:53 - 2016-03-29 11:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 13:53 - 2016-03-29 11:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 13:53 - 2016-03-29 11:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 13:53 - 2016-03-29 10:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 13:53 - 2016-03-29 10:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 13:53 - 2016-03-29 10:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 13:53 - 2016-03-29 10:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 13:53 - 2016-03-29 10:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 13:53 - 2016-03-29 10:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 13:53 - 2016-03-29 10:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 13:53 - 2016-03-29 10:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 13:53 - 2016-03-29 10:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 13:53 - 2016-03-29 10:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 13:53 - 2016-03-29 10:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 13:53 - 2016-03-29 09:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 13:53 - 2016-03-29 09:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 13:53 - 2016-03-29 09:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 13:53 - 2016-03-29 09:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 13:53 - 2016-03-29 09:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 13:53 - 2016-03-29 09:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 13:53 - 2016-03-29 09:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 13:53 - 2016-03-29 09:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 13:53 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 13:53 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 13:53 - 2016-03-29 09:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 13:53 - 2016-03-29 09:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 13:53 - 2016-03-29 09:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 13:53 - 2016-03-29 09:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 13:53 - 2016-03-29 09:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 13:53 - 2016-03-29 09:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 13:53 - 2016-03-29 09:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 13:53 - 2016-03-29 08:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 13:53 - 2016-03-29 08:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 13:53 - 2016-03-29 08:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 13:53 - 2016-03-29 08:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 13:53 - 2016-03-29 08:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 13:53 - 2016-03-29 08:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 13:53 - 2016-03-29 08:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 13:53 - 2016-03-29 08:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 13:53 - 2016-03-29 08:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 13:53 - 2016-03-29 08:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 13:53 - 2016-03-29 08:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 13:53 - 2016-03-29 08:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 13:53 - 2016-03-29 08:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 13:53 - 2016-03-29 08:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 13:53 - 2016-03-29 08:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 13:53 - 2016-03-29 08:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 13:53 - 2016-03-29 08:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 13:53 - 2016-03-29 08:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 13:53 - 2016-03-29 08:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 13:53 - 2016-03-29 08:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 13:53 - 2016-03-29 08:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 13:53 - 2016-03-29 08:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 13:53 - 2016-03-29 08:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 13:53 - 2016-03-29 08:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 13:53 - 2016-03-29 08:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 13:53 - 2016-03-29 08:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 13:53 - 2016-03-29 08:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 13:53 - 2016-03-29 08:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 13:53 - 2016-03-29 08:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 13:53 - 2016-03-29 08:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 13:53 - 2016-03-29 08:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 13:53 - 2016-03-29 08:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 13:53 - 2016-03-29 08:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 13:53 - 2016-03-29 08:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 13:53 - 2016-03-29 08:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 13:53 - 2016-03-29 08:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 13:53 - 2016-03-29 08:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 13:53 - 2016-03-29 08:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 13:53 - 2016-03-29 08:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 13:53 - 2016-03-29 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 13:53 - 2016-03-29 08:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 13:53 - 2016-03-29 08:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 13:53 - 2016-03-29 08:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 13:53 - 2016-03-29 08:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 13:53 - 2016-03-29 08:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 13:53 - 2016-03-29 08:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 13:53 - 2016-03-29 08:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 13:53 - 2016-03-29 08:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 13:53 - 2016-03-29 08:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 13:53 - 2016-03-29 08:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 13:53 - 2016-03-29 08:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 13:53 - 2016-03-29 08:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 13:53 - 2016-03-29 08:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 13:53 - 2016-03-29 08:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 13:53 - 2016-03-29 08:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 13:53 - 2016-03-29 08:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 13:53 - 2016-03-29 08:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 13:53 - 2016-03-29 08:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 13:53 - 2016-03-29 07:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 13:53 - 2016-03-29 07:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 13:53 - 2016-03-29 07:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 13:53 - 2016-03-29 07:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 13:53 - 2016-03-29 07:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 13:53 - 2016-03-29 07:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 13:53 - 2016-03-29 07:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 13:53 - 2016-03-29 07:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 13:53 - 2016-03-29 07:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 13:53 - 2016-03-29 07:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 13:53 - 2016-03-29 07:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 13:53 - 2016-03-29 07:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 13:53 - 2016-03-29 07:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 13:53 - 2016-03-29 07:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 13:53 - 2016-03-29 07:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 13:53 - 2016-03-29 07:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 13:53 - 2016-03-29 07:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 13:53 - 2016-03-29 07:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 13:53 - 2016-03-29 07:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 13:53 - 2016-03-29 07:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 13:53 - 2016-03-29 07:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 13:53 - 2016-03-29 07:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 13:53 - 2016-03-29 07:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 13:53 - 2016-03-29 07:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 13:53 - 2016-03-29 07:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 13:53 - 2016-03-29 07:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 13:53 - 2016-03-29 07:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 13:53 - 2016-03-29 07:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 13:53 - 2016-03-29 07:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 13:53 - 2016-03-29 07:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 13:53 - 2016-03-29 07:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 13:53 - 2016-03-29 07:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 13:53 - 2016-03-29 06:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 13:53 - 2016-03-29 06:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 13:53 - 2016-03-29 06:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 13:53 - 2016-03-29 06:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 13:53 - 2016-03-29 06:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 13:53 - 2016-03-29 06:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 13:53 - 2016-03-29 06:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 13:53 - 2016-03-29 06:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-09 12:48 - 2016-04-23 02:31 - 00000000 ____D C:\ProgramData\vsosdk
2016-04-09 12:43 - 2016-04-25 01:40 - 00000000 ____D C:\Users\Ian\AppData\Roaming\dvdcss
2016-04-08 23:21 - 2016-04-23 01:40 - 00099384 _____ C:\Users\Ian\AppData\Roaming\inst.exe
2016-04-08 23:21 - 2016-04-23 01:40 - 00082816 _____ (VSO Software) C:\Users\Ian\AppData\Roaming\pcouffin.sys
2016-04-08 23:21 - 2016-04-23 01:40 - 00007859 _____ C:\Users\Ian\AppData\Roaming\pcouffin.cat
2016-04-08 23:21 - 2016-04-23 01:40 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Vso
2016-04-08 23:21 - 2016-04-08 23:21 - 00000000 ____D C:\Users\Ian\Documents\PcSetup
2016-04-08 23:20 - 2016-04-26 02:28 - 00000000 ____D C:\Users\Ian\Documents\ConvertXToDVD
2016-04-08 23:20 - 2016-04-23 01:39 - 00000000 ____D C:\Program Files (x86)\VSO
2016-04-08 23:20 - 2016-04-09 13:05 - 00000000 ____D C:\ProgramData\VSO
2016-04-05 13:28 - 2016-04-05 13:28 - 00264965 _____ C:\Users\Ian\Desktop\luke.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-03 11:21 - 2013-10-24 00:03 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5B0A4FF4-B099-4F6B-8CE3-819D568B69ED}
2016-05-03 11:18 - 2014-12-31 12:23 - 00271360 _____ C:\Users\Ian\Desktop\My Outlook Data File(1).pst
2016-05-03 10:57 - 2013-03-27 01:16 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-03 10:06 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-03 10:06 - 2015-08-01 02:59 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-03 10:06 - 2014-08-02 14:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-02 23:48 - 2013-01-29 22:57 - 00000000 ____D C:\Users\Ian\AppData\Local\Packages
2016-05-02 23:42 - 2013-03-27 01:17 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-02 23:42 - 2013-03-27 01:17 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-02 23:34 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-02 23:33 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-02 23:15 - 2013-01-29 22:57 - 00000000 ____D C:\Users\Ian\AppData\Local\VirtualStore
2016-05-02 23:08 - 2013-10-23 14:13 - 00000000 __RDO C:\Users\Ian\SkyDrive
2016-04-30 13:42 - 2015-03-24 00:47 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-04-30 11:57 - 2013-03-27 01:16 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-30 01:25 - 2015-12-11 06:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-29 10:16 - 2013-11-17 02:16 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-26 17:18 - 2015-08-01 11:17 - 00002398 _____ C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-26 14:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-26 02:24 - 2015-12-11 05:24 - 00000000 ____D C:\Users\Ian
2016-04-26 02:21 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-26 02:19 - 2013-08-06 12:01 - 00000000 ____D C:\Users\Ian\AppData\Roaming\uTorrent
2016-04-25 01:40 - 2013-01-31 01:42 - 00000000 ____D C:\Users\Ian\AppData\Roaming\vlc
2016-04-22 08:57 - 2013-01-31 01:00 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-16 18:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 02:48 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-15 02:36 - 2015-12-11 05:13 - 00421688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-15 02:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-04-15 02:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-15 02:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-04-15 02:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-15 02:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-15 02:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-14 10:31 - 2013-08-14 01:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-14 10:11 - 2013-01-31 01:58 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-14 10:06 - 2013-02-02 16:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-14 09:54 - 2012-07-26 06:26 - 00000167 _____ C:\WINDOWS\win.ini
2016-04-06 19:32 - 2015-10-30 08:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 19:32 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-02-21 15:02 - 2013-02-21 15:02 - 0000272 _____ () C:\Users\Ian\AppData\Roaming\.backup.dm
2016-04-08 23:21 - 2016-04-23 01:40 - 0099384 _____ () C:\Users\Ian\AppData\Roaming\inst.exe
2016-04-08 23:21 - 2016-04-23 01:40 - 0007859 _____ () C:\Users\Ian\AppData\Roaming\pcouffin.cat
2016-04-08 23:21 - 2016-04-23 01:40 - 0001167 _____ () C:\Users\Ian\AppData\Roaming\pcouffin.inf
2016-04-08 23:21 - 2016-04-23 01:40 - 0000055 _____ () C:\Users\Ian\AppData\Roaming\pcouffin.log
2016-04-08 23:21 - 2016-04-23 01:40 - 0082816 _____ (VSO Software) C:\Users\Ian\AppData\Roaming\pcouffin.sys
2015-11-04 15:18 - 2015-11-04 15:19 - 0003072 _____ () C:\Users\Ian\AppData\Roaming\Photobook Designer Prefsv3
2014-01-02 11:17 - 2014-01-03 00:26 - 0000017 ____H () C:\Users\Ian\AppData\Local\19720201.dat
2014-01-02 11:17 - 2014-01-02 11:17 - 0000016 ____H () C:\Users\Ian\AppData\Local\art.udk
2015-12-11 05:19 - 2015-12-11 05:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-28 02:36

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-05-2016
Ran by Ian (2016-05-03 11:25:42)
Running from C:\Users\Ian\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-11 05:15:05)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2076736937-1727937113-2630792067-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2076736937-1727937113-2630792067-503 - Limited - Disabled)
Guest (S-1-5-21-2076736937-1727937113-2630792067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2076736937-1727937113-2630792067-1003 - Limited - Enabled)
Ian (S-1-5-21-2076736937-1727937113-2630792067-1001 - Administrator - Enabled) => C:\Users\Ian

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) Hidden
BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.8.1 - Broadcom Corporation)
calibre (HKLM-x32\...\{5A119A69-9ACD-4287-97FB-1EC30DE71459}) (Version: 2.31.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version:  - ‭Canon Inc.)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP610 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Emergency Download Driver (HKLM-x32\...\{9ED72246-E35D-4B03-8369-605E82465A29}) (Version: 1.1.5.1416 - Nokia)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
Free FLAC to MP3 Converter 1.4 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version: 1.4 - PolySoft Solutions)
Free MP4 Video Converter (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.77.323 - DVDVideoSoft Ltd.)
Free Video to iPhone Converter version 5.0.22.128 (HKLM-x32\...\Free Video to iPhone Converter_is1) (Version: 5.0.22.128 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Nokia Software Recovery Tool (HKLM-x32\...\{72DB38DA-BE57-45D5-85B3-6E87CEBD3079}) (Version: 1.4.1 - Nokia)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Photobook Designer (HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\...\Photobook Designer) (Version: Photobook Designer 2015.2.0 - Photobook Worldwide)
Photobook Designer (HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Photobook Designer) (Version: Photobook Designer 2015.2.0 - Photobook Worldwide)
Rapport (x32 Version: 3.5.1609.47 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Secure Print@Home (HKLM-x32\...\{538E4168-8926-47D2-A5D6-C296B88EA2D3}) (Version: 3.18.2122.0 - Valassis)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.11 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.11.102 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16014.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16014.12 - Samsung Electronics Co., Ltd.) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.8.0 - SmartSound Software Inc) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.47 - Trusteer)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
USB Serial Port Driver (HKLM-x32\...\{281A7FBF-9E98-4639-AC73-D205BBF979AA}) (Version: 1.1.4.1416 - Nokia)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSO ConvertXToDVD 6 (HKLM-x32\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.29 - VSO Software)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.0.0.0 - Azureus Software, Inc.)
Windows Phone (HKLM-x32\...\{C88EBBD0-6A44-48C7-8DD2-C10450B88AB9}) (Version: 0.9.3723.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)
WinUSB Compatible ID Drivers (HKLM-x32\...\{C97989C1-551F-4F41-A069-2A49567FD36B}) (Version: 1.1.6.1416 - Nokia)
WinUSB Drivers ext (HKLM-x32\...\{0ED6AC75-474D-4511-B198-05B8C99F6B8B}) (Version: 1.1.7.1416 - Nokia)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ian\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2076736937-1727937113-2630792067-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ian\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B6AAF48-0C7D-4F01-B598-B229461B9AC0} - System32\Tasks\{13A97DFD-984D-46FD-BF97-A856D0B3D50E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeMP4VideoConverter
Task: {1F5AEB0C-3194-42CA-95EF-9817C755A605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {31F72868-B904-480B-B309-689745031004} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-12-02] (Siber Systems)
Task: {340DADED-6595-4D4A-8406-883E32C71A35} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {39524A7C-C1BE-4B92-A446-89CF664375C1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4A04D8D9-299C-4166-88E7-4B0EFD91B6E0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4F7F4293-8639-4FD2-B03B-E867C445A541} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {627718F2-9E95-45B6-ABC3-5F7B6FC060FD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {68B2B83A-BB19-4DC1-B5C7-07AA1B63ADD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {72B73BB7-7FBF-4260-A9F9-34DE8598779B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {73257E0E-2A74-4462-BE37-A34121AB9060} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7FE766A7-AB7A-468B-9005-0314576FD50F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {85C88B6C-0578-4CBA-AD77-1A7C8E8E5DC8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {90C5B998-AAB8-4EC1-9EDB-C0AF297A02CB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMKJOMPMHMNJKMHMCNGMGMKJOJCNLMKJNJIMCNHMOMOJKMCNJJJMIMJJOJLJKMJMNJOMOMKMJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMMJBJKJLIMJFMJMIMPMJNHICMEKMICNJJCKJNBJCMGLOJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMLMGM (the data entry has 41 more characters).
Task: {96958DE6-7635-4A53-B2D7-D07A1526C88A} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {B2C7C886-EFEF-4320-B36A-1A730ABF0488} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {C50F340B-207A-42A4-9CF9-F6FC1986A127} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C8874D7D-476F-493E-8CB0-5263806C6248} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-14] (Microsoft Corporation)
Task: {D10C1CC1-F433-4FEC-80A9-6A8BF658EDBC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D20D711D-DF81-41D7-A8B4-6AAF800E1A21} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D2DB50BB-262E-4023-A9BD-6F4EB35AE8D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D42905DA-D929-4FE5-A338-356E1808F280} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F5D2168E-9EB1-447D-844F-23ADA8480B8A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ian\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-21062146710.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x1a80cb3c -pinnedTimeHigh 0x01cdf767 -securityFlags 0x00000000 -url 0x0000001c hxxp://odds.bestbetting.com/
ShortcutWithArgument: C:\Users\Ian\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\20332743330.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -pinnedSite -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x994d73cc -pinnedTimeHigh 0x01ce0019 -securityFlags 0x00000000 -url 0x00000018 hxxp://www.facebook.com/

==================== Loaded Modules (Whitelisted) ==============

2014-05-30 11:57 - 2014-05-30 11:57 - 00100984 _____ () C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-13 13:55 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 13:55 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-26 17:18 - 2016-04-26 17:18 - 00959176 _____ () C:\Users\Ian\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-19 09:38 - 2016-04-19 09:38 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 18:23 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 13:53 - 2016-04-02 04:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-24 19:26 - 2012-07-24 19:26 - 00040960 _____ () C:\Users\Ian\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
2016-04-30 01:38 - 2016-04-30 01:39 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 13:54 - 2016-04-02 04:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 13:53 - 2016-04-02 03:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 13:54 - 2016-04-02 03:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 13:54 - 2016-04-02 04:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-13 13:54 - 2016-04-02 04:00 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-05-02 23:31 - 2016-05-02 23:31 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.9.4260.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2014-09-25 13:33 - 2014-09-25 13:33 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2015-10-13 16:10 - 2015-10-13 16:10 - 01428648 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2014-09-17 02:16 - 2016-03-23 15:06 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2014-09-17 02:16 - 2016-03-23 15:06 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2014-09-17 02:16 - 2016-03-23 15:06 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2014-09-17 02:16 - 2016-03-23 15:06 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2014-09-17 02:16 - 2016-03-23 15:06 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2014-09-17 02:16 - 2016-03-23 15:06 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-19 09:38 - 2016-04-19 09:38 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 09:38 - 2016-04-19 09:38 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2012-07-24 19:26 - 2012-07-24 19:26 - 00034304 _____ () C:\Users\Ian\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll
2016-04-26 17:18 - 2016-04-26 17:18 - 00679624 _____ () C:\Users\Ian\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ian\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img5.jpg
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Ian\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img5.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Zune Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Desktop Disc Tool"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\...\StartupApproved\Run: => "iLivid"
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "iLivid"
HKU\S-1-5-21-2076736937-1727937113-2630792067-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3DA1FD50-268E-4FB7-8055-63A4699240FE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{544A994A-5830-4740-B9AB-6C0C06DD5DCC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{314D571A-7AB1-45AE-BAC2-BB2960103218}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{577B8A5B-9B44-4AF1-82E1-D63F26F65290}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E79C4C07-4188-49E0-B14B-13B87503968B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EEFF8E22-4DB1-40D9-895D-BF213A283C57}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D3CBD12A-A6D6-4093-9F55-ECB447951053}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A2242607-65BA-45AB-B21B-20D5E5F75D7C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9286900D-E165-4EE3-8AB7-357E3A16C6A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B78088A-EB9D-4627-866C-2FF9E1BF2C1A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E10579FC-2403-450C-BCBF-809C199166D1}] => (Allow) C:\Users\Ian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9266A30A-A596-4CDF-91F1-CB27CB2E7EA0}] => (Allow) C:\Users\Ian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C2DB034F-5177-4BA0-B903-FC74BCA317A0}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{05A4F7B9-3E21-45AA-A9C5-3D6DD8A44BB4}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{38BB85BF-AA34-4052-8780-84C2D2AC35B2}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{B49BBF5E-E602-4F43-9489-C64D2BC8A513}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{47F85C88-4247-449C-B738-97F39D996A25}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{2E5DCC1D-91B7-4C72-A785-081BB368B8BF}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{4E32FA3A-9CBF-496B-A17E-A4A1350755A5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4281DDFE-D98D-4188-994B-ED9822CF4D06}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C96C3087-0554-425C-A035-D7BD8C79FEF6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{26E89CDE-F8EE-4DC4-9E73-01F9D734DB27}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6EF9B0CF-2D8F-4110-8C49-B393CD8C0DF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E7B4E1D3-DD2D-48AC-A6F8-EBAC2E253AD8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2BC3D50-C4A8-43F7-BECF-C448E04BA7F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D8FA220-0023-48AC-93CD-FFBA3ED9DC95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA9FA135-9517-425A-A633-65F488DD71D1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8025B27C-6ED6-425D-9082-89656934A328}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EEEAAFE8-58E7-49A7-BA8E-0E847B4F5377}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8C3EE555-9999-45E2-A8EE-4BEFE5A54DC0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{EBE0AC97-8559-438C-AABB-A82262657420}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{0B19772E-D2F0-4447-8684-4C85D7C016BE}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{8EBF2BE6-1703-4CF3-86EC-5F5A6B0F6F1A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{EC88E397-DDD3-4528-85A1-FDA1BD0B963A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [UDP Query User{537AAD87-8897-478C-A9E9-53E1FA6617B8}D:\kmsmicro310\qemu\qemu.exe] => (Allow) D:\kmsmicro310\qemu\qemu.exe
FirewallRules: [TCP Query User{1D37D1DD-0DDB-4BA7-8E10-07D6D3010868}D:\kmsmicro310\qemu\qemu.exe] => (Allow) D:\kmsmicro310\qemu\qemu.exe
FirewallRules: [TCP Query User{700367FD-F106-414E-82E9-4E5A06AFD4FD}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{4AF40383-4C20-409B-9BD7-DCAC5626F7EC}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{454B5BBA-677F-4707-8A60-E5596D3713A7}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files (x86)\common files\nokia\fuse\fuseservice.exe
FirewallRules: [UDP Query User{28AB10C5-E0C8-46DE-A582-DB80FDE67568}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files (x86)\common files\nokia\fuse\fuseservice.exe
FirewallRules: [TCP Query User{9D8EC8AB-6CEC-486E-A9ED-FEAC46A3B758}C:\program files (x86)\nokia\nokia software recovery tool\nokiasoftwarerecoverytool.exe] => (Allow) C:\program files (x86)\nokia\nokia software recovery tool\nokiasoftwarerecoverytool.exe
FirewallRules: [UDP Query User{A4E592A0-C089-4BFC-9694-ABF03297FA9A}C:\program files (x86)\nokia\nokia software recovery tool\nokiasoftwarerecoverytool.exe] => (Allow) C:\program files (x86)\nokia\nokia software recovery tool\nokiasoftwarerecoverytool.exe
FirewallRules: [{F9388028-F88C-46AD-83E6-290C598294F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{060BBAF7-50B4-45D8-9568-1821576DCDCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{10F7C411-96AC-4E20-9DE8-94AE883BE5E5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7A739FEB-BBAF-4A50-AAE3-87680B419A22}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7A04E5D4-DEF6-4B72-949F-4149736270F8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2016 01:06:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12625

Error: (05/03/2016 01:06:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12625

Error: (05/03/2016 01:06:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/03/2016 01:06:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7110

Error: (05/03/2016 01:06:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7110

Error: (05/03/2016 01:06:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2016 11:55:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/02/2016 11:54:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/02/2016 10:25:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockAppHost.exe, version: 10.0.10586.212, time stamp: 0x56fa2e16
Faulting module name: LockAppHost.exe, version: 10.0.10586.212, time stamp: 0x56fa2e16
Exception code: 0xc0000409
Fault offset: 0x000000000001c927
Faulting process ID: 0x2180
Faulting application start time: 0xLockAppHost.exe0
Faulting application path: LockAppHost.exe1
Faulting module path: LockAppHost.exe2
Report ID: LockAppHost.exe3
Faulting package full name: LockAppHost.exe4
Faulting package-relative application ID: LockAppHost.exe5

Error: (05/02/2016 10:24:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TUBS-PC)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (05/03/2016 11:12:16 AM) (Source: DCOM) (EventID: 10016) (User: TUBS-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Tubs-PCIanS-1-5-21-2076736937-1727937113-2630792067-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 11:12:16 AM) (Source: DCOM) (EventID: 10016) (User: TUBS-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Tubs-PCIanS-1-5-21-2076736937-1727937113-2630792067-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 11:12:16 AM) (Source: DCOM) (EventID: 10016) (User: TUBS-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Tubs-PCIanS-1-5-21-2076736937-1727937113-2630792067-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 11:12:16 AM) (Source: DCOM) (EventID: 10016) (User: TUBS-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Tubs-PCIanS-1-5-21-2076736937-1727937113-2630792067-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 11:12:16 AM) (Source: DCOM) (EventID: 10016) (User: TUBS-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Tubs-PCIanS-1-5-21-2076736937-1727937113-2630792067-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 11:12:16 AM) (Source: DCOM) (EventID: 10016) (User: TUBS-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Tubs-PCIanS-1-5-21-2076736937-1727937113-2630792067-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 11:12:16 AM) (Source: DCOM) (EventID: 10016) (User: TUBS-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Tubs-PCIanS-1-5-21-2076736937-1727937113-2630792067-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 11:12:16 AM) (Source: DCOM) (EventID: 10016) (User: TUBS-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Tubs-PCIanS-1-5-21-2076736937-1727937113-2630792067-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (05/03/2016 09:46:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/03/2016 01:06:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
  Date: 2016-05-03 11:18:21.852
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-03 11:18:21.808
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-03 10:14:13.518
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-03 10:14:13.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-03 10:14:13.073
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-03 10:14:13.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-03 10:14:12.877
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-03 08:06:34.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-03 08:06:34.579
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-03 08:06:34.553
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 73%
Total physical RAM: 3947.86 MB
Available physical RAM: 1029.1 MB
Total Virtual: 4651.86 MB
Available Virtual: 842.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.19 GB) (Free:105.83 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:144.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 55BBAE98)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=484 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2E938182)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:07 AM

Posted 03 May 2016 - 02:55 PM

Greetings,

Thank you for your patience. I am not seeing anything of note. Other than the bank information, are you having any issues?

Does these look familiar?

Netherlands Roosendaal Nforce Entertainment
odds.bestbetting.com


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Task: {340DADED-6595-4D4A-8406-883E32C71A35} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {39524A7C-C1BE-4B92-A446-89CF664375C1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4A04D8D9-299C-4166-88E7-4B0EFD91B6E0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {627718F2-9E95-45B6-ABC3-5F7B6FC060FD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {68B2B83A-BB19-4DC1-B5C7-07AA1B63ADD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {72B73BB7-7FBF-4260-A9F9-34DE8598779B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7FE766A7-AB7A-468B-9005-0314576FD50F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {85C88B6C-0578-4CBA-AD77-1A7C8E8E5DC8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C50F340B-207A-42A4-9CF9-F6FC1986A127} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D20D711D-DF81-41D7-A8B4-6AAF800E1A21} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D42905DA-D929-4FE5-A338-356E1808F280} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize entries?
  • TDSSKiller report
  • AdwCleaner log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 mrtubs

mrtubs
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 May 2016 - 05:46 PM

Thank you for your continuing help.

 

Other than the bank details I am seeing no issues.  Sometimes the computer is really slow, particularly when performing multiple tasks, but I put that down to the age of the machine,  I would not be on here but for the bank suggesting that I might have a keylogger or similar.

 

I am not fimilar with Netherlands Roosendaal Nforce Entertainment

 

odds.bestbetting.com is very similar to a website I use occasionally (bestbetting.com) which compares the odds of horse racing in various bookmakers, and you can place a bet through their website.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-05-2016
Ran by Ian (2016-05-03 23:21:47) Run:1
Running from C:\Users\Ian\Desktop
Loaded Profiles: Ian (Available Profiles: Ian)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {340DADED-6595-4D4A-8406-883E32C71A35} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {39524A7C-C1BE-4B92-A446-89CF664375C1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4A04D8D9-299C-4166-88E7-4B0EFD91B6E0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {627718F2-9E95-45B6-ABC3-5F7B6FC060FD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {68B2B83A-BB19-4DC1-B5C7-07AA1B63ADD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {72B73BB7-7FBF-4260-A9F9-34DE8598779B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7FE766A7-AB7A-468B-9005-0314576FD50F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {85C88B6C-0578-4CBA-AD77-1A7C8E8E5DC8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C50F340B-207A-42A4-9CF9-F6FC1986A127} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D20D711D-DF81-41D7-A8B4-6AAF800E1A21} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D42905DA-D929-4FE5-A338-356E1808F280} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{340DADED-6595-4D4A-8406-883E32C71A35}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{340DADED-6595-4D4A-8406-883E32C71A35}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39524A7C-C1BE-4B92-A446-89CF664375C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39524A7C-C1BE-4B92-A446-89CF664375C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A04D8D9-299C-4166-88E7-4B0EFD91B6E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A04D8D9-299C-4166-88E7-4B0EFD91B6E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{627718F2-9E95-45B6-ABC3-5F7B6FC060FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{627718F2-9E95-45B6-ABC3-5F7B6FC060FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68B2B83A-BB19-4DC1-B5C7-07AA1B63ADD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68B2B83A-BB19-4DC1-B5C7-07AA1B63ADD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72B73BB7-7FBF-4260-A9F9-34DE8598779B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72B73BB7-7FBF-4260-A9F9-34DE8598779B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FE766A7-AB7A-468B-9005-0314576FD50F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FE766A7-AB7A-468B-9005-0314576FD50F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85C88B6C-0578-4CBA-AD77-1A7C8E8E5DC8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85C88B6C-0578-4CBA-AD77-1A7C8E8E5DC8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C50F340B-207A-42A4-9CF9-F6FC1986A127}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C50F340B-207A-42A4-9CF9-F6FC1986A127}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D20D711D-DF81-41D7-A8B4-6AAF800E1A21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D20D711D-DF81-41D7-A8B4-6AAF800E1A21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D42905DA-D929-4FE5-A338-356E1808F280}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D42905DA-D929-4FE5-A338-356E1808F280}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully

==== End of Fixlog 23:21:47 ====

 

23:36:35.0500 0x22d4  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
23:36:39.0152 0x22d4  ============================================================
23:36:39.0152 0x22d4  Current date / time: 2016/05/03 23:36:39.0152
23:36:39.0152 0x22d4  SystemInfo:
23:36:39.0152 0x22d4 
23:36:39.0152 0x22d4  OS Version: 10.0.10586 ServicePack: 0.0
23:36:39.0152 0x22d4  Product type: Workstation
23:36:39.0152 0x22d4  ComputerName: TUBS-PC
23:36:39.0152 0x22d4  UserName: Ian
23:36:39.0152 0x22d4  Windows directory: C:\WINDOWS
23:36:39.0152 0x22d4  System windows directory: C:\WINDOWS
23:36:39.0152 0x22d4  Running under WOW64
23:36:39.0152 0x22d4  Processor architecture: Intel x64
23:36:39.0152 0x22d4  Number of processors: 8
23:36:39.0152 0x22d4  Page size: 0x1000
23:36:39.0152 0x22d4  Boot type: Normal boot
23:36:39.0152 0x22d4  ============================================================
23:36:39.0615 0x22d4  KLMD registered as C:\WINDOWS\system32\drivers\52388090.sys
23:36:40.0636 0x22d4  System UUID: {4C12A4C2-032A-B893-82A1-A5A1E510E26C}
23:36:41.0602 0x22d4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:36:41.0609 0x22d4  ============================================================
23:36:41.0609 0x22d4  \Device\Harddisk0\DR0:
23:36:41.0609 0x22d4  MBR partitions:
23:36:41.0609 0x22d4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
23:36:41.0609 0x22d4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x3846098A
23:36:41.0610 0x22d4  ============================================================
23:36:41.0670 0x22d4  C: <-> \Device\Harddisk0\DR0\Partition2
23:36:41.0671 0x22d4  ============================================================
23:36:41.0671 0x22d4  Initialize success
23:36:41.0671 0x22d4  ============================================================
23:36:43.0853 0x111c  ============================================================
23:36:43.0853 0x111c  Scan started
23:36:43.0853 0x111c  Mode: Manual;
23:36:43.0853 0x111c  ============================================================
23:36:43.0853 0x111c  KSN ping started
23:36:46.0213 0x111c  KSN ping finished: true
23:36:48.0294 0x111c  ================ Scan system memory ========================
23:36:48.0294 0x111c  System memory - ok
23:36:48.0294 0x111c  ================ Scan services =============================
23:36:48.0541 0x111c  1394ohci - ok
23:36:48.0556 0x111c  3ware - ok
23:36:48.0590 0x111c  ACPI - ok
23:36:48.0594 0x111c  acpiex - ok
23:36:48.0594 0x111c  acpipagr - ok
23:36:48.0610 0x111c  AcpiPmi - ok
23:36:48.0610 0x111c  acpitime - ok
23:36:48.0725 0x111c  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:36:48.0741 0x111c  AdobeARMservice - ok
23:36:48.0756 0x111c  ADP80XX - ok
23:36:48.0810 0x111c  [ 070DA2C5DFB8ADD3DDA699CAB0509101, D33246F29B58916BCBD9A6458819A92E0FB978A88ACDC8D84141E165EF734A95 ] ADUServiceNSRT  C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe
23:36:48.0810 0x111c  ADUServiceNSRT - ok
23:36:48.0825 0x111c  AFD - ok
23:36:48.0825 0x111c  agp440 - ok
23:36:48.0825 0x111c  ahcache - ok
23:36:48.0841 0x111c  AJRouter - ok
23:36:48.0857 0x111c  ALG - ok
23:36:48.0857 0x111c  AmdK8 - ok
23:36:48.0857 0x111c  AmdPPM - ok
23:36:48.0872 0x111c  amdsata - ok
23:36:48.0910 0x111c  amdsbs - ok
23:36:48.0926 0x111c  amdxata - ok
23:36:48.0926 0x111c  AppID - ok
23:36:48.0926 0x111c  AppIDSvc - ok
23:36:48.0941 0x111c  Appinfo - ok
23:36:49.0060 0x111c  [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:36:49.0060 0x111c  Apple Mobile Device Service - ok
23:36:49.0060 0x111c  AppMgmt - ok
23:36:49.0075 0x111c  AppReadiness - ok
23:36:49.0113 0x111c  AppXSvc - ok
23:36:49.0113 0x111c  arcsas - ok
23:36:49.0113 0x111c  AsyncMac - ok
23:36:49.0113 0x111c  atapi - ok
23:36:49.0144 0x111c  athr - ok
23:36:49.0176 0x111c  AudioEndpointBuilder - ok
23:36:49.0176 0x111c  Audiosrv - ok
23:36:49.0192 0x111c  AxInstSV - ok
23:36:49.0197 0x111c  b06bdrv - ok
23:36:49.0260 0x111c  [ 0630C8915B747E88E825CE7F73B66A5D, E9B465EE23487B59B1C906B04F9235B0BFBF254C1760E2462A7D1D7FE1655088 ] b57xdbd         C:\WINDOWS\System32\drivers\b57xdbd.sys
23:36:49.0276 0x111c  b57xdbd - ok
23:36:49.0330 0x111c  [ CA8457E528E13B38F8DC3B86B6BA4C6B, 532E48BBBA806608EBEFE10A94DCE2BFE8918D8DD6DEF6871F44FEEDA51238B8 ] b57xdmp         C:\WINDOWS\System32\drivers\b57xdmp.sys
23:36:49.0330 0x111c  b57xdmp - ok
23:36:49.0346 0x111c  BasicDisplay - ok
23:36:49.0361 0x111c  BasicRender - ok
23:36:49.0377 0x111c  bcmfn - ok
23:36:49.0397 0x111c  bcmfn2 - ok
23:36:49.0415 0x111c  BDESVC - ok
23:36:49.0415 0x111c  Beep - ok
23:36:49.0430 0x111c  BFE - ok
23:36:49.0477 0x111c  BITS - ok
23:36:49.0561 0x111c  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:36:49.0561 0x111c  Bonjour Service - ok
23:36:49.0577 0x111c  bowser - ok
23:36:49.0615 0x111c  [ 5C6ADD0111E1C6601B5911F7ACF85BB8, 1653E8725478C8118D2AF15399A1A44464AFDC6F66EB1A90BB268A0692831AEE ] BrcmCardReader  C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
23:36:49.0615 0x111c  BrcmCardReader - ok
23:36:49.0630 0x111c  BrokerInfrastructure - ok
23:36:49.0630 0x111c  Browser - ok
23:36:49.0662 0x111c  [ 0E9B28782D0E5DE7C25207432B791B33, FE33E3B27BEED03922DB2565DECC0E12F8CD586B5060EE4A1A87FF99EEC77B22 ] bScsiMSa        C:\WINDOWS\System32\drivers\bScsiMSa.sys
23:36:49.0662 0x111c  bScsiMSa - ok
23:36:49.0714 0x111c  [ 8F62F985BDD2F333A3EE34D54894363D, 44755CEEE5B1823990547C1F22FFC833D7BD693E6C3DD056B0C41615ED61ED4C ] bScsiSDa        C:\WINDOWS\System32\drivers\bScsiSDa.sys
23:36:49.0714 0x111c  bScsiSDa - ok
23:36:49.0746 0x111c  BthAvrcpTg - ok
23:36:49.0746 0x111c  BthHFEnum - ok
23:36:49.0746 0x111c  bthhfhid - ok
23:36:49.0761 0x111c  BthHFSrv - ok
23:36:49.0761 0x111c  BTHMODEM - ok
23:36:49.0777 0x111c  bthserv - ok
23:36:49.0777 0x111c  buttonconverter - ok
23:36:49.0903 0x111c  [ 52AE2CDD37AB735FBDA52263EFD524AA, 844103913E6079CC1C49B05FFB1CDC9A68692A8EE5A05C9C28FD272DFE534913 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
23:36:49.0919 0x111c  c2cautoupdatesvc - ok
23:36:50.0034 0x111c  [ C35B91B6777E7C6DB67B8583D2AA66A7, CE3A004B560EB750442150FEEFEE074A11A17E66B3F2A489E8EF1DBCF8FE8390 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
23:36:50.0065 0x111c  c2cpnrsvc - ok
23:36:50.0101 0x111c  CapImg - ok
23:36:50.0103 0x111c  cdfs - ok
23:36:50.0103 0x111c  CDPSvc - ok
23:36:50.0103 0x111c  cdrom - ok
23:36:50.0103 0x111c  CertPropSvc - ok
23:36:50.0119 0x111c  circlass - ok
23:36:50.0119 0x111c  CLFS - ok
23:36:50.0134 0x111c  ClipSVC - ok
23:36:50.0150 0x111c  CmBatt - ok
23:36:50.0150 0x111c  CNG - ok
23:36:50.0150 0x111c  cnghwassist - ok
23:36:50.0234 0x111c  CompositeBus - ok
23:36:50.0250 0x111c  COMSysApp - ok
23:36:50.0265 0x111c  condrv - ok
23:36:50.0265 0x111c  CoreMessagingRegistrar - ok
23:36:50.0434 0x111c  [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
23:36:50.0450 0x111c  cphs - ok
23:36:50.0465 0x111c  CryptSvc - ok
23:36:50.0481 0x111c  CSC - ok
23:36:50.0481 0x111c  CscService - ok
23:36:50.0481 0x111c  dam - ok
23:36:50.0500 0x111c  DcomLaunch - ok
23:36:50.0503 0x111c  DcpSvc - ok
23:36:50.0503 0x111c  defragsvc - ok
23:36:50.0503 0x111c  DeviceAssociationService - ok
23:36:50.0518 0x111c  DeviceInstall - ok
23:36:50.0518 0x111c  DevQueryBroker - ok
23:36:50.0534 0x111c  Dfsc - ok
23:36:50.0565 0x111c  [ BC319C065335B10A5AA5938A677A60D5, 6F32AF2A440E763DC2ADD06F3422DCF3285BDFA9E69E5C3CD67A10F039B2830F ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
23:36:50.0565 0x111c  dg_ssudbus - ok
23:36:50.0581 0x111c  Dhcp - ok
23:36:50.0619 0x111c  diagnosticshub.standardcollector.service - ok
23:36:50.0650 0x111c  DiagTrack - ok
23:36:50.0804 0x111c  [ 6B589D7870F836BEFC183897CCAB2856, 2D00DD081DDC3AC1A936AB7E58A0CB3DDB3F02F609B308F464C2719581848262 ] DigitalWave.Update.Service C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
23:36:50.0804 0x111c  DigitalWave.Update.Service - ok
23:36:50.0835 0x111c  disk - ok
23:36:50.0866 0x111c  DmEnrollmentSvc - ok
23:36:50.0882 0x111c  dmvsc - ok
23:36:50.0882 0x111c  dmwappushservice - ok
23:36:50.0903 0x111c  Dnscache - ok
23:36:50.0904 0x111c  dot3svc - ok
23:36:50.0904 0x111c  DPS - ok
23:36:50.0982 0x111c  drmkaud - ok
23:36:51.0002 0x111c  DsmSvc - ok
23:36:51.0051 0x111c  DsSvc - ok
23:36:51.0067 0x111c  DXGKrnl - ok
23:36:51.0082 0x111c  Eaphost - ok
23:36:51.0100 0x111c  ebdrv - ok
23:36:51.0151 0x111c  EFS - ok
23:36:51.0151 0x111c  EhStorClass - ok
23:36:51.0182 0x111c  EhStorTcgDrv - ok
23:36:51.0182 0x111c  embeddedmode - ok
23:36:51.0205 0x111c  EntAppSvc - ok
23:36:51.0205 0x111c  ErrDev - ok
23:36:51.0304 0x111c  [ 60281B807AC3F5202D3008F5DA902842, 6E4E91507E29AB865F7DF5A9E667C0853698F55D9C9DBAEB39AA9CE0A9AE885C ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
23:36:51.0304 0x111c  ESProtectionDriver - ok
23:36:51.0304 0x111c  EventSystem - ok
23:36:51.0320 0x111c  exfat - ok
23:36:51.0320 0x111c  fastfat - ok
23:36:51.0351 0x111c  Fax - ok
23:36:51.0367 0x111c  fdc - ok
23:36:51.0400 0x111c  fdPHost - ok
23:36:51.0404 0x111c  FDResPub - ok
23:36:51.0421 0x111c  fhsvc - ok
23:36:51.0436 0x111c  FileCrypt - ok
23:36:51.0436 0x111c  FileInfo - ok
23:36:51.0436 0x111c  Filetrace - ok
23:36:51.0452 0x111c  flpydisk - ok
23:36:51.0452 0x111c  FltMgr - ok
23:36:51.0467 0x111c  FontCache - ok
23:36:51.0584 0x111c  FontCache3.0.0.0 - ok
23:36:51.0606 0x111c  FsDepends - ok
23:36:51.0606 0x111c  Fs_Rec - ok
23:36:51.0622 0x111c  fvevol - ok
23:36:51.0637 0x111c  gagp30kx - ok
23:36:51.0653 0x111c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:36:51.0653 0x111c  GEARAspiWDM - ok
23:36:51.0668 0x111c  gencounter - ok
23:36:51.0668 0x111c  genericusbfn - ok
23:36:51.0684 0x111c  GPIOClx0101 - ok
23:36:51.0701 0x111c  gpsvc - ok
23:36:51.0706 0x111c  GpuEnergyDrv - ok
23:36:51.0768 0x111c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:51.0784 0x111c  gupdate - ok
23:36:51.0822 0x111c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:51.0822 0x111c  gupdatem - ok
23:36:51.0822 0x111c  HdAudAddService - ok
23:36:51.0837 0x111c  HDAudBus - ok
23:36:51.0837 0x111c  HidBatt - ok
23:36:51.0853 0x111c  HidBth - ok
23:36:51.0853 0x111c  hidi2c - ok
23:36:51.0853 0x111c  hidinterrupt - ok
23:36:51.0869 0x111c  HidIr - ok
23:36:51.0869 0x111c  hidserv - ok
23:36:51.0869 0x111c  HidUsb - ok
23:36:51.0906 0x111c  HomeGroupListener - ok
23:36:51.0922 0x111c  HomeGroupProvider - ok
23:36:51.0922 0x111c  HpSAMD - ok
23:36:51.0922 0x111c  HTTP - ok
23:36:51.0937 0x111c  hwpolicy - ok
23:36:51.0937 0x111c  hyperkbd - ok
23:36:51.0969 0x111c  [ 45E0F744B0887E2701B1C59DC86147EC, 04EB75A07B2949AB994F355BBEE33DE2069F94504D738DC7E66ABB1C9F1C31C8 ] i8042HDR        C:\WINDOWS\system32\DRIVERS\i8042HDR.sys
23:36:51.0984 0x111c  i8042HDR - ok
23:36:51.0984 0x111c  i8042prt - ok
23:36:52.0004 0x111c  iai2c - ok
23:36:52.0007 0x111c  iaLPSS2i_I2C - ok
23:36:52.0007 0x111c  iaLPSSi_GPIO - ok
23:36:52.0022 0x111c  iaLPSSi_I2C - ok
23:36:52.0022 0x111c  iaStorAV - ok
23:36:52.0022 0x111c  iaStorV - ok
23:36:52.0038 0x111c  ibbus - ok
23:36:52.0054 0x111c  icssvc - ok
23:36:52.0054 0x111c  IEEtwCollectorService - ok
23:36:52.0285 0x111c  [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
23:36:52.0385 0x111c  igfx - ok
23:36:52.0406 0x111c  IKEEXT - ok
23:36:52.0607 0x111c  [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
23:36:52.0685 0x111c  IntcAzAudAddService - ok
23:36:52.0707 0x111c  intelide - ok
23:36:52.0707 0x111c  intelpep - ok
23:36:52.0707 0x111c  intelppm - ok
23:36:52.0707 0x111c  IoQos - ok
23:36:52.0723 0x111c  IpFilterDriver - ok
23:36:52.0739 0x111c  iphlpsvc - ok
23:36:52.0739 0x111c  IPMIDRV - ok
23:36:52.0739 0x111c  IPNAT - ok
23:36:52.0807 0x111c  [ 043A93A498B3C4A88CACA3BCBC9B54C7, C08C5A03940806C6CB75ADDCBE6183145AD2AFE84D77BC85E620E7C1542F0893 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:36:52.0823 0x111c  iPod Service - ok
23:36:52.0823 0x111c  IRENUM - ok
23:36:52.0823 0x111c  isapnp - ok
23:36:52.0823 0x111c  iScsiPrt - ok
23:36:52.0838 0x111c  k57nd60a - ok
23:36:52.0838 0x111c  kbdclass - ok
23:36:52.0838 0x111c  kbdhid - ok
23:36:52.0838 0x111c  kdnic - ok
23:36:52.0854 0x111c  KeyIso - ok
23:36:52.0854 0x111c  KSecDD - ok
23:36:52.0870 0x111c  KSecPkg - ok
23:36:52.0885 0x111c  ksthunk - ok
23:36:52.0903 0x111c  KtmRm - ok
23:36:52.0907 0x111c  LanmanServer - ok
23:36:52.0907 0x111c  LanmanWorkstation - ok
23:36:52.0907 0x111c  lfsvc - ok
23:36:52.0923 0x111c  LicenseManager - ok
23:36:52.0923 0x111c  lltdio - ok
23:36:52.0938 0x111c  lltdsvc - ok
23:36:52.0938 0x111c  lmhosts - ok
23:36:52.0954 0x111c  LSI_SAS - ok
23:36:52.0954 0x111c  LSI_SAS2i - ok
23:36:52.0970 0x111c  LSI_SAS3i - ok
23:36:52.0970 0x111c  LSI_SSS - ok
23:36:52.0970 0x111c  LSM - ok
23:36:52.0970 0x111c  luafv - ok
23:36:52.0985 0x111c  MapsBroker - ok
23:36:53.0038 0x111c  [ 6761C5500F6A54BF31BA91F409234426, 28098724C3F7FBA0FAF753353475F034525EF6505048BB4BA2A817E908CB5600 ] MbaeSvc         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
23:36:53.0054 0x111c  MbaeSvc - ok
23:36:53.0085 0x111c  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
23:36:53.0085 0x111c  MBAMProtector - ok
23:36:53.0239 0x111c  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
23:36:53.0271 0x111c  MBAMScheduler - ok
23:36:53.0339 0x111c  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
23:36:53.0370 0x111c  MBAMService - ok
23:36:53.0486 0x111c  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
23:36:53.0502 0x111c  MBAMSwissArmy - ok
23:36:53.0524 0x111c  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
23:36:53.0540 0x111c  MBAMWebAccessControl - ok
23:36:53.0571 0x111c  megasas - ok
23:36:53.0571 0x111c  megasr - ok
23:36:53.0624 0x111c  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
23:36:53.0624 0x111c  MEIx64 - ok
23:36:53.0655 0x111c  MessagingService - ok
23:36:53.0724 0x111c  mlx4_bus - ok
23:36:53.0755 0x111c  MMCSS - ok
23:36:53.0755 0x111c  Modem - ok
23:36:53.0770 0x111c  monitor - ok
23:36:53.0770 0x111c  mouclass - ok
23:36:53.0770 0x111c  mouhid - ok
23:36:53.0786 0x111c  mountmgr - ok
23:36:53.0786 0x111c  mpsdrv - ok
23:36:53.0808 0x111c  MpsSvc - ok
23:36:53.0840 0x111c  MRxDAV - ok
23:36:53.0855 0x111c  mrxsmb - ok
23:36:53.0871 0x111c  mrxsmb10 - ok
23:36:53.0871 0x111c  mrxsmb20 - ok
23:36:53.0886 0x111c  MsBridge - ok
23:36:53.0908 0x111c  MSDTC - ok
23:36:53.0908 0x111c  Msfs - ok
23:36:53.0939 0x111c  msgpiowin32 - ok
23:36:53.0939 0x111c  mshidkmdf - ok
23:36:53.0939 0x111c  mshidumdf - ok
23:36:53.0955 0x111c  msisadrv - ok
23:36:53.0955 0x111c  MSiSCSI - ok
23:36:53.0970 0x111c  msiserver - ok
23:36:53.0970 0x111c  MSKSSRV - ok
23:36:53.0970 0x111c  MsLldp - ok
23:36:53.0970 0x111c  MSPCLOCK - ok
23:36:53.0986 0x111c  MSPQM - ok
23:36:53.0986 0x111c  MsRPC - ok
23:36:53.0986 0x111c  mssmbios - ok
23:36:53.0986 0x111c  MSTEE - ok
23:36:54.0005 0x111c  MTConfig - ok
23:36:54.0008 0x111c  Mup - ok
23:36:54.0008 0x111c  mvumis - ok
23:36:54.0024 0x111c  NativeWifiP - ok
23:36:54.0039 0x111c  NcaSvc - ok
23:36:54.0055 0x111c  NcbService - ok
23:36:54.0071 0x111c  NcdAutoSetup - ok
23:36:54.0071 0x111c  ndfltr - ok
23:36:54.0071 0x111c  NDIS - ok
23:36:54.0071 0x111c  NdisCap - ok
23:36:54.0086 0x111c  NdisImPlatform - ok
23:36:54.0086 0x111c  NdisTapi - ok
23:36:54.0086 0x111c  Ndisuio - ok
23:36:54.0086 0x111c  NdisVirtualBus - ok
23:36:54.0102 0x111c  NdisWan - ok
23:36:54.0106 0x111c  ndiswanlegacy - ok
23:36:54.0108 0x111c  ndproxy - ok
23:36:54.0108 0x111c  Ndu - ok
23:36:54.0108 0x111c  NetBIOS - ok
23:36:54.0124 0x111c  NetBT - ok
23:36:54.0124 0x111c  Netlogon - ok
23:36:54.0139 0x111c  Netman - ok
23:36:54.0139 0x111c  netprofm - ok
23:36:54.0171 0x111c  NetSetupSvc - ok
23:36:54.0208 0x111c  NetTcpPortSharing - ok
23:36:54.0208 0x111c  NgcCtnrSvc - ok
23:36:54.0224 0x111c  NgcSvc - ok
23:36:54.0240 0x111c  NlaSvc - ok
23:36:54.0240 0x111c  Npfs - ok
23:36:54.0240 0x111c  npsvctrig - ok
23:36:54.0240 0x111c  nsi - ok
23:36:54.0255 0x111c  nsiproxy - ok
23:36:54.0271 0x111c  NTFS - ok
23:36:54.0271 0x111c  Null - ok
23:36:54.0271 0x111c  nvraid - ok
23:36:54.0271 0x111c  nvstor - ok
23:36:54.0287 0x111c  nv_agp - ok
23:36:54.0287 0x111c  OneSyncSvc - ok
23:36:54.0425 0x111c  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:36:54.0440 0x111c  ose64 - ok
23:36:54.0472 0x111c  p2pimsvc - ok
23:36:54.0487 0x111c  p2psvc - ok
23:36:54.0525 0x111c  Parport - ok
23:36:54.0525 0x111c  partmgr - ok
23:36:54.0525 0x111c  PcaSvc - ok
23:36:54.0525 0x111c  pci - ok
23:36:54.0540 0x111c  pciide - ok
23:36:54.0540 0x111c  pcmcia - ok
23:36:54.0540 0x111c  pcw - ok
23:36:54.0540 0x111c  pdc - ok
23:36:54.0556 0x111c  PEAUTH - ok
23:36:54.0556 0x111c  PeerDistSvc - ok
23:36:54.0587 0x111c  percsas2i - ok
23:36:54.0587 0x111c  percsas3i - ok
23:36:54.0703 0x111c  PerfHost - ok
23:36:54.0740 0x111c  PhoneSvc - ok
23:36:54.0772 0x111c  PimIndexMaintenanceSvc - ok
23:36:54.0809 0x111c  pla - ok
23:36:54.0825 0x111c  PlugPlay - ok
23:36:54.0825 0x111c  PNRPAutoReg - ok
23:36:54.0825 0x111c  PNRPsvc - ok
23:36:54.0841 0x111c  PolicyAgent - ok
23:36:54.0841 0x111c  Power - ok
23:36:54.0841 0x111c  PptpMiniport - ok
23:36:55.0057 0x111c  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
23:36:55.0126 0x111c  PrintNotify - ok
23:36:55.0126 0x111c  Processor - ok
23:36:55.0157 0x111c  ProfSvc - ok
23:36:55.0173 0x111c  Psched - ok
23:36:55.0173 0x111c  QWAVE - ok
23:36:55.0173 0x111c  QWAVEdrv - ok
23:36:55.0357 0x111c  [ 09068D7435D5958D543F5459CE705D7F, 37F8A25C1841E808144BF8D850C26E70A614924DE4AE1BC96C47FB25F89F926F ] RapportCerberus_1609035 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609035.sys
23:36:55.0373 0x111c  RapportCerberus_1609035 - ok
23:36:55.0442 0x111c  [ B48D4C18E87E3F9F97BF8572BEE706CB, 36F673CB4515F88317554D70B829D895866C89DE504CE96E60F2C71A91ADA980 ] RapportEI64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
23:36:55.0458 0x111c  RapportEI64 - ok
23:36:55.0506 0x111c  [ 36D7DF06044B1423C7A16E6CD96F7F1A, EF44BBA4408DA52C6379413C65B2150F60DE13A0D18FFCB014C4D717FE750377 ] RapportHades64  C:\WINDOWS\system32\Drivers\RapportHades64.sys
23:36:55.0511 0x111c  RapportHades64 - ok
23:36:55.0542 0x111c  [ 8BE321EA312523FDC4F1B6B225E451ED, 8CD5A28052103CFCA1067D146E87CEAA0C31DD7E2CF65FF0F6C51351A20B69B8 ] RapportKE64     C:\WINDOWS\system32\Drivers\RapportKE64.sys
23:36:55.0558 0x111c  RapportKE64 - ok
23:36:55.0774 0x111c  [ 614536BB1D4ACB0A44E6A02400089B36, F0CA3336A66C0E0C993A84471F5A866EB1697C071B680E541199A840E3BFB135 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
23:36:55.0811 0x111c  RapportMgmtService - ok
23:36:55.0843 0x111c  [ 55A2AE9D00EA703E98D18A8C1F7FCB23, 9B252BE41C9D714B2925108A3BE11414EAA4F1A779587E4AB4F4357CB3E96704 ] RapportPG64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
23:36:55.0858 0x111c  RapportPG64 - ok
23:36:55.0907 0x111c  RasAcd - ok
23:36:55.0927 0x111c  RasAgileVpn - ok
23:36:55.0943 0x111c  RasAuto - ok
23:36:55.0974 0x111c  Rasl2tp - ok
23:36:55.0990 0x111c  RasMan - ok
23:36:55.0990 0x111c  RasPppoe - ok
23:36:56.0009 0x111c  RasSstp - ok
23:36:56.0012 0x111c  rdbss - ok
23:36:56.0012 0x111c  rdpbus - ok
23:36:56.0027 0x111c  RDPDR - ok
23:36:56.0027 0x111c  RdpVideoMiniport - ok
23:36:56.0059 0x111c  rdyboost - ok
23:36:56.0059 0x111c  ReFSv1 - ok
23:36:56.0074 0x111c  RemoteAccess - ok
23:36:56.0074 0x2130  Object required for P2P: [ C35B91B6777E7C6DB67B8583D2AA66A7 ] c2cpnrsvc
23:36:56.0106 0x111c  RemoteRegistry - ok
23:36:56.0143 0x111c  RetailDemo - ok
23:36:56.0143 0x111c  RpcEptMapper - ok
23:36:56.0174 0x111c  RpcLocator - ok
23:36:56.0174 0x111c  RpcSs - ok
23:36:56.0174 0x111c  rspndr - ok
23:36:56.0174 0x111c  s3cap - ok
23:36:56.0190 0x111c  SamSs - ok
23:36:56.0190 0x111c  sbp2port - ok
23:36:56.0190 0x111c  SCardSvr - ok
23:36:56.0207 0x111c  ScDeviceEnum - ok
23:36:56.0212 0x111c  scfilter - ok
23:36:56.0227 0x111c  Schedule - ok
23:36:56.0259 0x111c  SCPolicySvc - ok
23:36:56.0259 0x111c  sdbus - ok
23:36:56.0274 0x111c  SDRSVC - ok
23:36:56.0274 0x111c  sdstor - ok
23:36:56.0290 0x111c  seclogon - ok
23:36:56.0310 0x111c  SENS - ok
23:36:56.0312 0x111c  SensorDataService - ok
23:36:56.0327 0x111c  SensorService - ok
23:36:56.0327 0x111c  SensrSvc - ok
23:36:56.0327 0x111c  SerCx - ok
23:36:56.0343 0x111c  SerCx2 - ok
23:36:56.0359 0x111c  Serenum - ok
23:36:56.0374 0x111c  Serial - ok
23:36:56.0390 0x111c  sermouse - ok
23:36:56.0390 0x111c  SessionEnv - ok
23:36:56.0407 0x111c  sfloppy - ok
23:36:56.0412 0x111c  SharedAccess - ok
23:36:56.0459 0x111c  ShellHWDetection - ok
23:36:56.0474 0x111c  SiSRaid2 - ok
23:36:56.0474 0x111c  SiSRaid4 - ok
23:36:56.0574 0x111c  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:36:56.0574 0x111c  SkypeUpdate - ok
23:36:56.0614 0x111c  [ 0CCFDCB61625C7FBFE612363401ACF20, 88A1ACFD95F020C2A5BBEB1D2BE1E977D6F6DC219C1BAC9CDF6779D8D3E3C406 ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
23:36:56.0630 0x111c  SmbDrvI - ok
23:36:56.0646 0x111c  smphost - ok
23:36:56.0677 0x111c  SmsRouter - ok
23:36:56.0715 0x111c  SNMPTRAP - ok
23:36:56.0731 0x111c  spaceport - ok
23:36:56.0747 0x111c  SpbCx - ok
23:36:56.0778 0x111c  Spooler - ok
23:36:56.0778 0x111c  sppsvc - ok
23:36:56.0778 0x111c  srv - ok
23:36:56.0793 0x111c  srv2 - ok
23:36:56.0793 0x111c  srvnet - ok
23:36:56.0816 0x111c  SSDPSRV - ok
23:36:56.0831 0x111c  SstpSvc - ok
23:36:56.0862 0x111c  [ 37680AECA1BF2D430719A297F68ECD49, 64E6A2C077316CE4807F2F480324F4011003686F698CCB0AA93C659DAAE1FAB5 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
23:36:56.0878 0x111c  ssudmdm - ok
23:36:56.0946 0x111c  [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
23:36:56.0962 0x111c  ss_conn_service - ok
23:36:56.0993 0x111c  StateRepository - ok
23:36:56.0993 0x111c  stexstor - ok
23:36:57.0017 0x111c  stisvc - ok
23:36:57.0017 0x111c  storahci - ok
23:36:57.0032 0x111c  storflt - ok
23:36:57.0032 0x111c  stornvme - ok
23:36:57.0032 0x111c  storqosflt - ok
23:36:57.0048 0x111c  StorSvc - ok
23:36:57.0048 0x111c  storufs - ok
23:36:57.0064 0x111c  storvsc - ok
23:36:57.0064 0x111c  svsvc - ok
23:36:57.0064 0x111c  swenum - ok
23:36:57.0064 0x111c  swprv - ok
23:36:57.0095 0x111c  Synth3dVsc - ok
23:36:57.0182 0x111c  [ D154C83B12ABD0227531D48F10AB4944, F6C9BFC2C1A4BC83E45D1F45C1922C99A7E17E4BB9B76154179A6C990CB5FF84 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:36:57.0198 0x111c  SynTP - ok
23:36:57.0318 0x111c  [ E4DEBF8D1983712E5E3CF8A7D87D0ABD, 0D76A7E425F9125ADFA1278CA03A838B91FD0E55F7CD17A1A926668411E30611 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
23:36:57.0339 0x111c  SynTPEnhService - ok
23:36:57.0355 0x111c  SysMain - ok
23:36:57.0370 0x111c  SystemEventsBroker - ok
23:36:57.0370 0x111c  TabletInputService - ok
23:36:57.0370 0x111c  TapiSrv - ok
23:36:57.0386 0x111c  Tcpip - ok
23:36:57.0402 0x111c  Tcpip6 - ok
23:36:57.0402 0x111c  tcpipreg - ok
23:36:57.0421 0x111c  tdx - ok
23:36:57.0670 0x111c  [ 2AA61246A5B813C1B12BCCFAA6F23DD8, 74EE3DB839A0F4BC781294803281DB2248D013B8808FF05F2EE9597C14C6FEED ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
23:36:57.0771 0x111c  TeamViewer - ok
23:36:57.0771 0x111c  terminpt - ok
23:36:57.0786 0x111c  TermService - ok
23:36:57.0786 0x111c  Themes - ok
23:36:57.0824 0x111c  TieringEngineService - ok
23:36:57.0855 0x111c  tiledatamodelsvc - ok
23:36:57.0886 0x111c  TimeBroker - ok
23:36:57.0902 0x111c  TPM - ok
23:36:57.0902 0x111c  TrkWks - ok
23:36:57.0924 0x111c  TrustedInstaller - ok
23:36:57.0940 0x111c  tsusbflt - ok
23:36:57.0940 0x111c  TsUsbGD - ok
23:36:57.0940 0x111c  tunnel - ok
23:36:57.0971 0x111c  tzautoupdate - ok
23:36:57.0971 0x111c  uagp35 - ok
23:36:57.0987 0x111c  UASPStor - ok
23:36:57.0987 0x111c  UcmCx0101 - ok
23:36:57.0987 0x111c  UcmUcsi - ok
23:36:57.0987 0x111c  Ucx01000 - ok
23:36:58.0002 0x111c  UdeCx - ok
23:36:58.0002 0x111c  udfs - ok
23:36:58.0002 0x111c  UEFI - ok
23:36:58.0020 0x111c  Ufx01000 - ok
23:36:58.0024 0x111c  UfxChipidea - ok
23:36:58.0024 0x111c  ufxsynopsys - ok
23:36:58.0040 0x111c  UI0Detect - ok
23:36:58.0040 0x111c  uliagpkx - ok
23:36:58.0056 0x111c  umbus - ok
23:36:58.0056 0x111c  UmPass - ok
23:36:58.0056 0x111c  UmRdpService - ok
23:36:58.0072 0x111c  UnistoreSvc - ok
23:36:58.0087 0x111c  upnphost - ok
23:36:58.0103 0x111c  UrsChipidea - ok
23:36:58.0103 0x111c  UrsCx01000 - ok
23:36:58.0103 0x111c  UrsSynopsys - ok
23:36:58.0156 0x111c  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
23:36:58.0220 0x111c  USBAAPL64 - ok
23:36:58.0224 0x111c  usbccgp - ok
23:36:58.0225 0x111c  usbcir - ok
23:36:58.0225 0x111c  usbehci - ok
23:36:58.0225 0x111c  usbhub - ok
23:36:58.0241 0x111c  USBHUB3 - ok
23:36:58.0257 0x111c  usbohci - ok
23:36:58.0257 0x111c  usbprint - ok
23:36:58.0272 0x111c  usbser - ok
23:36:58.0303 0x111c  USBSTOR - ok
23:36:58.0303 0x111c  usbuhci - ok
23:36:58.0303 0x111c  usbvideo - ok
23:36:58.0303 0x111c  USBXHCI - ok
23:36:58.0357 0x111c  UserDataSvc - ok
23:36:58.0404 0x111c  UserManager - ok
23:36:58.0409 0x111c  UsoSvc - ok
23:36:58.0414 0x111c  VaultSvc - ok
23:36:58.0419 0x111c  vdrvroot - ok
23:36:58.0431 0x111c  vds - ok
23:36:58.0435 0x111c  VerifierExt - ok
23:36:58.0439 0x111c  vhdmp - ok
23:36:58.0445 0x111c  vhf - ok
23:36:58.0449 0x111c  vmbus - ok
23:36:58.0453 0x111c  VMBusHID - ok
23:36:58.0471 0x111c  vmicguestinterface - ok
23:36:58.0478 0x111c  vmicheartbeat - ok
23:36:58.0483 0x111c  vmickvpexchange - ok
23:36:58.0487 0x111c  vmicrdv - ok
23:36:58.0491 0x111c  vmicshutdown - ok
23:36:58.0496 0x111c  vmictimesync - ok
23:36:58.0500 0x111c  vmicvmsession - ok
23:36:58.0505 0x111c  vmicvss - ok
23:36:58.0509 0x111c  volmgr - ok
23:36:58.0515 0x111c  volmgrx - ok
23:36:58.0519 0x111c  volsnap - ok
23:36:58.0524 0x111c  vpci - ok
23:36:58.0528 0x111c  vsmraid - ok
23:36:58.0533 0x111c  VSS - ok
23:36:58.0538 0x111c  VSTXRAID - ok
23:36:58.0542 0x111c  vwifibus - ok
23:36:58.0547 0x111c  vwififlt - ok
23:36:58.0551 0x111c  vwifimp - ok
23:36:58.0570 0x111c  W32Time - ok
23:36:58.0571 0x2130  Object send P2P result: true
23:36:58.0577 0x111c  WacomPen - ok
23:36:58.0592 0x111c  WalletService - ok
23:36:58.0597 0x111c  wanarp - ok
23:36:58.0602 0x111c  wanarpv6 - ok
23:36:58.0607 0x111c  wbengine - ok
23:36:58.0611 0x111c  WbioSrvc - ok
23:36:58.0616 0x111c  Wcmsvc - ok
23:36:58.0621 0x111c  wcncsvc - ok
23:36:58.0625 0x111c  WcsPlugInService - ok
23:36:58.0630 0x111c  WdBoot - ok
23:36:58.0635 0x111c  Wdf01000 - ok
23:36:58.0640 0x111c  WdFilter - ok
23:36:58.0645 0x111c  WdiServiceHost - ok
23:36:58.0669 0x111c  WdiSystemHost - ok
23:36:58.0674 0x111c  wdiwifi - ok
23:36:58.0679 0x111c  WdNisDrv - ok
23:36:58.0715 0x111c  WdNisSvc - ok
23:36:58.0720 0x111c  WebClient - ok
23:36:58.0725 0x111c  Wecsvc - ok
23:36:58.0729 0x111c  WEPHOSTSVC - ok
23:36:58.0734 0x111c  wercplsupport - ok
23:36:58.0741 0x111c  WerSvc - ok
23:36:58.0754 0x111c  WFPLWFS - ok
23:36:58.0759 0x111c  WiaRpc - ok
23:36:58.0781 0x111c  WIMMount - ok
23:36:58.0784 0x111c  WinDefend - ok
23:36:58.0794 0x111c  WindowsTrustedRT - ok
23:36:58.0809 0x111c  WindowsTrustedRTProxy - ok
23:36:58.0833 0x111c  WinHttpAutoProxySvc - ok
23:36:58.0838 0x111c  WinMad - ok
23:36:58.0894 0x111c  Winmgmt - ok
23:36:58.0904 0x111c  WinRM - ok
23:36:58.0913 0x111c  WINUSB - ok
23:36:58.0917 0x111c  WinVerbs - ok
23:36:58.0923 0x111c  WlanSvc - ok
23:36:58.0928 0x111c  wlidsvc - ok
23:36:58.0933 0x111c  WmiAcpi - ok
23:36:58.0940 0x111c  wmiApSrv - ok
23:36:58.0944 0x111c  WMPNetworkSvc - ok
23:36:58.0974 0x111c  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
23:36:58.0983 0x111c  Wof - ok
23:36:59.0008 0x111c  workfolderssvc - ok
23:36:59.0012 0x111c  wpcfltr - ok
23:36:59.0016 0x111c  WPDBusEnum - ok
23:36:59.0016 0x111c  WpdUpFltr - ok
23:36:59.0016 0x111c  WpnService - ok
23:36:59.0016 0x111c  ws2ifsl - ok
23:36:59.0079 0x111c  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device  C:\WINDOWS\system32\drivers\VirtualAudio.sys
23:36:59.0217 0x111c  WsAudio_Device - ok
23:36:59.0316 0x111c  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(1) C:\WINDOWS\system32\drivers\VirtualAudio1.sys
23:36:59.0348 0x111c  WsAudio_Device(1) - ok
23:36:59.0379 0x111c  wscsvc - ok
23:36:59.0379 0x111c  WSDPrintDevice - ok
23:36:59.0395 0x111c  WSDScan - ok
23:36:59.0395 0x111c  WSearch - ok
23:36:59.0432 0x111c  WSService - ok
23:36:59.0479 0x111c  wuauserv - ok
23:36:59.0479 0x111c  WudfPf - ok
23:36:59.0494 0x111c  WUDFRd - ok
23:36:59.0516 0x111c  wudfsvc - ok
23:36:59.0516 0x111c  WUDFWpdFs - ok
23:36:59.0532 0x111c  WUDFWpdMtp - ok
23:36:59.0532 0x111c  WwanSvc - ok
23:36:59.0563 0x111c  XblAuthManager - ok
23:36:59.0595 0x111c  XblGameSave - ok
23:36:59.0612 0x111c  xboxgip - ok
23:36:59.0632 0x111c  XboxNetApiSvc - ok
23:36:59.0648 0x111c  xinputhid - ok
23:36:59.0664 0x111c  ================ Scan global ===============================
23:36:59.0747 0x111c  [ Global ] - ok
23:36:59.0747 0x111c  ================ Scan MBR ==================================
23:36:59.0763 0x111c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:37:00.0216 0x111c  \Device\Harddisk0\DR0 - ok
23:37:00.0216 0x111c  ================ Scan VBR ==================================
23:37:00.0216 0x111c  [ 810D39D9D6AE506CB40645E5AF0F460B ] \Device\Harddisk0\DR0\Partition1
23:37:00.0236 0x111c  \Device\Harddisk0\DR0\Partition1 - ok
23:37:00.0240 0x111c  [ 4DFEC79FA829BCAF4F11639683D5B7BB ] \Device\Harddisk0\DR0\Partition2
23:37:00.0241 0x111c  \Device\Harddisk0\DR0\Partition2 - ok
23:37:00.0241 0x111c  ================ Scan generic autorun ======================
23:37:00.0272 0x111c  [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\WINDOWS\system32\igfxtray.exe
23:37:01.0760 0x111c  IgfxTray - ok
23:37:01.0791 0x111c  [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\WINDOWS\system32\hkcmd.exe
23:37:01.0891 0x111c  HotKeysCmds - ok
23:37:01.0945 0x111c  [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\WINDOWS\system32\igfxpers.exe
23:37:02.0176 0x111c  Persistence - ok
23:37:02.0723 0x111c  [ 65E8545F1297CD83534C354A7BED1848, 19B3F3C17A335837454DC1851C6436D0BB2D8B1595AEB4DC71265FB20868B48F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:37:03.0208 0x111c  RtHDVCpl - ok
23:37:03.0325 0x111c  [ 31821EC63BDEDE18E64C11F7248B32AB, 6982AE866F8EC7943FDB3E4B77B03542A2E3E07F080B8D806C4ED903DE3368CE ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
23:37:03.0372 0x111c  RtHDVBg_Dolby - ok
23:37:03.0472 0x111c  [ 1BF113E377E570DB915EE7D228E594D6, FF4D198D412CA21C49E0A3E6FE52EAD69786B305429095B5BD25CB4FAFD33B51 ] C:\Program Files\iTunes\iTunesHelper.exe
23:37:03.0488 0x111c  iTunesHelper - ok
23:37:03.0488 0x111c  SynTPEnh - ok
23:37:03.0587 0x111c  [ 9F3B239443E7AF5840454D8D3A0772CF, 82E135AA844B3170D030CE27259BF7BACBA1FA18670C10B74BD3F402CA9AD29E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
23:37:03.0587 0x111c  APSDaemon - ok
23:37:03.0703 0x111c  [ C6235EF491612EF3BFAFACEC7FC0C254, A5C90CFA8AA36684A96339F50D0C8453B74D2E332A997BA0EB93576746E6643A ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
23:37:03.0891 0x111c  DivXMediaServer - ok
23:37:03.0976 0x111c  [ 81800928E0F713DF31F3393CC26F4013, 0ABCC70297C83C01BCCAF03083BE67EB7A50A28557B2F9578EDB73B382F54182 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
23:37:04.0075 0x111c  DivXUpdate - ok
23:37:04.0107 0x111c  Aimersoft Helper Compact.exe - ok
23:37:04.0246 0x111c  [ 5A4FCB9FA2798BFF8B2E9340CAD1347C, 6ABB3F762C48AF4316C674AF3A60EF2E1EF208C1650A5977BFC55A2C1F26B9DD ] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
23:37:04.0993 0x111c  Wondershare Helper Compact.exe - ok
23:37:05.0009 0x111c  BrowserPlugInHelper - ok
23:37:05.0194 0x111c  [ 8AC10EC7431ABCB52A74CC9236907EB7, 40C1354165EDE1503D078C1274A9BA0B02C80B2628EB8BF663A23A87760B9C17 ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
23:37:05.0247 0x111c  CanonQuickMenu - ok
23:37:05.0332 0x111c  [ 6B53177248AC5327FFB5CB2D5C500C94, 2F03DA955BF63BDCA979B76B263FBE4EB1BA2A76476EF0D9145E66CAB781C67C ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
23:37:05.0363 0x111c  IJNetworkScannerSelectorEX - ok
23:37:05.0533 0x111c  [ 235B72AF442823FF17751417DC904D15, 834ACDCCDCA14320BB0AE6A483179DF594F9C2429CF4846E1415BE4EF2C10FB4 ] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
23:37:05.0664 0x111c  Malwarebytes Anti-Exploit - ok
23:37:05.0779 0x111c  OneDriveSetup - ok
23:37:05.0779 0x111c  OneDriveSetup - ok
23:37:05.0848 0x111c  Lync - ok
23:37:05.0996 0x111c  [ B2168568379F7C1A84E432979C8FCDC8, EBADCA5F02E09AEAB692DCCB6BDAEFE69D5E1A8A3E0DDA316303706E003F532F ] C:\Users\Ian\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
23:37:06.0080 0x111c  TouchFreeze - ok
23:37:06.0165 0x111c  [ 5EB1ED0E3F320AF5FA3E1DB5ED5C930C, 4E3CA3AB1354E52949534EF1968AF0C0BC441070F0442580FB83513ED0EE1C27 ] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
23:37:06.0165 0x111c  RoboForm - ok
23:37:06.0250 0x111c  [ F9387D080BF8566354CDB0445AB8F87B, 4EE5D4A15E2D3DF578FA0370449C0894166B1B2998B63D9F02A994845350B86A ] C:\Users\Ian\AppData\Local\Microsoft\OneDrive\OneDrive.exe
23:37:06.0281 0x111c  OneDrive - ok
23:37:06.0333 0x111c  Skype - ok
23:37:06.0349 0x111c  Waiting for KSN requests completion. In queue: 36
23:37:07.0366 0x111c  Waiting for KSN requests completion. In queue: 36
23:37:08.0368 0x111c  Waiting for KSN requests completion. In queue: 36
23:37:08.0772 0x1d3c  Object required for P2P: [ 09068D7435D5958D543F5459CE705D7F ] RapportCerberus_1609035
23:37:09.0376 0x111c  Waiting for KSN requests completion. In queue: 33
23:37:10.0384 0x111c  Waiting for KSN requests completion. In queue: 33
23:37:11.0272 0x1d3c  Object send P2P result: true
23:37:11.0288 0x1d3c  Object required for P2P: [ 614536BB1D4ACB0A44E6A02400089B36 ] RapportMgmtService
23:37:11.0389 0x111c  Waiting for KSN requests completion. In queue: 29
23:37:12.0393 0x111c  Waiting for KSN requests completion. In queue: 29
23:37:13.0394 0x111c  Waiting for KSN requests completion. In queue: 29
23:37:13.0846 0x1d3c  Object send P2P result: true
23:37:14.0501 0x111c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x61100 ( enabled : updated )
23:37:14.0517 0x111c  Win FW state via NFP2: enabled ( trusted )
23:37:16.0945 0x111c  ============================================================
23:37:16.0945 0x111c  Scan finished
23:37:16.0945 0x111c  ============================================================
23:37:16.0961 0x1fc0  Detected object count: 0
23:37:16.0961 0x1fc0  Actual detected object count: 0

 

Now about to perform AdwCleaner but as I need to close my browser will post the results shortly.
 

 



#8 mrtubs

mrtubs
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 03 May 2016 - 06:02 PM

# AdwCleaner v5.115 - Logfile created 03/05/2016 at 23:54:08
# Updated 01/05/2016 by Xplode
# Database : 2016-05-01.2 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : Ian - TUBS-PC
# Running from : C:\Users\Ian\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Ian\AppData\Roaming\ProgSense

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetup-r394-n-bi.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetup-r842-n-bi.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key Deleted : HKCU\Software\ProgSense
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\office-2016.en.softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\office-2016.en.softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
[-] Value Deleted : HKU\S-1-5-21-2076736937-1727937113-2630792067-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [iLivid]

***** [ Web browsers ] *****

[-] [C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2512 bytes] - [03/05/2016 23:54:08]
C:\AdwCleaner\AdwCleaner[R0].txt - [3512 bytes] - [30/07/2014 00:03:23]
C:\AdwCleaner\AdwCleaner[R1].txt - [1069 bytes] - [01/08/2014 01:40:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [3106 bytes] - [30/07/2014 00:06:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [3930 bytes] - [01/08/2014 01:42:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2877 bytes] ##########



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:07 AM

Posted 03 May 2016 - 06:54 PM

Thank you. Let's run this please.

===================================================

RogueKiller by Tigzy

--------------------

  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 mrtubs

mrtubs
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 04 May 2016 - 04:40 AM

Hi Gary

 

Thank you. 

 

Just a couple of things, when I ran the scan it warned me that I was using the 32 bit version and not the 64 bit.

 

Also it has found a couple of threats, I have not removed them, should I?

 

RogueKiller V12.1.5.0 [May  2 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Ian [Administrator]
Started from : C:\Users\Ian\Desktop\RogueKiller.exe
Mode : Scan -- Date : 05/04/2016 10:32:26

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5CD39E02-F7F8-4371-8A3C-EEF9A48F1B4F} | DhcpNameServer : 46.166.179.40 46.166.179.42 ([Netherlands][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5CD39E02-F7F8-4371-8A3C-EEF9A48F1B4F} | DhcpNameServer : 46.166.179.40 46.166.179.42 ([Netherlands][-])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT1 +++++
--- User ---
[MBR] f8ed4ad32f3d605c7e3bdc413c10a632
[BSP] ac1f02f33991339865186bc35cea74e0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 460993 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975779840 | Size: 484 MB
User = LL1 ... OK
User = LL2 ... OK

 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:07 AM

Posted 04 May 2016 - 08:35 AM

That program should be able to run on either 32 bit or 64 bit systems. Not sure why you go the warning.

Yes we are going to remove those entries. Please do this.

===================================================

RogueKiller Selecting Deletions

--------------------
  • Close any open programs
  • Please disconnect any USB or external drives from the computer before you run the scan
  • Right click on the RogueKiller icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Allow the Prescan to finish
  • Click Scan
  • When the Status box shows Scan Finished place a checkmark in the following and select Delete

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5CD39E02-F7F8-4371-8A3C-EEF9A48F1B4F} | DhcpNameServer : 46.166.179.40 46.166.179.42 ([Netherlands][-]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5CD39E02-F7F8-4371-8A3C-EEF9A48F1B4F} | DhcpNameServer : 46.166.179.40 46.166.179.42 ([Netherlands][-]) -> Found

  • Click Report
  • Copy and paste the contents of the report in your reply
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Double click that icon and allow the program to load
  • Click Yes to run an online update
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click Yes to detect Potentially Unwanted Programs
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Click Quarantine selected (all should be selected by default)
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller report
  • Emsisoft report
  • Security Check report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 mrtubs

mrtubs
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 04 May 2016 - 06:51 PM

Thanks Gary.

 

First set, rest to follow:

 

RogueKiller V12.1.5.0 [May  2 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Ian [Administrator]
Started from : C:\Users\Ian\Desktop\RogueKiller.exe
Mode : Delete -- Date : 05/05/2016 00:47:09

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5CD39E02-F7F8-4371-8A3C-EEF9A48F1B4F} | DhcpNameServer : 46.166.179.40 46.166.179.42 ([Netherlands][-])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5CD39E02-F7F8-4371-8A3C-EEF9A48F1B4F} | DhcpNameServer : 46.166.179.40 46.166.179.42 ([Netherlands][-])  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT1 +++++
--- User ---
[MBR] f8ed4ad32f3d605c7e3bdc413c10a632
[BSP] ac1f02f33991339865186bc35cea74e0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 460993 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975779840 | Size: 484 MB
User = LL1 ... OK
User = LL2 ... OK

 



#13 mrtubs

mrtubs
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 04 May 2016 - 07:29 PM

Emsisoft Emergency Kit - Version 11.0
Last update: 05/05/2016 01:02:53
User account: TUBS-PC\Ian

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 05/05/2016 01:03:52
C:\Users\Ian\AppData\Roaming\getrighttogo  detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF}  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993}  detected: Application.AdReg (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> BROWSERPLUGINHELPER  detected: Application.AdStart (A)

Scanned 103141
Found 5

Scan end: 05/05/2016 01:26:47
Scan time: 0:22:55



#14 mrtubs

mrtubs
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 04 May 2016 - 07:34 PM

 Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome (49.0.2623.112)
 Google Chrome (50.0.2661.94)
 Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Exploit mbae-svc.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe  
 Malwarebytes Anti-Exploit mbae64.exe  
 Malwarebytes Anti-Exploit mbae.exe  
 Windows Defender MpCmdRun.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:07 AM

Posted 04 May 2016 - 08:13 PM

Thank you. If you have not done so already please remove the items detected by Emsisoft.  Everything else looks great.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users