Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting Product data removed after I run JRT, also redirected on google &popups


  • This topic is locked This topic is locked
5 replies to this topic

#1 bhill357

bhill357

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 09 May 2016 - 10:18 PM

I keep getting product data removed each time I run JRT. Also being redirected in Google with popups.  Other browsers are affected/infected, but use google the most due to fewer issues. I changed all user names to User 1 and User 2 for security reasons.

 

First FRST Log

 

Attached File  FRST.txt with User names edited.txt   63.15KB   1 downloadsAttached File  Addition.txt with User names edited.txt   33.69KB   1 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by User 1 (administrator) on User 2 (09-05-2016 21:58:21)
Running from C:\Users\User 1\Desktop
Loaded Profiles: User 1 (Available Profiles: User 1 & User 2 & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Windows\System32\TieringEngineService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\User 1\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2016-01-02] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.4.537\ASUSWSLoader.exe [63272 2015-10-12] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-04-21] (SUPERAntiSpyware)
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\RunOnce: [Uninstall C:\Users\User 1\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\User 1\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\RunOnce: [Uninstall C:\Users\User 1\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\User 1\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\RunOnce: [Uninstall C:\Users\User 1\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\User 1\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.4.537\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.4.537\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.4.537\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-04-26]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitSmartDefragBootTime.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8a259692-d5d4-4c7f-b74d-e76dd82d7dce}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{afcf9dbe-dcd6-463e-b590-590b742a7fe9}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-26] (Oracle Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2854642774-4291190339-103677218-1001 -> hxxp://comcast.net/
 
FireFox:
========
FF ProfilePath: C:\Users\User 1\AppData\Roaming\Mozilla\Firefox\Profiles\qf1k0qm4.default
FF DefaultSearchEngine: XFINITY
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: XFINITY
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-02] (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml [2014-07-22]
 
Chrome: 
=======
CHR Profile: C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-03]
CHR Extension: (Google Drive) - C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (YouTube) - C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Adblock Plus) - C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-12]
CHR Extension: (Google Sheets) - C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-03]
CHR Extension: (Google Docs Offline) - C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (AdBlock) - C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
S3 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2016-02-26] (Intel Corporation)
R3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4322440 2016-01-02] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [51128 2016-01-02] (Intel Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-19] (REALiX™)
S3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [83968 2015-07-24] (Intel® Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [83576 2016-01-04] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [32736 2016-01-02] (Intel® Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2015-03-25] (EldoS Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2016-01-02] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2015-02-17] (ThreatTrack Security, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [63696 2015-02-17] (ThreatTrack Security)
R1 sbwfw; C:\Windows\system32\DRIVERS\sbwfw.sys [345392 2015-02-17] (ThreatTrack Security)
S3 sbwtis; C:\Windows\system32\DRIVERS\sbwtis.sys [95608 2015-02-17] (ThreatTrack Security)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-03-23] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [146200 2016-03-23] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-09 21:58 - 2016-05-09 21:59 - 00016457 _____ C:\Users\User 1\Desktop\FRST.txt
2016-05-09 21:57 - 2016-05-09 21:58 - 00000000 ____D C:\FRST
2016-05-09 21:56 - 2016-05-09 21:57 - 02381312 _____ (Farbar) C:\Users\User 1\Desktop\FRST64 (1).exe
2016-05-09 21:55 - 2016-05-09 21:56 - 02381312 _____ (Farbar) C:\Users\User 1\Downloads\FRST64.exe
2016-05-09 18:20 - 2016-05-09 18:20 - 02870984 _____ (ESET) C:\Users\User 1\Downloads\esetsmartinstaller_enu (2).exe
2016-05-09 17:59 - 2016-05-09 17:59 - 00003688 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-05-09 17:59 - 2016-05-09 17:59 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-05-08 19:46 - 2016-05-08 19:46 - 00000486 _____ C:\Users\User 1\Documents\cc_20160508_194558.reg
2016-05-07 00:28 - 2016-05-07 00:28 - 00000000 ____H C:\asc_rdflag
2016-04-29 13:22 - 2016-04-29 13:22 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-28 05:02 - 2015-01-29 19:21 - 00050320 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-04-27 00:13 - 2016-04-27 00:13 - 13766179 _____ C:\Users\User 1\Downloads\WoWS Guide EN_NA 2.0.pdf
2016-04-26 00:54 - 2016-04-26 00:54 - 00002670 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-26 00:54 - 2016-04-26 00:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-26 00:54 - 2016-04-26 00:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-26 00:52 - 2016-04-26 00:54 - 286869504 _____ C:\Users\User 1\Downloads\kav_rescue_10.iso
2016-04-26 00:52 - 2016-04-26 00:52 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-26 00:52 - 2016-04-26 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-26 00:51 - 2016-04-26 00:51 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-26 00:50 - 2016-04-26 00:51 - 95511464 _____ (Kaspersky Lab ZAO) C:\Users\User 1\Downloads\KVRT.exe
2016-04-26 00:47 - 2016-04-26 00:47 - 02622792 _____ (Kaspersky Lab) C:\Users\User 1\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-04-26 00:45 - 2016-04-26 00:45 - 00001196 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-04-26 00:45 - 2016-04-26 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-04-26 00:45 - 2016-04-26 00:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-26 00:44 - 2016-04-26 00:44 - 00508072 _____ (Kaspersky Lab) C:\Users\User 1\Downloads\ksu (1).exe
2016-04-24 23:51 - 2016-04-24 23:51 - 00000000 ___RD C:\Users\User 1\Documents\Notes
2016-04-22 22:33 - 2016-04-22 22:33 - 00014480 _____ C:\Users\User 1\Downloads\CDR_message_706 (2).csv
2016-04-22 22:33 - 2016-04-22 22:33 - 00001819 _____ C:\Users\User 1\Downloads\CDR_voice_7062(2).csv
2016-04-22 22:30 - 2016-04-22 22:30 - 00069381 _____ C:\Users\User 1\Downloads\CDR_message_706 (1).csv
2016-04-22 22:30 - 2016-04-22 22:30 - 00010078 _____ C:\Users\User 1\Downloads\CDR_voice_706 (1).csv
2016-04-22 21:36 - 2016-04-22 21:36 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-04-21 01:05 - 2016-04-21 01:06 - 00000000 ____D C:\Users\User 1\Documents\From 2GB SD Card
2016-04-21 00:48 - 2016-04-21 01:05 - 00000000 ____D C:\Users\User 1\Documents\From SD Card
2016-04-20 05:33 - 2016-04-20 05:33 - 00809334 _____ C:\Users\User 1\Documents\cc_20160420_053314.reg
2016-04-18 23:28 - 2016-04-18 23:31 - 00264512 _____ C:\TDSSKiller.3.1.0.9_18.04.2016_23.28.17_log.txt
2016-04-18 23:08 - 2016-04-18 23:08 - 00286884 _____ C:\Users\User 1\Documents\chase_mobile_card.pdf
2016-04-18 22:55 - 2016-04-18 22:55 - 00076872 _____ C:\Users\User 1\Desktop\FilePony.de.html
2016-04-18 22:55 - 2016-04-18 22:55 - 00000000 ____D C:\Users\User 1\Desktop\FilePony.de_files
2016-04-18 22:47 - 2016-04-18 23:28 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\User 1\Desktop\123.exe
2016-04-18 22:35 - 2016-04-18 22:35 - 01610352 _____ (Malwarebytes) C:\Users\User 1\Downloads\JRT (5).exe
2016-04-18 22:35 - 2016-04-18 22:35 - 00245248 _____ (Darkgust) C:\Users\User 1\Downloads\avleak_1.0.exe
2016-04-18 22:33 - 2016-04-18 22:33 - 04274096 _____ (BrightFort LLC ) C:\Users\User 1\Downloads\spywareblaster_5.4.exe
2016-04-18 22:30 - 2016-04-26 00:35 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\User 1\Downloads\rkill_2.8.3.exe
2016-04-18 22:30 - 2016-04-18 22:30 - 05660031 _____ (Swearware) C:\Users\User 1\Downloads\combofix_16.4.6.1.exe
2016-04-18 22:24 - 2016-04-18 22:24 - 03683904 _____ C:\Users\User 1\Downloads\adwcleaner_5.112.exe
2016-04-18 22:14 - 2016-04-18 22:14 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-18 22:13 - 2016-04-18 22:13 - 24002120 _____ C:\Users\User 1\Downloads\RogueKillerX64 (4).exe
2016-04-18 20:03 - 2016-04-18 20:03 - 00042523 _____ C:\Users\User 1\Downloads\MyPayPDF.pdf
2016-04-17 18:39 - 2016-05-07 00:28 - 89362432 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2016-04-17 18:39 - 2016-05-07 00:28 - 00483328 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2016-04-17 18:39 - 2016-05-07 00:28 - 00036864 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2016-04-17 18:39 - 2016-05-07 00:28 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2016-04-14 20:43 - 2016-04-14 20:43 - 00004544 _____ C:\Users\User 1\Desktop\New Journal Document.jnt
2016-04-14 02:22 - 2016-04-14 02:22 - 00000029 _____ C:\Users\User 1\website.txt
2016-04-14 02:20 - 2016-04-14 02:20 - 03465280 _____ C:\Users\User 1\Downloads\adwcleaner_5.110.exe
2016-04-14 02:20 - 2016-04-14 02:20 - 03465280 _____ C:\Users\User 1\Downloads\AdwCleaner.exe
2016-04-14 02:12 - 2016-04-14 02:12 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-14 01:38 - 2016-04-14 02:14 - 06042552 _____ (AVAST Software) C:\Users\User 1\Downloads\avastclear.exe
2016-04-13 23:36 - 2016-04-06 14:32 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-13 23:36 - 2016-04-06 14:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-13 03:08 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 03:08 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 03:08 - 2016-04-01 23:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 03:08 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 03:08 - 2016-03-29 06:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 03:08 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 03:08 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 03:08 - 2016-03-29 02:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 03:08 - 2016-03-29 02:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 03:08 - 2016-03-29 02:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 03:08 - 2016-03-29 02:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 03:08 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 03:08 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 03:08 - 2016-03-29 02:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 03:08 - 2016-03-29 01:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 03:08 - 2016-03-29 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 03:08 - 2016-03-29 01:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 03:08 - 2016-03-29 01:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 03:08 - 2016-03-29 01:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 03:08 - 2016-03-29 01:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 03:08 - 2016-03-29 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 03:08 - 2016-03-29 01:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 03:08 - 2016-03-29 01:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 03:08 - 2016-03-29 01:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 03:07 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 03:07 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 03:07 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 03:07 - 2016-04-01 23:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 03:07 - 2016-04-01 23:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 03:07 - 2016-04-01 23:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 03:07 - 2016-04-01 23:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 03:07 - 2016-04-01 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 03:07 - 2016-04-01 23:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 03:07 - 2016-04-01 23:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 03:07 - 2016-04-01 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 03:07 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 03:07 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 03:07 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 03:07 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 03:07 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 03:07 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 03:07 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 03:07 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 03:07 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 03:07 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 03:07 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 03:07 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 03:07 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 03:07 - 2016-03-29 05:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 03:07 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 03:07 - 2016-03-29 05:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 03:07 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 03:07 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 03:07 - 2016-03-29 05:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 03:07 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 03:07 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 03:07 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 03:07 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 03:07 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 03:07 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 03:07 - 2016-03-29 04:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 03:07 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 03:07 - 2016-03-29 04:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 03:07 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 03:07 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 03:07 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 03:07 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 03:07 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 03:07 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 03:07 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 03:07 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 03:07 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 03:07 - 2016-03-29 03:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 03:07 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 03:07 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 03:07 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 03:07 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 03:07 - 2016-03-29 03:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 03:07 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 03:07 - 2016-03-29 03:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 03:07 - 2016-03-29 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 03:07 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 03:07 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 03:07 - 2016-03-29 03:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 03:07 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 03:07 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 03:07 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 03:07 - 2016-03-29 03:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 03:07 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 03:07 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 03:07 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 03:07 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 03:07 - 2016-03-29 03:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 03:07 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 03:07 - 2016-03-29 03:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 03:07 - 2016-03-29 03:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 03:07 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 03:07 - 2016-03-29 03:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 03:07 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 03:07 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 03:07 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 03:07 - 2016-03-29 03:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 03:07 - 2016-03-29 03:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 03:07 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 03:07 - 2016-03-29 03:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 03:07 - 2016-03-29 03:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 03:07 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 03:07 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 03:07 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 03:07 - 2016-03-29 03:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 03:07 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 03:07 - 2016-03-29 03:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 03:07 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 03:07 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 03:07 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 03:07 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 03:07 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 03:07 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 03:07 - 2016-03-29 02:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 03:07 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 03:07 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 03:07 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 03:07 - 2016-03-29 02:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 03:07 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 03:07 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 03:07 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 03:07 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 03:07 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 03:07 - 2016-03-29 02:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 03:07 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 03:07 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 03:07 - 2016-03-29 02:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 03:07 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 03:07 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 03:07 - 2016-03-29 02:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 03:07 - 2016-03-29 02:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 03:07 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 03:07 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 03:07 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 03:07 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 03:07 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 03:07 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 03:07 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 03:07 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 03:07 - 2016-03-29 02:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 03:07 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 03:07 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 03:07 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 03:07 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 03:07 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 03:07 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 03:07 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 03:07 - 2016-03-29 02:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 03:07 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 03:07 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 03:07 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 03:07 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 03:07 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 03:07 - 2016-03-29 02:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 03:07 - 2016-03-29 02:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 03:07 - 2016-03-29 02:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 03:07 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 03:07 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 03:07 - 2016-03-29 02:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 03:07 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 03:07 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 03:07 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 03:07 - 2016-03-29 01:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 03:07 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 03:07 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 03:07 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 03:07 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 03:07 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 03:07 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 03:07 - 2016-03-29 01:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 03:07 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 03:07 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 03:06 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 03:06 - 2016-04-01 23:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 03:06 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 03:06 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 03:06 - 2016-04-01 23:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 03:06 - 2016-04-01 23:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 03:06 - 2016-04-01 23:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 03:06 - 2016-04-01 23:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 03:06 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 03:06 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 03:06 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 03:06 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 03:06 - 2016-03-29 04:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 03:06 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 03:06 - 2016-03-29 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 03:06 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 03:06 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 03:06 - 2016-03-29 04:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 03:06 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 03:06 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 03:06 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 03:06 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 03:06 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 03:06 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 03:06 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 03:06 - 2016-03-29 04:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 03:06 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 03:06 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 03:06 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 03:06 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 03:06 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 03:06 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 03:06 - 2016-03-29 03:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 03:06 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 03:06 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 03:06 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 03:06 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 03:06 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 03:06 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 03:06 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 03:06 - 2016-03-29 03:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 03:06 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 03:06 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 03:06 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 03:06 - 2016-03-29 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 03:06 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 03:06 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 03:06 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 03:06 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 03:06 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 03:06 - 2016-03-29 03:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 03:06 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 03:06 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 03:06 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 03:06 - 2016-03-29 03:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 03:06 - 2016-03-29 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 03:06 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 03:06 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 03:06 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 03:06 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 03:06 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 03:06 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 03:06 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 03:06 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 03:06 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 03:06 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 03:06 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 03:06 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 03:06 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 03:06 - 2016-03-29 03:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 03:06 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 03:06 - 2016-03-29 03:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 03:06 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 03:06 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 03:06 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 03:06 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 03:06 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 03:06 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 03:06 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 03:06 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 03:06 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 03:06 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 03:06 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 03:06 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 03:06 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 03:06 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 03:06 - 2016-03-29 02:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 03:06 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 03:06 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 03:06 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 03:06 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 03:06 - 2016-03-29 02:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 03:06 - 2016-03-29 02:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 03:06 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 03:06 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 03:06 - 2016-03-29 02:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 03:06 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 03:06 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 03:06 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 03:06 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 03:06 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 03:06 - 2016-03-29 02:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 03:06 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 03:06 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 03:06 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 03:06 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 03:06 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 03:06 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 06:10 - 2016-04-12 06:10 - 00000867 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-04-12 01:31 - 2016-04-12 01:32 - 28853400 _____ (Adlice Software ) C:\Users\User 1\Downloads\setup (3).exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-09 21:45 - 2016-04-02 01:40 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-09 21:35 - 2016-02-06 02:40 - 00000697 _____ C:\Users\User 1\Desktop\JRT.txt
2016-05-09 17:57 - 2016-02-06 03:11 - 00000093 _____ C:\Users\User 1\AppData\Roaming\sp_data.sys
2016-05-09 15:56 - 2016-02-10 01:38 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CDCC682F-B2B4-4574-9001-D9049ED65AA6}
2016-05-09 01:45 - 2016-04-02 01:40 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-08 07:20 - 2015-03-09 00:14 - 00000000 ____D C:\Users\User 1\AppData\Local\CrashDumps
2016-05-08 00:51 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-08 00:50 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-08 00:46 - 2015-03-08 23:07 - 00000000 __SHD C:\Users\User 1\IntelGraphicsProfiles
2016-05-08 00:45 - 2016-01-01 23:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-08 00:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-05-07 09:27 - 2015-10-30 02:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-05-07 00:27 - 2016-03-21 18:26 - 00000256 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_User 1.job
2016-05-03 21:00 - 2016-01-01 22:55 - 00000000 ____D C:\Users\User 1
2016-05-03 20:52 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-02 23:38 - 2016-01-01 23:15 - 00834360 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-02 20:48 - 2016-04-02 01:41 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-02 20:48 - 2016-04-02 01:41 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-29 13:21 - 2016-02-03 01:29 - 00867752 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\User 1\Downloads\rufus.exe
2016-04-28 01:07 - 2015-03-14 06:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-26 00:57 - 2016-04-02 01:00 - 00003430 _____ C:\WINDOWS\System32\Tasks\ASC Task (One-Time)
2016-04-26 00:57 - 2014-09-03 00:16 - 00003032 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2016-04-26 00:54 - 2015-04-11 04:20 - 00000000 ____D C:\ProgramData\Skype
2016-04-26 00:53 - 2015-02-25 01:50 - 00000825 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-26 00:52 - 2016-02-19 03:45 - 00000000 ____D C:\Users\User 1\.oracle_jre_usage
2016-04-26 00:49 - 2015-06-30 22:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-04-26 00:45 - 2016-02-27 01:47 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-04-26 00:39 - 2015-08-17 01:22 - 00003668 _____ C:\Users\User 1\Desktop\Rkill.txt
2016-04-24 23:51 - 2016-03-13 21:28 - 00000000 ____D C:\Users\User 1\AppData\Roaming\vlc
2016-04-24 23:51 - 2015-03-23 23:15 - 00000000 ____D C:\Users\User 1\Desktop\New folder (2)
2016-04-23 01:16 - 2016-01-11 04:30 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5091A890-05EC-4D39-84AC-B6E98ACC32A8}
2016-04-22 22:35 - 2015-03-24 01:40 - 00000000 ____D C:\Users\User 2\AppData\Local\CrashDumps
2016-04-22 22:34 - 2016-01-02 00:03 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-04-22 22:34 - 2015-03-23 23:37 - 00000000 __SHD C:\Users\User 2\IntelGraphicsProfiles
2016-04-22 20:14 - 2016-03-07 03:16 - 00000000 ____D C:\Users\User 1\AppData\Local\ElevatedDiagnostics
2016-04-22 19:55 - 2016-02-04 00:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-22 03:57 - 2015-03-08 23:19 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-17 20:22 - 2016-01-01 22:55 - 00000000 ____D C:\Users\User 2
2016-04-17 18:39 - 2016-01-01 22:55 - 00000000 ____D C:\Users\Administrator
2016-04-16 17:37 - 2014-05-16 16:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-16 00:52 - 2016-01-02 01:45 - 00000000 ____D C:\Users\User 2\.oracle_jre_usage
2016-04-16 00:51 - 2015-03-23 23:36 - 00000000 ____D C:\Users\User 2\AppData\Local\Packages
2016-04-16 00:50 - 2014-05-16 16:03 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-04-16 00:45 - 2015-07-16 23:46 - 00000000 ____D C:\Users\User 1\AppData\Roaming\WildTangent
2016-04-16 00:45 - 2015-03-25 06:18 - 00000000 ____D C:\Users\User 2\AppData\Roaming\WildTangent
2016-04-16 00:45 - 2014-05-16 16:03 - 00000000 ____D C:\ProgramData\WildTangent
2016-04-14 13:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-14 02:37 - 2016-03-23 01:12 - 00001277 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
2016-04-14 02:37 - 2016-03-23 01:12 - 00001265 _____ C:\Users\Public\Desktop\AudioWizard.lnk
2016-04-14 02:37 - 2016-01-01 22:51 - 00319042 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2016-04-14 02:37 - 2016-01-01 22:51 - 00006786 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2016-04-14 02:37 - 2016-01-01 22:51 - 00002626 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2016-04-14 02:36 - 2016-01-01 22:51 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-04-14 01:46 - 2016-01-01 22:47 - 00362112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 01:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 01:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 01:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 01:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 23:56 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 23:51 - 2015-02-23 08:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 23:41 - 2015-02-23 08:13 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 19:12 - 2015-02-08 03:14 - 00000000 ____D C:\Users\User 1\AppData\Local\Packages
2016-04-12 06:10 - 2016-03-26 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-04-12 06:10 - 2016-03-26 00:18 - 00000000 ____D C:\Program Files\RogueKiller
2016-04-12 02:00 - 2016-03-26 03:39 - 00005677 _____ C:\Users\User 1\Downloads\aswMBR.txt
2016-04-12 02:00 - 2016-03-26 03:39 - 00000512 _____ C:\Users\User 1\Downloads\MBR.dat
2016-04-12 01:28 - 2016-03-26 01:02 - 23872072 _____ C:\Users\User 1\Downloads\RogueKillerX64 (3).exe
2016-04-11 18:09 - 2015-06-20 02:57 - 00000000 ____D C:\Users\User 1\AppData\Roaming\Skype
2016-04-11 18:07 - 2015-06-20 02:57 - 00000000 ____D C:\Users\User 1\AppData\Local\Skype
2016-04-11 18:03 - 2016-04-01 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-11 17:48 - 2015-08-16 23:46 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
 
==================== Files in the root of some directories =======
 
2016-02-06 03:11 - 2016-05-09 17:57 - 0000093 _____ () C:\Users\User 1\AppData\Roaming\sp_data.sys
2015-10-21 23:09 - 2015-10-21 23:09 - 0000000 _____ () C:\Users\User 1\AppData\Local\{719A4A9E-7001-4076-AD8A-B313B9AC700A}
2015-08-30 23:05 - 2015-08-30 23:05 - 0000000 _____ () C:\Users\User 1\AppData\Local\{78AF96A0-4073-4CD8-846E-51C767D8F4FC}
2015-09-09 02:20 - 2015-09-09 02:20 - 0000000 _____ () C:\Users\User 1\AppData\Local\{DBCC55B5-9BA2-4592-BC3B-2ACE387DB9D8}
2016-01-01 22:51 - 2016-01-01 22:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-16 16:02 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-16 16:02 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-16 16:02 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dwm.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-08 01:36
 
==================== End of FRST.txt ============================
 
 
 
FRST Addition post
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by User 1 (2016-05-09 22:00:56)
Running from C:\Users\User 1\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-02 03:40:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2854642774-4291190339-103677218-500 - Administrator - Disabled) => C:\Users\Administrator
User 2 (S-1-5-21-2854642774-4291190339-103677218-1004 - Administrator - Enabled) => C:\Users\User 2
User 1 (S-1-5-21-2854642774-4291190339-103677218-1001 - Administrator - Enabled) => C:\Users\User 1
DefaultAccount (S-1-5-21-2854642774-4291190339-103677218-503 - Limited - Disabled)
Guest (S-1-5-21-2854642774-4291190339-103677218-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.2.0 - IObit)
ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.8 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4105 - CyberLink Corp.)
Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit)
ELAN Touchpad 11.5.20.3_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.20.3 - ELAN Microelectronic Corp.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4338 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.6.101 - IObit)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Kaspersky Cleaner (HKLM-x32\...\{6D8461B7-6026-497C-A94B-95BC1A4E3EBC}) (Version: 1.0.0.106 - Kaspersky Lab)
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{A19807B6-6057-456E-A560-A2A04862C1C6}) (Version: 1.5.1.202 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.1.202 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.7 - Panda Security)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7586 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.4 - IObit)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.4.537 - ASUS Cloud Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
World of Warships (HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2854642774-4291190339-103677218-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User 1\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2854642774-4291190339-103677218-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0ACAC6AE-167A-4C26-8D74-00C8BDB41374} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0DD85B71-88AC-49E3-A53F-9A4C1C38CE8F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {14EB4E69-03E7-4A96-ACBD-6138C89B89FB} - \Optimize Start Menu Cache Files-S-1-5-21-2854642774-4291190339-103677218-500 -> No File <==== ATTENTION
Task: {1AD5D8B3-F17D-494D-9FC3-DA544EC92D20} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {28107D4D-2474-4624-BA96-A869DA9B93CE} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2016-01-28] (IObit)
Task: {37223D61-7611-47A8-AE00-DA8D8204C7DD} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {4465F7F7-B0ED-419B-BEE3-2E9E6FD7C81F} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {449B5D75-A985-4BED-A0DF-A40C10346A0B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
Task: {5434A0A6-CCDF-4185-B72D-AC19B316D1CC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {5AF68068-1C35-44D0-AE15-6154BEDFA41D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5B8FD762-2A87-412D-A8D1-DF8BEDE46320} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {673D4F90-6F04-48AE-9BE5-C426021BF909} - System32\Tasks\ASC Task (One-Time) => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCPromote.exe [2016-04-02] (IObit)
Task: {6C42B3CB-3E26-4FB9-A5A4-BD4B4BB7123E} - System32\Tasks\ASC9_SkipUac_User 1 => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-03-18] (IObit)
Task: {72665CF6-1B40-4329-BDE0-25A4976B518C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7FC80C47-CA3A-4D30-9C44-5F443954D984} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-02] (Google Inc.)
Task: {8817A922-E746-46B9-BA4D-705D75A3E15E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {8992CF06-D75A-4B56-85BB-0027C1C1E43D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8C30B855-E7D8-46F0-A060-60E63E96AC87} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {93663F0C-7A22-4A19-9B73-5B7FFEA95DA3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A15C823F-ED1A-4F3A-B2EA-51D070C3C10A} - System32\Tasks\SmartDefrag4_Defrag => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2016-02-17] (IObit)
Task: {A1BE3F8D-838D-407D-82BA-874A373E13D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B6A800F6-9544-415B-A6D5-94C3DC015D93} - System32\Tasks\ASC9_SkipUac_User 2 => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-03-18] (IObit)
Task: {C3CBFE24-4E31-46B8-8D47-A15182265F9E} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {C4D278FE-27E3-4827-80EB-F527DEEF3CA6} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {C68E6E5E-8693-43FC-B0B1-A82ABD21C3F2} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-03-15] (IObit)
Task: {C7A1F433-13CC-45B6-8599-FFBAF55A64AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C81AB411-114D-4F30-B247-161215A0F5F6} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {D4D72B7C-6462-4D01-B8AF-10BC14460A10} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {DF6BFAFB-ADA6-48EE-946C-BA91CB591311} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E2FA36C2-CB9A-4693-BCB9-A71B03FF4605} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {E3D409FF-8B58-4761-9148-D6DFD7D52806} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-02] (Google Inc.)
Task: {E6E030AE-5681-467C-9F2F-39BB4B350B76} - System32\Tasks\{CE08B55D-D7BD-41F5-BEAA-B9BAE929762F} => pcalua.exe -a C:\Users\User 1\AppData\Roaming\moviesom-b311cc7f8d16707cfed6840e00927611\uninstall\webapp-uninstaller.exe
Task: {F4C733D6-9006-49B8-9080-AEC1EBB87A63} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ASC9_SkipUac_User 1.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 03:08 - 2016-03-29 06:20 - 02656952 _____ () c:\windows\system32\CoreUIComponents.dll
2015-03-18 15:42 - 2012-09-18 15:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2016-02-04 17:22 - 2012-09-18 15:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2016-04-13 03:08 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 03:08 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-05-04 15:25 - 2015-05-04 15:25 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2016-01-02 01:39 - 2016-01-02 01:39 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 03:06 - 2016-04-01 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 03:07 - 2016-04-01 23:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 03:07 - 2016-04-01 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 03:08 - 2016-04-01 22:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 03:08 - 2016-04-01 23:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-02 20:48 - 2016-04-28 03:33 - 02224280 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-02 20:48 - 2016-04-28 03:33 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
2016-05-02 20:48 - 2016-04-28 03:33 - 31411864 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [146]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\94785774.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\94785774.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\1-se.com -> 1-se.com
 
There are 11405 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-06-22 02:22 - 2016-02-28 23:50 - 00000768 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Kaspersky Software Updater Beta.lnk"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "iFreeUp"
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\StartupApproved\Run: => "KSS"
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\StartupApproved\Run: => "Uninstall C:\Users\User 1\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\StartupApproved\Run: => "Uninstall C:\Users\User 1\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\...\StartupApproved\Run: => "Uninstall C:\Users\User 1\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F78DCD36-9C02-47EC-A2FA-84B3CB682E89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56533A14-953F-4453-8B95-7D69FD561142}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF4770F5-AC2D-4130-BCEA-97D7A924DCAB}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{32B9846F-3994-4F9E-8A58-28D316F83918}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{7FBB08C9-DE82-4A01-A3E2-3E43FC59B273}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{BAA8AF66-03D4-444E-A012-70710BF50B28}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{26CE1FF6-2326-4FEC-805F-5FBDAEA714F3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E6363EDD-8B64-47ED-8F57-A26F9FDF52DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
18-04-2016 21:41:50 JRT Pre-Junkware Removal
26-04-2016 01:01:34 JRT Pre-Junkware Removal
05-05-2016 07:00:10 Scheduled Checkpoint
09-05-2016 21:30:34 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/09/2016 06:20:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (05/09/2016 06:20:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (05/08/2016 05:08:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 50.0.2661.94 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: c50
 
Start Time: 01d1a8f1f24cc28f
 
Termination Time: 149
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 52e5f90c-14fc-11e6-840d-382c4a0b68b5
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/07/2016 12:32:22 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (2008) {B67B1D12-CD92-4D3A-AEAF-04C044AA4E3C}: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\User 1\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb00046.log.
 
Error: (05/07/2016 12:31:03 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (2008) {9D418FDB-1504-46CC-A28F-53A34120830B}: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\User 1\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb0035C.log.
 
Error: (05/07/2016 12:27:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_StateRepository, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: msvcp110_win.dll_unloaded, version: 10.0.10586.0, time stamp: 0x5632d16a
Exception code: 0xc0000005
Fault offset: 0x000000000001e640
Faulting process id: 0x85c
Faulting application start time: 0xsvchost.exe_StateRepository0
Faulting application path: svchost.exe_StateRepository1
Faulting module path: svchost.exe_StateRepository2
Report Id: svchost.exe_StateRepository3
Faulting package full name: svchost.exe_StateRepository4
Faulting package-relative application ID: svchost.exe_StateRepository5
 
Error: (05/07/2016 12:27:50 AM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2140) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
 
Error: (05/03/2016 01:31:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: User 2)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/03/2016 01:31:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: User 2)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/03/2016 01:31:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: User 2)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (05/09/2016 08:46:30 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
Error: (05/09/2016 08:43:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User 1\AppData\Local\Temp\ehdrv.sys
 
Error: (05/09/2016 08:43:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (05/09/2016 08:43:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User 1\AppData\Local\Temp\ehdrv.sys
 
Error: (05/09/2016 08:43:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (05/09/2016 08:43:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (05/09/2016 08:43:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User 1\AppData\Local\Temp\ehdrv.sys
 
Error: (05/09/2016 08:43:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User 1\AppData\Local\Temp\ehdrv.sys
 
Error: (05/09/2016 08:43:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (05/09/2016 08:43:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User 1\AppData\Local\Temp\ehdrv.sys
 
 
CodeIntegrity:
===================================
  Date: 2016-05-09 21:57:55.162
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-09 21:57:54.965
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-09 21:57:54.756
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-09 21:57:54.455
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-09 21:57:54.251
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-09 21:57:54.011
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-09 20:00:20.488
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-09 20:00:20.228
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-09 20:00:19.890
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-09 20:00:18.356
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 63%
Total physical RAM: 3982.64 MB
Available physical RAM: 1455.96 MB
Total Virtual: 9007.89 MB
Available Virtual: 6514.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:82.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:258.35 GB) (Free:257.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E13C8432)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

 

Attached Files

  • Attached File  JRT.txt   697bytes   1 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 10 May 2016 - 09:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

IObit programs are not recommended. Advance System Care and others are known to cause system problems and that had stolen material from other computer security companies to use in their own program.
IOBit Steals Malwarebytes’ Intellectual Property
IOBit’s Denial of Theft Unconvincing
The program has also been seen to cause numerous system problems that tend to go away after uninstalling their software.

Go to Start > Control Panel > Add or Remove Programs from IObit.

It's your call.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {0ACAC6AE-167A-4C26-8D74-00C8BDB41374} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {14EB4E69-03E7-4A96-ACBD-6138C89B89FB} - \Optimize Start Menu Cache Files-S-1-5-21-2854642774-4291190339-103677218-500 -> No File <==== ATTENTION
Task: {1AD5D8B3-F17D-494D-9FC3-DA544EC92D20} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5AF68068-1C35-44D0-AE15-6154BEDFA41D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5B8FD762-2A87-412D-A8D1-DF8BEDE46320} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {72665CF6-1B40-4329-BDE0-25A4976B518C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8992CF06-D75A-4B56-85BB-0027C1C1E43D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8C30B855-E7D8-46F0-A060-60E63E96AC87} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {93663F0C-7A22-4A19-9B73-5B7FFEA95DA3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A1BE3F8D-838D-407D-82BA-874A373E13D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C7A1F433-13CC-45B6-8599-FFBAF55A64AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF6BFAFB-ADA6-48EE-946C-BA91CB591311} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F4C733D6-9006-49B8-9080-AEC1EBB87A63} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [146]
Folder: C:\ProgramData\productdata
Folder: C:\Users\User1l\AppData\Roaming\productdata

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

Please post the log for my review.

p.s.
Do not run the JRT tool before you execute any portion of this fix.

#3 bhill357

bhill357
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 11 May 2016 - 12:43 AM

I uninstalled everything IOBIT as suggested. I then copied and saved the fixlist.txt to the desktop as instructed. I started the FRST program and pressed fix. It ran for a min or two, then stopped due to an error.  I created a screenshot of the message.  I started it again, ran the program, pressed fix and it completed creating a fixlog.txt.  I tried the java verify link, but due to running Win 10, it's not needed, so I deleted the one that was on the computer. I didn't see an attach option, so it's copied and pasted only.

Thanks for your assistance!!

 

 

fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by User 1 (2016-05-11 00:56:22) Run:2
Running from C:\Users\User 1\Desktop
Loaded Profiles: User 1 (Available Profiles: User 1 & User 2 & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {0ACAC6AE-167A-4C26-8D74-00C8BDB41374} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {14EB4E69-03E7-4A96-ACBD-6138C89B89FB} - \Optimize Start Menu Cache Files-S-1-5-21-2854642774-4291190339-103677218-500 -> No File <==== ATTENTION
Task: {1AD5D8B3-F17D-494D-9FC3-DA544EC92D20} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5AF68068-1C35-44D0-AE15-6154BEDFA41D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5B8FD762-2A87-412D-A8D1-DF8BEDE46320} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {72665CF6-1B40-4329-BDE0-25A4976B518C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8992CF06-D75A-4B56-85BB-0027C1C1E43D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8C30B855-E7D8-46F0-A060-60E63E96AC87} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {93663F0C-7A22-4A19-9B73-5B7FFEA95DA3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A1BE3F8D-838D-407D-82BA-874A373E13D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C7A1F433-13CC-45B6-8599-FFBAF55A64AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF6BFAFB-ADA6-48EE-946C-BA91CB591311} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F4C733D6-9006-49B8-9080-AEC1EBB87A63} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [146]
Folder: C:\ProgramData\productdata
Folder: C:\Users\User1l\AppData\Roaming\productdata
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-2854642774-4291190339-103677218-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
intaud_WaveExtensible => service not found.
"C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0ACAC6AE-167A-4C26-8D74-00C8BDB41374}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ACAC6AE-167A-4C26-8D74-00C8BDB41374}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14EB4E69-03E7-4A96-ACBD-6138C89B89FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14EB4E69-03E7-4A96-ACBD-6138C89B89FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2854642774-4291190339-103677218-500" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1AD5D8B3-F17D-494D-9FC3-DA544EC92D20}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AD5D8B3-F17D-494D-9FC3-DA544EC92D20}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AF68068-1C35-44D0-AE15-6154BEDFA41D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AF68068-1C35-44D0-AE15-6154BEDFA41D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B8FD762-2A87-412D-A8D1-DF8BEDE46320}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B8FD762-2A87-412D-A8D1-DF8BEDE46320}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72665CF6-1B40-4329-BDE0-25A4976B518C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72665CF6-1B40-4329-BDE0-25A4976B518C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8992CF06-D75A-4B56-85BB-0027C1C1E43D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8992CF06-D75A-4B56-85BB-0027C1C1E43D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C30B855-E7D8-46F0-A060-60E63E96AC87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C30B855-E7D8-46F0-A060-60E63E96AC87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93663F0C-7A22-4A19-9B73-5B7FFEA95DA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93663F0C-7A22-4A19-9B73-5B7FFEA95DA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1BE3F8D-838D-407D-82BA-874A373E13D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1BE3F8D-838D-407D-82BA-874A373E13D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7A1F433-13CC-45B6-8599-FFBAF55A64AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7A1F433-13CC-45B6-8599-FFBAF55A64AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF6BFAFB-ADA6-48EE-946C-BA91CB591311}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF6BFAFB-ADA6-48EE-946C-BA91CB591311}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4C733D6-9006-49B8-9080-AEC1EBB87A63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4C733D6-9006-49B8-9080-AEC1EBB87A63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\ProgramData\Temp => ":ECF54A0E" ADS removed successfully.
 
========================= Folder: C:\ProgramData\productdata ========================
 
2016-05-09 23:28 - 2016-05-10 23:57 - 0000049 _____ () C:\ProgramData\productdata\asc9Stat.ini
2016-05-09 23:28 - 2016-05-10 23:57 - 0000243 _____ () C:\ProgramData\productdata\StatCache.db
 
====== End of Folder: ======
 

========================= Folder: C:\Users\User1l\AppData\Roaming\productdata ========================
 
not found.
 
====== End of Folder: ======
 
EmptyTemp: => 89.8 MB temporary data Removed.
 

The system needed a reboot.
 
==== End of Fixlog 00:57:27 ====


#4 bhill357

bhill357
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 11 May 2016 - 12:45 AM

 found the attach a file button after posting.  Here it is if you need it.Attached File  Fixlog.txt   10.09KB   1 downloads



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 11 May 2016 - 07:50 AM



========================= Folder: C:\ProgramData\productdata ========================

2016-05-09 23:28 - 2016-05-10 23:57 - 0000049 _____ () C:\ProgramData\productdata\asc9Stat.ini
2016-05-09 23:28 - 2016-05-10 23:57 - 0000243 _____ () C:\ProgramData\productdata\StatCache.db


These files are created by IObit Advanced SystemCare every time you run the application.
http://greatis.com/pcapps/iobit/advancedsystemcarefree-9-2-0-1110.html

IObit programs are not recommended. Advance System Care and others are known to cause system problems and that had stolen material from other computer security companies to use in their own program.
IOBit Steals Malwarebytes’ Intellectual Property
IOBit’s Denial of Theft Unconvincing
The program has also been seen to cause numerous system problems that tend to go away after uninstalling their software.

Go to Start > Control Panel > Add or Remove Programs from IObit.

It's your call.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 17 May 2016 - 08:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users