Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Window Processes - PresentationHost.exe / msiexec.exe etc. w high CPU Usage


  • Please log in to reply
3 replies to this topic

#1 DavidClaus

DavidClaus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 07 May 2016 - 04:50 PM

Howdy,

 

I found several processes in the Task Manager that continued to appear when I tried to end them including: PresentationHost.exe, msdtc.exe, dllhost.exe, cmd.exe, msiexec.exe, conhost.exe. It's causing my computer to perform very slowly and I'm positive that a malware(s) is behind this. I would highly appreciate some help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016

Ran by S430219 (administrator) on 010C631-603864 (07-05-2016 15:42:25)
Running from C:\Users\s430219\Downloads
Loaded Profiles: S430219 (Available Profiles: S430219 & OfflineUser & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Novell, Inc) C:\Program Files (x86)\Novell\CASA\bin\micasad.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\nzrWinVNC.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenUserDaemon.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\esm\ZESUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\NalWin.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Novell, Inc.) C:\Windows\System32\iprntctl.exe
(Novell, Inc.) C:\Windows\System32\iprntlgn.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Spotify Ltd) C:\Users\s430219\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google, Inc) C:\Users\s430219\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenNotifyIcon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Users\s430219\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\s430219\AppData\Local\Google\Chrome\Application\chrome.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Users\s430219\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\s430219\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\s430219\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\s430219\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Users\s430219\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\s430219\AppData\Local\Temp\~nsu.tmp\Au_.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [137800 2013-02-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3015408 2013-02-11] (Synaptics Incorporated)
HKLM\...\Run: [Nalwin] => C:\Program Files (x86)\Novell\ZENworks\bin\nalwin.exe [1176576 2012-03-01] (Novell, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iPrint Tray] => C:\Windows\system32\iprntctl.exe [66072 2010-04-08] (Novell, Inc.)
HKLM\...\Run: [iPrint Event Monitor] => C:\Windows\system32\iprntlgn.exe [69656 2010-04-08] (Novell, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9405904 2016-04-26] (Emsisoft Ltd)
HKLM-x32\...\Run: [ZenNotifyIcon] => C:\Program Files (x86)\Novell\Zenworks\bin\ZenNotifyIcon.exe [303104 2012-03-01] (Novell, Inc.)
HKLM-x32\...\Run: [NalView] => C:\Program Files (x86)\Novell\ZENworks\bin\nalview.exe [57344 2012-03-01] (Novell, Inc.)
HKLM-x32\...\Run: [M86_AUTH] => c:\Program Files (x86)\M86 Security\Authenticator\Authenticat.exe
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe [515888 2013-02-07] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe [1960336 2014-07-10] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
Winlogon\Notify\LCredMgr: C:\Program Files\Novell\CASA\bin\lcredmgr.dll ()
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Run: [Spotify Web Helper] => C:\Users\s430219\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-29] (Spotify Ltd)
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Run: [Spotify] => C:\Users\s430219\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-29] (Spotify Ltd)
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Run: [Google Photos Backup] => C:\Users\s430219\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-04-20] (SUPERAntiSpyware)
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\MountPoints2: {2aa43af5-8f57-11e5-b33a-681729f5cfbb} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellExecuteHooks: ZENworks Adaptive Agent - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files (x86)\Novell\ZENworks\bin\NalShell.dll [1427968 2012-03-01] (Novell, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL No File
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7E5BA3E4-2CD1-4419-8B20-85DE7D2BC646}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7FE5E4C2-732F-4419-B1DF-F3D4F8A35B45}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9DA12B89-C08B-4414-82C7-87F86754C282}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{C084B855-5AD0-4FA2-9967-D6E30A09E90B}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll => No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> c:\Program Files\Java\jre7\bin\ssv.dll [2013-11-21] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> c:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-21] (Oracle Corporation)
BHO-x32: Wondershare AllMyTube 4.2.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll [2014-07-10] (Wondershare)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> c:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-11-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> c:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-11-21] (Oracle Corporation)
DPF: HKLM-x32 {BD596A5F-C74E-4E08-8249-E17A1C14589A} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_8/PhotoCenter_ActiveX_Control.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\s430219\AppData\Roaming\Mozilla\Firefox\Profiles\osvhgo4t.default
FF Homepage: hxxps://www.google.com/
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?src=hp&ssid=1451988761&a=1026400&uuid=7b30b421-d2f9-4c5a-8c63-e572556ad8c2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-05-16] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2013-11-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> c:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-05-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> c:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-11-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [No File]
FF Plugin-x32: @novell.com/iPrint -> C:\Windows\SysWOW64 [2016-05-07] ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @spoon.net/Spoon Plugin 3.33 -> C:\Program Files (x86)\Spoon\3.33.6.244\npMozillaSpoonPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1475117352-3723492382-4078676718-34806: @tools.google.com/Google Update;version=3 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1475117352-3723492382-4078676718-34806: @tools.google.com/Google Update;version=9 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Extension: Wondershare AllMyTube - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com [2015-07-20] [not signed]
FF Extension: Adblock Plus - C:\Users\s430219\AppData\Roaming\Mozilla\Firefox\Profiles\osvhgo4t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com
 
Chrome: 
=======
CHR Profile: C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Web Store) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-16]
CHR Extension: (Google Drive) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-18]
CHR Extension: (YouTube) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-18]
CHR Extension: (Web Store) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-16]
CHR Extension: (Web Store) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gccilgmhofdpkfakmalggoiolhbmdcjd [2016-04-16]
CHR Extension: (Web Store) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Gmail) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-16]
CHR Profile: C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-30]
CHR Extension: (Docs) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-30]
CHR Extension: (Google Drive) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-30]
CHR Extension: (YouTube) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-30]
CHR Extension: (Google Search) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-30]
CHR Extension: (Google Sheets) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\s430219\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
CHR HKLM-x32\...\Chrome\Extension: [gccilgmhofdpkfakmalggoiolhbmdcjd] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com.crx [2015-07-20]
StartMenuInternet: Google Chrome.VOA5FG3IHVRDGVSMNT2FSEDEXE - C:\Users\s430219\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [11341584 2016-04-26] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\avp.exe [515888 2013-02-07] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-11] (Dropbox, Inc.)
R2 klnagent; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [124632 2012-08-02] (Kaspersky Lab ZAO)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Novell Identity Store; C:\Program Files (x86)\Novell\CASA\bin\micasad.exe [249856 2012-01-06] (Novell, Inc) [File not signed]
R2 Novell ZENworks Agent Service; C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe [28672 2012-03-01] (Novell, Inc.) [File not signed]
S2 Novell ZENworks Image-Safe Data Service; C:\Program Files (x86)\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [90112 2012-03-01] () [File not signed]
R2 nzwinvnc; C:\Program Files (x86)\Novell\ZENworks\bin\nzrWinVNC.exe [1829888 2012-03-02] (Novell, Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S3 ZENPreAgent; C:\Windows\novell\zenworks\bin\ZENPreAgent.exe [233472 2013-11-21] () [File not signed]
R2 ZESService; C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe [50344 2012-02-29] (Novell, Inc.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2011-12-21] (DemoForge, LLC)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [126280 2016-04-07] (Emsisoft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [464176 2011-08-18] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [13616 2011-08-18] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [58672 2012-04-03] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [636720 2012-05-14] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [32048 2011-09-01] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [288992 2013-01-08] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8242376 2013-02-20] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31984 2013-02-11] (Synaptics Incorporated)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)
R0 zesdac; C:\Windows\System32\DRIVERS\zesdac.sys [27952 2012-02-29] (Novell, Inc)
S4 ZesDisk; C:\Windows\System32\DRIVERS\ZesDisk.sys [17712 2012-02-29] (Novell, Inc.)
S4 zesds; C:\Windows\System32\DRIVERS\ZesDS.sys [204080 2012-02-29] (Novell, Inc.)
S4 zesdt; C:\Windows\System32\DRIVERS\ZesDT.sys [128816 2012-02-29] (Novell, Inc.)
R0 zesfsfd; C:\Windows\System32\DRIVERS\ZESFSFD.sys [66352 2012-02-29] (Novell, Inc)
R1 ZESFW; C:\Windows\System32\DRIVERS\ZESFW.sys [58160 2011-12-15] (Novell, Inc)
S4 zesocc; C:\Windows\System32\DRIVERS\ZesOCC.sys [488240 2012-02-29] (Novell, Inc.)
R2 zestdi; C:\Windows\System32\DRIVERS\zestdi.sys [46896 2012-02-29] (Novell, Inc)
R1 ZESWIFI; C:\Windows\System32\DRIVERS\ZESWIFI.sys [36656 2011-12-15] (Novell, Inc)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-07 15:42 - 2016-05-07 15:52 - 00031156 _____ C:\Users\s430219\Downloads\FRST.txt
2016-05-07 15:39 - 2016-05-07 15:42 - 00000000 ____D C:\FRST
2016-05-07 15:31 - 2016-05-07 15:32 - 02379264 _____ (Farbar) C:\Users\s430219\Downloads\FRST64.exe
2016-05-07 14:51 - 2016-05-07 14:54 - 01730048 _____ (Farbar) C:\Users\s430219\Downloads\FRST (1).exe
2016-05-07 14:51 - 2016-05-07 14:53 - 01730048 _____ (Farbar) C:\Users\s430219\Downloads\FRST.exe
2016-05-07 14:43 - 2016-05-07 15:42 - 00000086 _____ C:\Users\s430219\Desktop\ZENWorks Window.nal
2016-05-07 14:43 - 2016-05-07 15:42 - 00000086 _____ C:\Users\s430219\Desktop\Google Chrome.nal
2016-05-07 14:43 - 2016-05-07 15:42 - 00000086 _____ C:\Users\s430219\Desktop\Explorer.nal
2016-05-07 14:43 - 2016-05-07 15:42 - 00000086 _____ C:\Users\s430219\Desktop\1nternet 9.nal
2016-05-07 14:40 - 2016-05-07 14:50 - 00000000 ____D C:\Users\DAU3208315-5169
2016-05-07 14:40 - 2016-05-07 14:40 - 00000000 ___DL C:\Users\DAU3208315-5169\My Documents
2016-05-07 14:40 - 2016-05-07 14:40 - 00000000 ___DL C:\Users\DAU3208315-5169\Documents\My Videos
2016-05-07 14:40 - 2016-05-07 14:40 - 00000000 ___DL C:\Users\DAU3208315-5169\Documents\My Pictures
2016-05-07 14:40 - 2016-05-07 14:40 - 00000000 ___DL C:\Users\DAU3208315-5169\Documents\My Music
2016-05-06 13:23 - 2016-05-06 13:25 - 224731788 _____ C:\Users\s430219\Downloads\cam1240 football player hotty.mp4
2016-05-05 18:16 - 2016-05-05 18:16 - 01032192 _____ C:\Users\s430219\Desktop\feb.indd
2016-05-05 17:20 - 2016-05-05 17:20 - 00000000 ____D C:\ProgramData\Emsisoft
2016-05-05 16:57 - 2016-05-05 16:57 - 00000000 ____D C:\SUPERDelete
2016-05-05 16:35 - 2016-05-05 16:41 - 00000951 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-05-05 16:35 - 2016-05-05 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-05-05 16:34 - 2016-05-07 15:37 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-05-05 16:27 - 2016-05-05 16:27 - 00030589 _____ C:\ComboFix.txt
2016-05-05 16:26 - 2016-05-07 11:36 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 81337224-96ef-4f29-a00b-864d1d715034.job
2016-05-05 16:26 - 2016-05-07 11:36 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 62d8a9dd-ff16-44b8-ab0b-bd9f9d25a397.job
2016-05-05 16:26 - 2016-05-05 16:26 - 00003590 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 62d8a9dd-ff16-44b8-ab0b-bd9f9d25a397
2016-05-05 16:26 - 2016-05-05 16:26 - 00003516 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 81337224-96ef-4f29-a00b-864d1d715034
2016-05-05 16:26 - 2016-05-05 16:26 - 00000000 ____D C:\Users\s430219\AppData\Roaming\SUPERAntiSpyware.com
2016-05-05 16:24 - 2016-05-05 16:41 - 00001863 _____ C:\Users\s430219\Desktop\SUPERAntiSpyware Professional.lnk
2016-05-05 16:24 - 2016-05-05 16:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-05 16:24 - 2016-05-05 16:24 - 00000000 ____D C:\Users\s430219\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-05-05 16:24 - 2016-05-05 16:24 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-05-05 16:22 - 2016-05-05 16:23 - 22851472 _____ (Malwarebytes ) C:\Users\s430219\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-05 16:20 - 2016-05-05 16:27 - 236634152 _____ (Emsisoft Ltd. ) C:\Users\s430219\Downloads\EmsisoftAntiMalwareSetup.exe
2016-05-05 16:20 - 2016-05-05 16:22 - 25733040 _____ (SUPERAntiSpyware) C:\Users\s430219\Downloads\SUPERAntiSpywarePro.exe
2016-05-05 16:20 - 2016-05-05 16:21 - 25732888 _____ (SUPERAntiSpyware) C:\Users\s430219\Downloads\SUPERAntiSpyware.exe
2016-05-05 16:02 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-05 16:02 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-05 16:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-05 16:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-05 16:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-05 16:02 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-05 16:02 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-05 16:02 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-05 16:01 - 2016-05-05 16:27 - 00000000 ____D C:\ComboFix
2016-05-05 16:00 - 2016-05-05 16:27 - 00000000 ____D C:\Qoobox
2016-05-05 15:55 - 2016-05-05 16:21 - 00000000 ____D C:\Windows\erdnt
2016-05-05 15:53 - 2016-05-05 15:53 - 05658358 ____R (Swearware) C:\Users\s430219\Downloads\ComboFix.exe
2016-05-05 15:53 - 2016-05-05 15:53 - 05658358 _____ (Swearware) C:\Users\s430219\Downloads\ComboFix (1).exe
2016-05-05 15:46 - 2016-05-05 15:46 - 01610816 _____ (Malwarebytes) C:\Users\s430219\Downloads\JRT.exe
2016-05-05 15:28 - 2016-05-05 15:29 - 00059995 _____ C:\Users\s430219\Downloads\2016-05-02 Letter for Eric Pham.pdf
2016-05-05 15:11 - 2016-05-05 15:11 - 00262144 _____ C:\Windows\Minidump\050516-26754-01.dmp
2016-05-02 23:14 - 2016-05-02 23:17 - 00000000 ___RD C:\Users\s430219\Documents\Scanned Documents
2016-05-02 23:14 - 2016-05-02 23:14 - 00000000 ____D C:\Users\s430219\Documents\Fax
2016-05-02 22:31 - 2016-05-05 09:36 - 00000000 ____D C:\Users\s430219\AppData\Local\IupiGqupd
2016-05-02 22:31 - 2016-05-02 22:31 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2016-05-02 22:31 - 2016-05-02 22:31 - 00000000 ___HD C:\ProgramData\{D612DEA7-41A3-483A-9F90-A49A62502B1B}
2016-05-02 22:02 - 2016-05-02 22:02 - 00000000 ____D C:\Users\s430219\Downloads\Drake – Views (2016) [MP3+Booklet~320kbps]~[Hunter] [FRG]
2016-05-02 12:57 - 2016-05-02 12:57 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-05-02 12:57 - 2016-05-02 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-02 12:56 - 2016-05-02 12:57 - 00000000 ____D C:\Program Files\iTunes
2016-05-02 12:56 - 2016-05-02 12:56 - 00000000 ____D C:\Program Files\iPod
2016-05-02 12:51 - 2016-05-02 12:51 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-05-02 12:51 - 2016-05-02 12:51 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-05-02 12:48 - 2016-05-02 12:48 - 00000000 ____D C:\Program Files\Bonjour
2016-05-02 12:48 - 2016-05-02 12:48 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-05-02 12:13 - 2016-05-02 12:19 - 169713992 _____ (Apple Inc.) C:\Users\s430219\Downloads\iTunes6464Setup.exe
2016-05-02 07:17 - 2016-05-02 07:17 - 00792419 _____ C:\Users\s430219\Desktop\CN.pdf
2016-05-02 07:15 - 2016-05-02 07:15 - 47097186 _____ C:\Users\s430219\Downloads\cn.psd
2016-04-30 16:59 - 2016-04-30 17:00 - 00183620 _____ C:\Users\s430219\Downloads\ExternalUserTranscript.pdf
2016-04-30 16:59 - 2016-04-30 17:00 - 00183620 _____ C:\Users\s430219\Downloads\ExternalUserTranscript (1).pdf
2016-04-30 09:27 - 2016-04-30 09:27 - 00006395 _____ C:\Users\s430219\Downloads\tamulink-wpa.mobileconfig
2016-04-30 00:17 - 2016-04-30 00:17 - 00347816 _____ (Microsoft Corporation) C:\Users\s430219\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2016-04-30 00:16 - 2016-04-30 00:16 - 14773216 _____ (Microsoft Corporation) C:\Users\s430219\Downloads\VC_redist.x64.exe
2016-04-30 00:16 - 2016-04-30 00:16 - 13977352 _____ (Microsoft Corporation) C:\Users\s430219\Downloads\VC_redist.x86.exe
2016-04-30 00:15 - 2016-04-30 00:15 - 00000000 ____D C:\Program Files (x86)\App Dynamic
2016-04-30 00:10 - 2016-04-30 00:10 - 26194584 _____ (AppDynamic ehf) C:\Users\s430219\Downloads\AirServer-4.2.0-x64 (1).exe
2016-04-30 00:02 - 2016-04-30 00:02 - 28054894 _____ C:\Users\s430219\Downloads\Fix it portable.zip
2016-04-29 23:44 - 2016-04-29 23:44 - 08728576 _____ C:\Users\s430219\Downloads\AirServer-4.2.0-x64 (1).msi
2016-04-29 23:43 - 2016-04-29 23:43 - 08728576 _____ C:\Users\s430219\Downloads\AirServer-4.2.0-x64.msi
2016-04-29 23:43 - 2016-04-29 23:43 - 00000000 ____D C:\Users\s430219\AppData\Local\Macroplant_LLC
2016-04-29 23:42 - 2016-04-29 23:42 - 00000000 ____D C:\Users\s430219\AppData\Local\iMobie_Inc
2016-04-29 23:41 - 2016-04-29 23:41 - 11701720 _____ (Macroplant LLC ) C:\Users\s430219\Downloads\iExplorer_Setup_3940.exe
2016-04-29 23:41 - 2016-04-29 23:41 - 00000000 ____D C:\Users\s430219\AppData\Roaming\iMobie
2016-04-29 23:40 - 2016-05-05 16:45 - 00000000 ____D C:\Program Files (x86)\iMobie
2016-04-29 23:40 - 2016-04-29 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2016-04-29 23:39 - 2016-04-29 23:40 - 01074600 _____ (iMobie Inc.) C:\Users\s430219\Downloads\anytrans-setup.exe
2016-04-29 23:36 - 2016-04-29 23:36 - 00197333 _____ C:\Users\s430219\Downloads\msvcp140.zip
2016-04-29 23:35 - 2016-04-30 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirServer Universal (x86)
2016-04-29 23:31 - 2016-04-29 23:32 - 26403504 _____ (AppDynamic ehf) C:\Users\s430219\Downloads\AirServer-4.2.0-x86.exe
2016-04-29 23:20 - 2016-04-29 23:20 - 26194584 _____ (AppDynamic ehf) C:\Users\s430219\Downloads\AirServer-4.2.0-x64.exe
2016-04-28 11:23 - 2016-04-28 11:23 - 00031567 _____ C:\Users\s430219\Downloads\PartnerLetter (1).pdf
2016-04-28 11:20 - 2016-04-28 11:20 - 00030994 _____ C:\Users\s430219\Downloads\PartnerLetter.pdf
2016-04-28 03:45 - 2016-04-28 03:45 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2016-04-28 03:45 - 2016-04-28 03:45 - 00000994 _____ C:\Users\Public\Desktop\WinSCP.lnk
2016-04-28 03:44 - 2016-04-28 03:45 - 00000000 ____D C:\Program Files (x86)\WinSCP
2016-04-28 03:44 - 2016-04-28 03:44 - 05915464 _____ (Martin Prikryl ) C:\Users\s430219\Downloads\winscp577setup.exe
2016-04-27 15:12 - 2016-04-27 15:13 - 12239360 _____ C:\Users\s430219\Downloads\Final Lecture 302 classroom16 students (1).ppt
2016-04-27 15:12 - 2016-04-27 15:12 - 14836736 _____ C:\Users\s430219\Downloads\Week #12 PromotionsCLASS 16.ppt
2016-04-26 23:52 - 2016-04-26 23:52 - 21016788 _____ C:\Users\s430219\Downloads\Road Trip Summer 2016 (1).pptx
2016-04-26 23:49 - 2016-04-26 23:49 - 21016769 _____ C:\Users\s430219\Downloads\Road Trip Summer 2016.pptx
2016-04-26 23:48 - 2016-04-26 23:48 - 21016772 _____ C:\Users\s430219\Downloads\Untitled presentation.pptx
2016-04-26 10:48 - 2016-04-26 10:48 - 00097009 _____ C:\Users\s430219\Downloads\Memorial Park Intern Announcement_2017.pdf
2016-04-26 10:48 - 2016-04-26 10:48 - 00097009 _____ C:\Users\s430219\Downloads\Memorial Park Intern Announcement_2017 (1).pdf
2016-04-25 20:13 - 2016-04-25 20:13 - 00298264 _____ C:\Windows\Minidump\042516-25396-01.dmp
2016-04-25 15:07 - 2016-04-25 15:07 - 12239360 _____ C:\Users\s430219\Downloads\Final Lecture 302 classroom16 students.ppt
2016-04-25 13:49 - 2016-04-25 13:50 - 179844596 _____ C:\Users\s430219\Desktop\DUN.ps
2016-04-25 13:44 - 2016-04-25 13:44 - 05695715 _____ C:\Users\s430219\Desktop\spread by spread.pdf
2016-04-25 13:43 - 2016-04-25 13:43 - 05847397 _____ C:\Users\s430219\Desktop\Page by Page.pdf
2016-04-25 11:50 - 2016-04-25 11:50 - 30677319 _____ C:\Users\s430219\Downloads\cam2083 football player with a big long dick cums in a glass.mp4
2016-04-20 15:15 - 2016-04-20 15:16 - 02820608 _____ C:\Users\s430219\Downloads\Ecotourism Students 16.ppt
2016-04-18 09:16 - 2016-04-18 09:16 - 00246613 _____ C:\Users\s430219\Downloads\FRIDAY_TSOVolunteerParking_Check-in_MAP.pdf
2016-04-18 09:12 - 2016-04-18 09:13 - 00941497 _____ C:\Users\s430219\Downloads\saturday_buildings_at_a_glance.pdf
2016-04-18 01:16 - 2016-04-18 01:16 - 00000000 ____D C:\found.001
2016-04-15 19:52 - 2016-04-15 19:54 - 83552259 _____ C:\Users\s430219\Desktop\d111.mp4
2016-04-15 19:39 - 2016-04-15 19:49 - 01726106 _____ C:\Users\s430219\Desktop\Movie Project.mp4
2016-04-15 19:14 - 2016-04-15 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-12 14:56 - 2016-05-07 14:47 - 00000000 ___RD C:\Users\s430219\Dropbox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-07 15:52 - 2016-02-19 14:26 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-07 15:45 - 2009-07-13 23:45 - 00004624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-07 15:45 - 2009-07-13 23:45 - 00004624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-07 15:32 - 2015-12-13 02:39 - 00000000 ____D C:\Program Files (x86)\iPhone Data Recovery
2016-05-07 15:26 - 2015-11-11 16:21 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-07 15:26 - 2015-11-11 16:21 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-05-07 15:09 - 2013-12-04 22:29 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475117352-3723492382-4078676718-34806UA.job
2016-05-07 14:57 - 2016-02-19 14:26 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-07 14:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-05-07 14:45 - 2013-12-25 12:17 - 00000000 ____D C:\Users\s430219\AppData\Roaming\Spotify
2016-05-07 14:43 - 2013-11-21 13:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-07 14:42 - 2013-12-25 12:17 - 00000000 ____D C:\Users\s430219\AppData\Local\Spotify
2016-05-07 14:32 - 2013-11-21 12:00 - 00000000 ____D C:\Windows\system32\Drivers\{4bb8218c-aebf-4113-882f-b10ae15c8218}
2016-05-07 11:52 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-07 11:38 - 2013-12-04 22:29 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475117352-3723492382-4078676718-34806Core.job
2016-05-06 13:18 - 2013-12-05 00:23 - 00000000 ____D C:\Users\s430219\AppData\Roaming\Skype
2016-05-05 18:16 - 2016-03-30 04:26 - 00000430 _____ C:\Users\s430219\Documents\BT_afterActivateLogFile.txt
2016-05-05 18:12 - 2016-01-08 04:06 - 00967234 _____ C:\Windows\ntbtlog.txt
2016-05-05 17:21 - 2016-01-05 21:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-05 16:27 - 2016-01-05 21:11 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-05 16:27 - 2016-01-05 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-05 16:27 - 2016-01-05 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-05 16:12 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-05-05 16:03 - 2014-11-08 12:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-05 15:11 - 2016-02-14 22:17 - 450458774 _____ C:\Windows\MEMORY.DMP
2016-05-05 15:11 - 2014-04-20 09:45 - 00000000 ____D C:\Windows\Minidump
2016-05-05 10:12 - 2015-10-27 11:22 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-05 10:02 - 2015-10-27 11:13 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-02 23:12 - 2014-04-05 14:59 - 00000000 ____D C:\Users\s430219\AppData\Roaming\uTorrent
2016-05-02 21:21 - 2013-12-04 22:31 - 00002359 _____ C:\Users\s430219\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-02 12:56 - 2015-09-13 20:56 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-02 12:56 - 2015-09-13 20:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-02 12:51 - 2014-04-05 15:44 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-02 07:15 - 2014-11-01 16:45 - 00000132 _____ C:\Users\s430219\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-30 07:16 - 2013-12-05 00:39 - 00000000 ____D C:\Users\s430219\AppData\Local\ElevatedDiagnostics
2016-04-29 23:42 - 2016-01-31 23:35 - 00000000 ____D C:\Users\s430219\AppData\Local\CrashDumps
2016-04-29 18:50 - 2015-08-31 10:29 - 00000000 ____D C:\Users\s430219\Desktop\Lectures
2016-04-27 11:32 - 2015-05-26 10:18 - 00000000 ____D C:\Users\s430219\Desktop\School
2016-04-27 00:59 - 2009-07-14 00:13 - 00799370 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-27 00:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-19 11:23 - 2015-07-20 14:34 - 00000000 ____D C:\ProgramData\Wondershare AllMyTube
2016-04-18 01:20 - 2009-07-13 23:45 - 09893120 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-16 12:44 - 2016-03-23 11:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-16 12:43 - 2013-12-04 22:43 - 00000000 ____D C:\ProgramData\Skype
2016-04-16 11:56 - 2015-05-28 00:12 - 00000000 _____ C:\ziswin.hst
2016-04-15 19:14 - 2015-11-11 16:21 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-15 18:19 - 2013-12-04 10:27 - 00141240 _____ C:\Users\s430219\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-15 18:13 - 2016-01-20 00:55 - 00000000 ____D C:\Users\s430219\Desktop\Spring 2016 DL
2016-04-15 17:17 - 2014-04-14 19:18 - 00000000 ____D C:\Users\s430219\AppData\Roaming\Audacity
2016-04-13 16:54 - 2015-11-11 16:21 - 00000000 ____D C:\Users\s430219\AppData\Local\Dropbox
2016-04-12 14:56 - 2013-12-04 10:27 - 00000000 ____D C:\Users\s430219
2016-04-12 14:54 - 2015-11-11 16:27 - 00000000 ___RD C:\Users\s430219\Dropbox (Old)
 
==================== Files in the root of some directories =======
 
2012-01-06 12:06 - 2012-01-06 12:06 - 0114688 _____ () C:\Program Files (x86)\ad_ff.dll
2011-11-22 18:31 - 2011-11-22 18:31 - 0006253 _____ () C:\Program Files (x86)\eula.rtf
2014-03-09 22:52 - 2014-09-26 23:11 - 0000132 _____ () C:\Users\s430219\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-01-23 01:45 - 2014-10-19 19:19 - 0000132 _____ () C:\Users\s430219\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-11-01 16:45 - 2016-05-02 07:15 - 0000132 _____ () C:\Users\s430219\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-20 12:13 - 2015-07-31 00:14 - 0000129 _____ () C:\Users\s430219\AppData\Roaming\com.taylorpub.taylortools.settings.xml
2014-10-20 12:14 - 2015-07-31 00:22 - 0000721 _____ () C:\Users\s430219\AppData\Roaming\com.taylorpub.taylortools.windowpreferences.xml
2014-03-09 22:58 - 2014-03-09 22:58 - 0001456 _____ () C:\Users\s430219\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-01-20 01:36 - 2016-01-20 15:49 - 0000600 _____ () C:\Users\s430219\AppData\Local\PUTTY.RND
2013-11-21 12:06 - 2013-11-21 12:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-05 20:59 - 2016-01-05 20:59 - 0001652 _____ () C:\ProgramData\tempimage.bmp
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-30 01:44
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 07 May 2016 - 08:34 PM

Hello DavidClaus and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 
Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...
Attached Images

Ashampoo_Snap_20140927_13h17m38s_001_Far


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 DavidClaus

DavidClaus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 07 May 2016 - 09:46 PM

Thank you for your quick response! Here is the addition.txt logfile

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-05-2016
Ran by S430219 (2016-05-07 15:56:40)
Running from C:\Users\s430219\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-11-21 16:57:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
8656E5BF72CE43EA8237 (S-1-5-21-3980279317-196781328-2851928885-1057 - Limited - Enabled)
Administrator (S-1-5-21-3980279317-196781328-2851928885-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3980279317-196781328-2851928885-501 - Limited - Disabled)
OfflineUser (S-1-5-21-3980279317-196781328-2851928885-1001 - Limited - Enabled) => C:\Users\OfflineUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
actions-langs (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D8D2B468-8342-411A-8760-BCC362C3408F}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe InDesign (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.15) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
AirServer Universal (x64) (HKLM\...\{6E97BF1A-1BC4-4624-8841-C5B03F234C87}) (Version: 3.1.5 - App Dynamic)
AirServer Universal (x86) (HKLM-x32\...\{EA67A806-C8F9-407B-9360-839AFFA5C4E9}) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
auth-satellite-server-langs (x32 Version: 11.2.0.16053 - Novell, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
bundle-langs (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
CASA (HKLM\...\{66227BF6-AE46-4263-A274-3C03C6A53810}) (Version: 1.7.1769 - Novell)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)
content-distribution-point-langs (x32 Version: 11.2.0.16053 - Novell, Inc.) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.7 - Emsisoft Ltd.)
Fonts for BalfourTools (HKLM\...\{EE518F13-B6AC-4E96-A695-7D55CB62B897}) (Version: 1.0.0 - Balfour Yearbooks)
Google Chrome (HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{33286280-8617-11E1-8FF6-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Photos Backup (HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10214 - Realtek Semiconductor Corp.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
inventory-langs (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Kaspersky Endpoint Security 8 for Windows (HKLM\...\{D72DD679-A3EC-4FCF-AFAF-12E2552450B6}) (Version: 8.1.0.831 - Kaspersky Lab)
Kaspersky Security Center Network Agent (HKLM-x32\...\InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}) (Version: 9.2.69 - Kaspersky Lab)
Kaspersky Security Center Network Agent (x32 Version: 9.2.69 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Novell CASA Authentication Token Client (x64) (HKLM\...\{7C654F31-FC29-4504-9ED0-C38842EFDB66}) (Version: 1.7.1767 - Novell, Inc.)
Novell GroupWise (HKLM-x32\...\Novell GroupWise) (Version: 8.0.2.0 - Novell, Inc.)
Novell iPrint Client v05.40.00 (HKLM\...\Novell iPrint Client) (Version:  - Novell, Inc.)
Novell ZENworks (HKLM-x32\...\ZENworks) (Version: 11.2.0.16117 - Novell, Inc.)
Novell ZENworks Adaptive Agent Help (x32 Version: 11.2.0.15997 - Novell, Inc.) Hidden
Novell ZENworks Endpoint Security Agent (x32 Version: 11.2.0.181 - Novell) Hidden
Novell ZENworks Image-Safe Data Service (x32 Version: 11.2.0.16071 - Novell, Inc.) Hidden
Novell ZENworks Remote Management (Version: 11.2.0.16054 - Novell, Inc.) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Policy Action Handler Resources (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
Policy Handler Resources (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
policy-langs (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
primary-agent-langs (x32 Version: 11.2.0.16053 - Novell, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
remotemanagement-langs (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
status-collection-point-langs (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1218 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.13.0 - )
usermanagement-langs-x86_64 (Version: 11.2.0.16053 - Novell, Inc.) Hidden
Vegas Pro 12.0 (64-bit) (HKLM-x32\...\Vegas Pro 12.0 (64-bit)) (Version: 12.0 (64-bit) - Exµs ™)
WinProxy-langs (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
Wondershare AllMyTube(Build 4.2.0.1) (HKLM-x32\...\Wondershare AllMyTube_is1) (Version: 4.2.0.1 - Wondershare Software)
zencore-agent-langs (x32 Version: 11.2.0.16053 - Novell, Inc.) Hidden
zennotifyicon-langs (x32 Version: 11.2.0.16053 - Novell, Inc.) Hidden
ZENworks Action Handlers (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Action Utilities (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Actions (x32 Version: 11.2.0.16117 - Novell, Inc.) Hidden
ZENworks Agent Authentication Satellite Module (x32 Version: 11.2.0.15997 - Novell, Inc.) Hidden
ZENworks Agent Bundle Management (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Agent Core Modules (x32 Version: 11.2.0.15997 - Novell, Inc.) Hidden
ZENworks Agent Inventory Management (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Agent Policy Management (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Agent System Update Module (x32 Version: 11.2.0.15997 - Novell, Inc.) Hidden
ZENworks Agent WinProxy Module (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Content Distribution Point (x32 Version: 11.2.0.15997 - Novell, Inc.) Hidden
ZENworks DLU Policy Handler (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Extensions Libraries (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Group Policy Handler (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Image Management (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Image-Safe Data Agent (x32 Version: 11.2.0.16071 - Novell, Inc.) Hidden
ZENworks Imaging Server (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Information Icon (x32 Version: 11.2.0.15997 - Novell, Inc.) Hidden
ZENworks Launcher Policy Handler (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Policy Handlers (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Policy Libraries (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Primary Agent (x32 Version: 11.2.0.15997 - Novell, Inc.) Hidden
ZENworks Remote Management (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Status Collection Point (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks Uninstaller (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
ZENworks User Management (Version: 11.2.0.15997 - Novell, Inc.) Hidden
ZENworks Version Information (x32 Version: 11.2.0.16117 - Novell, Inc.) Hidden
ZENworks Windows UI (x32 Version: 11.2.0.16054 - Novell, Inc.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1475117352-3723492382-4078676718-34806_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\s430219\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B15C73E-575F-40F6-9416-78264CF8B26D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-11] (Dropbox, Inc.)
Task: {24CAB1E4-0B6C-460D-B0CE-B0C919844C2D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {3D03E20A-70D9-4D23-AECC-62B8EBB9AAD1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {6122D10B-E86F-4898-88B0-8A8BE5128DCD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {63824708-E453-4620-B1E4-554E4AADAE8D} - System32\Tasks\SUPERAntiSpyware Scheduled Task 81337224-96ef-4f29-a00b-864d1d715034 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {67763883-0EA4-494A-9382-CC4F7CD25354} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-19] (Google Inc.)
Task: {869B12D0-CCE7-41F8-966A-E30D2609EEA6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Task: {9C0D41CE-5F39-41AE-A63B-A352F594F355} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1475117352-3723492382-4078676718-34806UA => C:\Users\s430219\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9FB0D6B0-0C85-47D9-8C91-D0D79EB39FAB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {A7765D2F-989F-42DF-8C51-C8055911E4B7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-11] (Dropbox, Inc.)
Task: {AD8FA42D-4F30-4AF1-A8AF-56C88F05306E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Task: {B230A427-3B8A-4053-9B23-D0384ED8B8F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1475117352-3723492382-4078676718-34806Core => C:\Users\s430219\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C7162D87-16B4-4CE0-B623-EB171A8E30F3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {D0EDF246-9AFD-432A-BD71-3B408C20AEF1} - System32\Tasks\SUPERAntiSpyware Scheduled Task 62d8a9dd-ff16-44b8-ab0b-bd9f9d25a397 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E2DC3448-11CF-47B0-A505-9B6B64D424BB} - \WPD\SqmUpload_S-1-5-21-1691665526-4002558047-1021123543-500 -> No File <==== ATTENTION
Task: {E87166EB-D17E-4687-AF37-7C6F843038E4} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {F3133A71-95D3-4087-8B7A-D71C06164A7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-19] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475117352-3723492382-4078676718-34806Core.job => C:\Users\s430219\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475117352-3723492382-4078676718-34806UA.job => C:\Users\s430219\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 62d8a9dd-ff16-44b8-ab0b-bd9f9d25a397.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 81337224-96ef-4f29-a00b-864d1d715034.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-12-21 14:31 - 2011-12-21 14:31 - 00580096 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\sqlite3.DLL
2012-03-01 13:53 - 2012-03-01 13:53 - 00009216 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\Localizer.XmlSerializers.dll
2011-12-06 12:20 - 2011-12-06 12:20 - 00438784 _____ () C:\Windows\system32\casa_authtoken.DLL
2012-01-06 12:06 - 2012-01-06 12:06 - 00074752 _____ () C:\Windows\system32\micasa.dll
2012-01-06 12:04 - 2012-01-06 12:04 - 00069120 _____ () C:\Windows\system32\micasacache.dll
2012-03-01 13:55 - 2012-03-01 13:55 - 00626688 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\zmd.XmlSerializers.dll
2012-03-01 15:50 - 2012-03-01 15:50 - 00135168 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\Novell.Zenworks.PolicyManager.XmlSerializers.dll
2012-03-01 13:57 - 2012-03-01 13:57 - 00155648 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\RegistrationModule.XmlSerializers.dll
2012-03-01 13:59 - 2012-03-01 13:59 - 00237568 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\ActionManager.XmlSerializers.dll
2012-03-01 15:49 - 2012-03-01 15:49 - 00307200 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\AppModule.XmlSerializers.dll
2012-03-01 14:01 - 2012-03-01 14:01 - 00053248 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\ContainmentRefresh.XmlSerializers.dll
2012-01-06 12:06 - 2012-01-06 12:06 - 00079872 _____ () C:\Program Files\Novell\CASA\bin\lcredmgr.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-27 11:13 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-25 04:02 - 2012-08-25 04:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-08-26 02:44 - 2015-08-26 02:44 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2016-05-07 15:24 - 2015-12-13 02:39 - 00143239 _____ () C:\Users\s430219\AppData\Local\Temp\~nsu.tmp\Au_.exe
2011-12-21 14:39 - 2011-12-21 14:39 - 00053248 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\xmlparse.dll
2011-12-21 14:39 - 2011-12-21 14:39 - 00081920 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\xmltok.dll
2012-04-17 12:13 - 2012-04-17 12:13 - 00283024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\am_facade.dll
2012-04-17 12:13 - 2012-04-17 12:13 - 01225104 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\enterprise_application_control.dll
2012-04-17 12:15 - 2012-04-17 12:15 - 00278928 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\device_control_task.ppl
2012-04-17 12:13 - 2012-04-17 12:13 - 00262544 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\device_control.dll
2012-04-17 12:16 - 2012-04-17 12:16 - 00463248 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\WebControlTask.ppl
2012-04-17 12:14 - 2012-04-17 12:14 - 00311696 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 8 for Windows\network_services.dll
2016-04-08 17:35 - 2016-04-08 17:35 - 03481600 _____ () C:\Users\s430219\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2016-04-15 19:13 - 2016-03-21 16:50 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-15 19:13 - 2016-03-21 16:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-04-15 19:13 - 2016-03-21 16:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-04-15 19:13 - 2016-03-21 16:50 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-04-15 19:13 - 2016-03-21 16:50 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-04-15 19:13 - 2016-03-21 16:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-04-15 19:13 - 2016-04-08 13:20 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-04-15 19:13 - 2016-03-21 16:50 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-04-15 19:13 - 2016-04-08 13:19 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-04-15 19:13 - 2016-03-21 16:51 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-04-15 19:13 - 2016-04-08 13:19 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-04-15 19:13 - 2016-04-08 13:19 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-15 19:13 - 2016-04-08 13:19 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-15 19:13 - 2016-04-08 13:19 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-04-15 19:13 - 2016-04-08 13:19 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-15 19:13 - 2016-03-21 16:50 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-04-15 19:13 - 2016-03-21 16:50 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-04-15 19:13 - 2016-03-21 16:51 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-04-15 19:13 - 2016-04-08 13:19 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-04-15 19:13 - 2016-04-08 13:19 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-15 19:13 - 2016-04-08 13:19 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-04-15 19:13 - 2016-03-21 16:52 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-04-15 19:13 - 2016-04-08 13:19 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-04-15 19:13 - 2016-04-08 13:20 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-04-15 19:13 - 2016-03-21 16:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-04-15 19:13 - 2016-03-21 16:54 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-04-15 19:13 - 2016-03-21 16:54 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-04-15 19:13 - 2016-04-08 13:20 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-04-15 19:13 - 2016-04-08 13:20 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-04-15 19:13 - 2016-03-21 16:56 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-05-02 21:21 - 2016-04-27 18:25 - 01738904 _____ () C:\Users\s430219\AppData\Local\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-02 21:21 - 2016-04-27 18:25 - 00086168 _____ () C:\Users\s430219\AppData\Local\Google\Chrome\Application\50.0.2661.94\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:HaXJb5pQVUMurEOzEZKjY4 [1990]
AlternateDataStreams: C:\ProgramData\Microsoft:1A5OBxzgoWoZKB68QHx6L [2296]
AlternateDataStreams: C:\ProgramData\Microsoft:A6GK06Bio8bdZblpxj5gR [2048]
AlternateDataStreams: C:\ProgramData\Microsoft:HJiUYOzUqK0tDgEAiqORdy [2494]
AlternateDataStreams: C:\ProgramData\Microsoft:mGIuVKaOoerHszZXZbx85vpgodWD [2154]
AlternateDataStreams: C:\ProgramData\Microsoft:QM8D5KFdjTw0N8poiiDVlvOtz [2258]
AlternateDataStreams: C:\ProgramData\Microsoft:WTgG4xd2FcjcBioA7Ehki5rY12 [2188]
AlternateDataStreams: C:\Users\s430219\Cookies:lSmQ0jFntY8sdMm2a5SmNZvCSuLiaQ [2256]
AlternateDataStreams: C:\Users\s430219\Local Settings:gPRxv7FohCpnnOsgGNKbnuW [2220]
AlternateDataStreams: C:\Users\s430219\AppData\Local:gPRxv7FohCpnnOsgGNKbnuW [2220]
AlternateDataStreams: C:\Users\s430219\AppData\Local\Application Data:gPRxv7FohCpnnOsgGNKbnuW [2220]
AlternateDataStreams: C:\Users\s430219\AppData\Local\BCXrEzrWqfTDt:t0d3syN41KLHP4LEGzEukH1L0 [2194]
AlternateDataStreams: C:\Users\s430219\AppData\Local\Temp:Q4LQJWEGuKUe1dGpxXl [2336]
AlternateDataStreams: C:\Users\s430219\AppData\Local\Temporary Internet Files:ByANIxsCuRKlxWDpuD [2080]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZESService => "ImagePath"="C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZESService => "Start"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZESService => "Type"="16"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZESService => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZESService => "FailureActions"="0x8051010000000000000000000300000014000000020000000000000002000000000000000200000000000000"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZESService => "ImagePath"="C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZESService => "Start"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZESService => "Type"="16"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZESService => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZESService => "FailureActions"="0x8051010000000000000000000300000014000000020000000000000002000000000000000200000000000000"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-01-08 03:29 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1475117352-3723492382-4078676718-34806\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B5EC4F7E-ACC1-4076-AD6A-418066519FBA}] => (Allow) C:\Program Files (x86)\Novell\ZENworks\bin\nzrWinVNC.exe
FirewallRules: [{EF50B628-49BC-4770-AAC4-1EEAEAEB6C35}] => (Allow) C:\Program Files (x86)\Novell\ZENworks\bin\nzrWinVNC.exe
FirewallRules: [{014DAFD3-05D6-4B6D-A372-310CD6BFB418}] => (Allow) C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe
FirewallRules: [{BC751C34-DB64-4CD4-8902-0BD2B4E454C5}] => (Allow) C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe
FirewallRules: [{A3E1B0D8-5830-4A85-9144-E83CFF2B9B8B}] => (Allow) LPort=15000
FirewallRules: [{B53BBD7F-87D0-4900-8809-07DF8E8F22D2}] => (Allow) LPort=15000
FirewallRules: [{F2066ABB-0885-4D66-A2CF-EFE5324CC44A}] => (Allow) LPort=15000
FirewallRules: [{45E30EA9-32C4-4AF0-B39F-BFAAA5393C6D}] => (Allow) LPort=7628
FirewallRules: [{AAF864AE-B9FE-4E5B-B802-F7B9491318AD}] => (Allow) LPort=7628
FirewallRules: [{85CE91A1-F18C-483F-A736-450E0804A42E}] => (Allow) C:\Users\s430219\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{0DD39AD8-B2A4-4373-98ED-59C7D843A55A}] => (Allow) C:\Users\s430219\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{4C3B4DDB-FA17-4E05-B557-02DDBD1BB5DF}] => (Allow) C:\Users\s430219\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{498E5D0E-3E2D-47DC-A657-2C3985D0107C}] => (Allow) C:\Users\s430219\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{E96DC41D-6EBA-41C1-8A0E-E5C026A75041}] => (Allow) C:\Users\s430219\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{D76C08A1-71D2-4670-BD8C-424521359D9B}] => (Allow) C:\Users\s430219\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{849DA576-22C4-44B5-B94C-AF7A7600CE13}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8E054F28-58B0-4EEA-8236-23A292C34726}] => (Allow) C:\Users\s430219\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E4F0040B-E7F8-4FF1-8E6E-4C97C172C9C5}] => (Allow) C:\Users\s430219\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6ABBF4C-EF00-455C-ABCA-C2297ADBCC3B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F73F0A97-411D-4B5E-B94C-92F4E7A92F09}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{721A15A4-E6BC-40C2-BE99-476933A9921C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{430D8CB3-B4A6-4D6E-A8BF-9B77C75D6DD5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{88368E6E-4E88-4BC3-802E-CCA91F4BD475}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C7ED1428-7C01-4F47-86B0-43DA025B677E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{FA543A65-F929-49F8-A497-ABF8017FFB9C}] => (Allow) C:\Program Files (x86)\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{6D4B7FB4-C125-4A89-9E33-A01E42DD45BA}] => (Allow) C:\Program Files (x86)\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{DF2CDA34-7AFE-42D9-BC52-2E5DD1F93220}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B8AA19C7-2C50-4C8E-BEB7-C9D239C14F34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8586FB29-692B-4C47-8A96-142C5F4A0DBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{32C165E8-8583-490F-BA8A-90463223063A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B5DCA880-9CA0-4372-BD13-B729CB63361D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FB2867A2-A9A7-4E69-9863-41AEDE849C21}] => (Allow) C:\Users\s430219\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
02-05-2016 03:36:20 Scheduled Checkpoint
02-05-2016 12:51:33 Installed iTunes
05-05-2016 15:55:06 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506
05-05-2016 16:01:02 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506
05-05-2016 16:02:44 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506
07-05-2016 14:58:48 Removed vWorkspace Connector for Windows.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/07/2016 11:44:33 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-05-30T06:23:32Z. Error Code: 0x80041321.
 
Error: (05/07/2016 11:32:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63508897
 
Error: (05/07/2016 11:32:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63508897
 
Error: (05/07/2016 11:32:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/07/2016 11:32:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63507836
 
Error: (05/07/2016 11:32:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63507836
 
Error: (05/07/2016 11:32:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/07/2016 11:32:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63506837
 
Error: (05/07/2016 11:32:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63506837
 
Error: (05/07/2016 11:32:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/07/2016 04:03:01 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CFISD due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (05/07/2016 03:52:46 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 51. The internal error state is 805.
 
Error: (05/07/2016 02:40:16 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CFISD)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (05/07/2016 02:32:42 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (05/07/2016 11:52:50 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (05/07/2016 11:52:48 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CFISD due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (05/07/2016 11:51:13 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:50:01 AM on ‎5/‎7/‎2016 was unexpected.
 
Error: (05/07/2016 11:47:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (05/07/2016 11:35:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Novell ZENworks Agent Service service.
 
Error: (05/07/2016 11:33:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 89%
Total physical RAM: 3661.68 MB
Available physical RAM: 387.36 MB
Total Virtual: 9200.1 MB
Available Virtual: 2452.43 MB
 
==================== Drives ================================
 
Drive c: ( Local Disk) (Fixed) (Total:298.09 GB) (Free:47.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9FFDA5B0)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 08 May 2016 - 11:14 AM

Hi again;

 

PresentationHost.exe, msdtc.exe, dllhost.exe, cmd.exe msiexec.exe, conhost.exe.

These files are clean. Please no make manual operation.

==============================================================

 

Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   10.77KB   9 downloads  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.
====================================================================================
How is the PC running now ? Any issues ? Please let me know.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users