Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer opens firefox by itself and goes to msn website?


  • This topic is locked This topic is locked
33 replies to this topic

#1 bluedoggie2122

bluedoggie2122

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 15 May 2016 - 05:18 PM

Hi bleeping computer,

 

My computer just launched fire fox by itself and went to the msn website and then it opened a new tab to the msn website. I don't know what's going on. Am I infected with something? I've attached my additions.txt and frst.txt. Please help me.

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 15 May 2016 - 05:26 PM

Hello bluedoggie2122 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here
Thanks
    
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely
:hello:

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 bluedoggie2122

bluedoggie2122
  • Topic Starter

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 15 May 2016 - 06:13 PM

Hi olgun52,

 

Thanks for replying to my post. My avast just detected some kind of rootkit in the file called System.Net.http.ni.dll: wofCompressedData. I deleted it.



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 15 May 2016 - 06:43 PM

Thanks for replying to my post. My avast just detected some kind of rootkit in the file called System.Net.http.ni.dll: wofCompressedData. I deleted it.

That file could be cleaner. Well, did PC any the problem after  deleting ? Did you restart your the PC ?

http://www.freefixer.com/library/file/System.Net.Http.ni.dll-117795/


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 15 May 2016 - 07:15 PM

Hi again,

 

Uninstall:

SUPERAntiSpyware
C:\Program Files\SUPERAntiSpyware

And PC restart now.

======================================================================

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   5.56KB   8 downloads  and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 bluedoggie2122

bluedoggie2122
  • Topic Starter

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 15 May 2016 - 08:30 PM

Hi Olgun52,

 

Super Anti-Spyware is a legit program but okay I uninstalled it and restarted and I followed the rest of your post here are the logs. Each log is separated by a $ symbol.

Am I clean?

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-05-2016
Ran by user (2016-05-15 17:44:46) Run:3
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3532764290-1005100713-3378480098-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll => No File
Task: {0060AFD1-C8BD-49A6-B4BE-2DDD9729AC54} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0C0E2DFD-B441-40FD-A7B5-FD09DDC0EC6E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1006AADA-97B7-4535-802B-DF3CE1665266} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {206302B6-768F-4D84-BAC8-86D08F8FD2F9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {22B7B504-A968-43A6-9BD3-C67472ABAD08} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {26150D77-575E-4448-9498-688BD2BA9CA8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {37C304F9-3EF8-4EB4-8459-AB7A8B35D5B5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5AF29837-6DA2-4DE0-BBE8-527350954299} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {615D6C54-972A-4E30-AD0A-55F54E721592} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7329C981-9D3D-48C5-994D-C87FD29CC0BD} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9AE4F307-B395-4CD7-AAC0-37EA759167B6} - System32\Tasks\SUPERAntiSpyware Scheduled Task ea75b6ab-29fa-45fe-9280-7ef5440fcccf => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) <==== ATTENTION
Task: {B6FCAA19-1E7C-472B-9DEF-CDA17A30A9B4} - System32\Tasks\SUPERAntiSpyware Scheduled Task bdb73a93-364f-40c2-822e-0d4b0e3c122a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) <==== ATTENTION
Task: {BFEDE7FD-D2C7-4CB5-8BD3-92FC2042ABB5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DAFC6CFA-80E7-4A51-906D-249A66AC19F8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E048B1BB-97E4-4E54-BCFF-E0EF2938DC32} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task bdb73a93-364f-40c2-822e-0d4b0e3c122a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ea75b6ab-29fa-45fe-9280-7ef5440fcccf.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <==== ATTENTION
FirewallRules: [UDP Query User{F6B3ECF9-AFB7-4010-99E5-44FC284983DD}C:\users\user\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{E31AD2B6-094A-4281-AFF7-536EDEFA3EAC}C:\users\user\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
HKU\S-1-5-21-3532764290-1005100713-3378480098-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-04-20] (SUPERAntiSpyware)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R3 GPU-Z; C:\Users\user\AppData\Local\Temp\GPU-Z.sys [27008 2016-05-15] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
2016-04-29 20:54 - 2016-05-15 12:54 - 00000524 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ea75b6ab-29fa-45fe-9280-7ef5440fcccf.job
2016-04-29 20:54 - 2016-04-29 21:20 - 00000524 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task bdb73a93-364f-40c2-822e-0d4b0e3c122a.job
2016-04-29 20:54 - 2016-04-29 20:54 - 00003746 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task bdb73a93-364f-40c2-822e-0d4b0e3c122a
2016-04-29 20:54 - 2016-04-29 20:54 - 00003664 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task ea75b6ab-29fa-45fe-9280-7ef5440fcccf
2016-04-29 20:54 - 2016-04-29 20:54 - 00001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-04-29 20:54 - 2016-04-29 20:54 - 00000000 ____D C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
2016-04-29 20:53 - 2016-04-29 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-04-29 20:53 - 2016-04-29 20:53 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
C:\Program Files\SUPERAntiSpyware
C:\Users\user\Downloads\SUPERAntiSpyware.exe
C:\7429877ce9f0418da66289cfe5
C:\789e7801c97c871158
C:\04a96571d51f7c433d7d76d24b
C:\b08a70dee56aa22180
CMD: type "C:\7429877ce9f0418da66289cfe5"
CMD: type "C:\789e7801c97c871158"
CMD: type "C:\04a96571d51f7c433d7d76d24b"
CMD: type "C:\b08a70dee56aa22180"
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Emptytemp:
Reboot:
End




*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3532764290-1005100713-3378480098-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0060AFD1-C8BD-49A6-B4BE-2DDD9729AC54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0060AFD1-C8BD-49A6-B4BE-2DDD9729AC54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C0E2DFD-B441-40FD-A7B5-FD09DDC0EC6E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C0E2DFD-B441-40FD-A7B5-FD09DDC0EC6E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1006AADA-97B7-4535-802B-DF3CE1665266}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1006AADA-97B7-4535-802B-DF3CE1665266}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{206302B6-768F-4D84-BAC8-86D08F8FD2F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{206302B6-768F-4D84-BAC8-86D08F8FD2F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22B7B504-A968-43A6-9BD3-C67472ABAD08}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22B7B504-A968-43A6-9BD3-C67472ABAD08}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26150D77-575E-4448-9498-688BD2BA9CA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26150D77-575E-4448-9498-688BD2BA9CA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37C304F9-3EF8-4EB4-8459-AB7A8B35D5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37C304F9-3EF8-4EB4-8459-AB7A8B35D5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5AF29837-6DA2-4DE0-BBE8-527350954299}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AF29837-6DA2-4DE0-BBE8-527350954299}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{615D6C54-972A-4E30-AD0A-55F54E721592}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{615D6C54-972A-4E30-AD0A-55F54E721592}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7329C981-9D3D-48C5-994D-C87FD29CC0BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7329C981-9D3D-48C5-994D-C87FD29CC0BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AE4F307-B395-4CD7-AAC0-37EA759167B6} => key not found.
C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task ea75b6ab-29fa-45fe-9280-7ef5440fcccf => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task ea75b6ab-29fa-45fe-9280-7ef5440fcccf => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6FCAA19-1E7C-472B-9DEF-CDA17A30A9B4} => key not found.
C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task bdb73a93-364f-40c2-822e-0d4b0e3c122a => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task bdb73a93-364f-40c2-822e-0d4b0e3c122a => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFEDE7FD-D2C7-4CB5-8BD3-92FC2042ABB5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFEDE7FD-D2C7-4CB5-8BD3-92FC2042ABB5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAFC6CFA-80E7-4A51-906D-249A66AC19F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAFC6CFA-80E7-4A51-906D-249A66AC19F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E048B1BB-97E4-4E54-BCFF-E0EF2938DC32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E048B1BB-97E4-4E54-BCFF-E0EF2938DC32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task bdb73a93-364f-40c2-822e-0d4b0e3c122a.job => not found.
C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ea75b6ab-29fa-45fe-9280-7ef5440fcccf.job => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F6B3ECF9-AFB7-4010-99E5-44FC284983DD}C:\users\user\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E31AD2B6-094A-4281-AFF7-536EDEFA3EAC}C:\users\user\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe => value removed successfully
C:\Program Files\SUPERAntiSpyware\SASCore64.exe => No running process found
HKU\S-1-5-21-3532764290-1005100713-3378480098-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware => value not found.
!SASCORE => service not found.
GPU-Z => service removed successfully
SASDIFSV => service not found.
SASKUTIL => service not found.
idsvc => service removed successfully
wpcsvc => service removed successfully
"C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ea75b6ab-29fa-45fe-9280-7ef5440fcccf.job" => not found.
"C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task bdb73a93-364f-40c2-822e-0d4b0e3c122a.job" => not found.
"C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task bdb73a93-364f-40c2-822e-0d4b0e3c122a" => not found.
"C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task ea75b6ab-29fa-45fe-9280-7ef5440fcccf" => not found.
"C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk" => not found.
"C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware" => not found.
"C:\ProgramData\SUPERAntiSpyware.com" => not found.
C:\Program Files\SUPERAntiSpyware => moved successfully
C:\Users\user\Downloads\SUPERAntiSpyware.exe => moved successfully
C:\7429877ce9f0418da66289cfe5 => moved successfully
C:\789e7801c97c871158 => moved successfully
C:\04a96571d51f7c433d7d76d24b => moved successfully
C:\b08a70dee56aa22180 => moved successfully

=========  type "C:\7429877ce9f0418da66289cfe5" =========

The system cannot find the file specified.

========= End of CMD: =========


=========  type "C:\789e7801c97c871158" =========

The system cannot find the file specified.

========= End of CMD: =========


=========  type "C:\04a96571d51f7c433d7d76d24b" =========

The system cannot find the file specified.

========= End of CMD: =========


=========  type "C:\b08a70dee56aa22180" =========

The system cannot find the file specified.

========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => 593.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:46:12 ====

 

 

 

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

 

 

# AdwCleaner v5.117 - Logfile created 15/05/2016 at 17:57:59
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [703 bytes] - [15/05/2016 17:57:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [764 bytes] - [15/05/2016 17:54:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [847 bytes] ##########
 

 

 

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by user (Administrator) on Sun 05/15/2016 at 18:06:09.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\WINDOWS\prefetch\AVAST_FREE_ANTIVIRUS_SETUP_ON-6A238A86.pf (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/15/2016 at 18:09:16.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

 

 

 

~ ZHPCleaner v2016.5.13.66 by Nicolas Coolman (2016/05/13)
~ Run by user (Administrator)  (15/05/2016 18:19:22)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\user\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\user\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 10586)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 85448
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 00h05mn06s
~====================
ZHPCleaner-[S]-15052016-18_24_28.txt
 


Edited by bluedoggie2122, 15 May 2016 - 08:31 PM.


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 16 May 2016 - 02:33 PM

Thanks for the Logs.

Super Anti-Spyware is a legit program but okay I uninstalled it

Task: {9AE4F307-B395-4CD7-AAC0-37EA759167B6} - System32\Tasks\SUPERAntiSpyware Scheduled Task ea75b6ab-29fa-45fe-9280-7ef5440fcccf => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) <==== ATTENTION
Task: {B6FCAA19-1E7C-472B-9DEF-CDA17A30A9B4} - System32\Tasks\SUPERAntiSpyware Scheduled Task bdb73a93-364f-40c2-822e-0d4b0e3c122a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) <==== ATTENTION

Thank you. There is  problem in SUPERAntiSpyware software. !!!

===============
Am I clean?

Not much of a bad situation.So nothing to worry about.

==============================================

My computer just launched fire fox by itself and went to the msn website and then it opened a new tab to the msn website.

Do the issues remain?

================================

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 bluedoggie2122

bluedoggie2122
  • Topic Starter

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 17 May 2016 - 01:29 PM

Hi Olgun52,

 

Thank you for responding I shall get to this tomorrow when I have more time.



#9 bluedoggie2122

bluedoggie2122
  • Topic Starter

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 18 May 2016 - 03:52 PM

Hi Olgun52,

 

Zemana says I'm clean. Here is the log:

 

 

Zemana AntiMalware 2.20.179.613 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/5/18
Operating System       : Windows 10 64-bit
Processor              : 6X AMD FX™-6300 Six-Core Processor
BIOS Mode              : Legacy
CUID                   : 0003E613EAE6194D35DD05
Scan Type              : Smart Scan
Duration               : 2m 6s
Scanned Objects        : 13732
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects

 

 

Should I uninstall Zemana?



#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 18 May 2016 - 05:14 PM

Should I uninstall Zemana?

of course if you want to remove.

=============================
Please do the following;

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
firefoxlook;
chromelook;
ielook;
process;
services-list;
installedprogs;
startupall;
skipfix-iedefaults;
filesrcm;
srinfo;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL];e 
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 bluedoggie2122

bluedoggie2122
  • Topic Starter

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 20 May 2016 - 12:50 PM

Hi Olgun52,

 

I ran zoek and then this PEVZ.exe showed up in task manager. The PEVZ.exe is located in my Temp folder. It was created the same time i ran zoek. Is that PEVZ.exe part of zoek? I looked it up online and some sites says that PEVZ.exe is some kind of trojan. Anyways the zoek scan could not finish untill I went into task manager and ended task of PEVZ.exe. Please tell me this PEVZ isn't somekind of virus. Oh and when zoek finished and closed PEVZ.exe dissapeared from my temp folder. Here is the log file that was created:

 

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by user on Fri 05/20/2016 at 10:08:36.40.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-05-20-170622.log    82026 bytes

==== Installed Programs ======================

7-Zip 15.08 beta (x64)  
7-Zip 9.20 (x64 edition)  
Adobe Acrobat Reader DC  
Adobe Flash Player 21 NPAPI  
Adobe Refresh Manager  
AMD Accelerated Video Transcoding  
AMD Drag and Drop Transcoding  
AMD Fuel  
AMD Install Manager  
AMD Media Foundation Decoders  
AMD Settings  
AMD Wireless Display v3.0  
Avast Free Antivirus  
Avernum 4  
Baldur's Gate  
Battle.net  
Beyond Good & Evil  
Bio Menace  
Blackboard Collaborate Launcher  
Blade Kitten  
BloodRayne  
BloodRayne 2  
BloodRayne: Betrayal  
BlueJ  
Castlevania: Lords of Shadow - Mirror of Fate HD  
Castlevania: Lords of Shadow - Ultimate Edition  
Catalyst Control Center - Branding  
Catalyst Control Center Graphics Previews Common  
Catalyst Control Center Localization All  
Catalyst Control Center Next Localization BR  
Catalyst Control Center Next Localization CHS  
Catalyst Control Center Next Localization CHT  
Catalyst Control Center Next Localization CS  
Catalyst Control Center Next Localization DA  
Catalyst Control Center Next Localization DE  
Catalyst Control Center Next Localization EL  
Catalyst Control Center Next Localization ES  
Catalyst Control Center Next Localization FI  
Catalyst Control Center Next Localization FR  
Catalyst Control Center Next Localization HU  
Catalyst Control Center Next Localization IT  
Catalyst Control Center Next Localization JA  
Catalyst Control Center Next Localization KO  
Catalyst Control Center Next Localization NL  
Catalyst Control Center Next Localization NO  
Catalyst Control Center Next Localization PL  
Catalyst Control Center Next Localization RU  
Catalyst Control Center Next Localization SV  
Catalyst Control Center Next Localization TH  
Catalyst Control Center Next Localization TR  
ccc-utility64  
CCC Help Chinese Standard  
CCC Help Chinese Traditional  
CCC Help Czech  
CCC Help Danish  
CCC Help Dutch  
CCC Help English  
CCC Help Finnish  
CCC Help French  
CCC Help German  
CCC Help Greek  
CCC Help Hungarian  
CCC Help Italian  
CCC Help Japanese  
CCC Help Korean  
CCC Help Norwegian  
CCC Help Polish  
CCC Help Portuguese  
CCC Help Russian  
CCC Help Spanish  
CCC Help Swedish  
CCC Help Thai  
CCC Help Turkish  
Combined Community Codec Pack 2014-07-13  
Counter-Strike: Global Offensive  
Crypt of the NecroDancer  
Darksiders  
DarksidersInstaller  
Deus Ex: Human Revolution  
Devil May Cryr 4 Special Edition  
Dishonored  
Divine Divinity  
DmC Devil May Cry  
Dust: An Elysian Tail  
Elite: Dangerous  
Endless Legend  
Far Cryr 3 Blood Dragon  
Freedom Planet  
Geeks3D FurMark 1.11.0  
GOG Galaxy  
Half-Life 2  
Half-Life: Blue Shift  
Jade Empire  
Java 8 Update 91  
Java Auto Updater  
Kingdoms of Amalur: ReckoningT  
Left 4 Dead 2  
Malwarebytes Anti-Malware version 2.2.1.1043  
Marc Ecko's Getting Up: Contents Under Pressure  
METAL GEAR RISING: REVENGEANCE  
Metro: Last Light  
Microsoft .NET Framework 4.6.1  
Microsoft Application Error Reporting  
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)  
Microsoft Mouse and Keyboard Center  
Microsoft Office Professional Plus 2016 - en-us  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501  
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026  
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026  
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026  
Microsoft Xbox 360 Accessories 1.2  
Mitsurugi Kamui Hikae  
Mozilla Firefox 46.0.1 (x86 en-US)  
Mozilla Maintenance Service  
Noitu Love 2 Devolution  
NVIDIA Drivers  
NVIDIA Install Application  
NVIDIA PhysX System Software 9.15.0428  
Office 16 Click-to-Run Extensibility Component  
Office 16 Click-to-Run Licensing Component  
Office 16 Click-to-Run Localization Component  
Onikira: Demon Killer  
OpenAL  
Overwatch  
PCSX2 - Playstation 2 Emulator  
Pillars of Eternity  
Poker Night 2  
Poker Night at the Inventory  
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver  
Ralink RT2870 Wireless LAN Card  
Rayman Legends  
Relic Hunters Zero  
Remember Me  
RPG Maker VX Ace  
SafeZone Stable 1.48.2066.101  
Shadow Warrior  
Skullgirls  
Sleeping DogsT  
Sonic & All-Stars Racing Transformed  
Sonic Generations  
Spec Ops: The Line  
SpellForce - Platinum Edition  
Star Wars Jedi Knight: Dark Forces II  
Star Wars Republic Commando  
Stargunner  
Steam  
Strider  
Styx: Master of Shadows  
System Shock 2  
Team Fortress 2  
The Legend of KorraT  
The Typing of The Dead: Overkill  
The Witcher 3 - Wild Hunt  
The Witcher 3: Wild Hunt - Hearts of Stone  
Thief 2  
Thief Gold  
Thief: Deadly Shadows  
Tomb Raider: Anniversary  
Torchlight II  
TRANSFORMERS: Devastation  
TurboTax 2015  
TurboTax 2015 wcaiper  
TurboTax 2015 WinPerFedFormset  
TurboTax 2015 WinPerFuegoContent  
TurboTax 2015 WinPerReleaseEngine  
TurboTax 2015 WinPerTaxSupport  
TurboTax 2015 wrapper  
Ultra Street Fighter IV  
Undertale  
Uplay  
Valdis Story: Abyssal City  
Valkyria ChroniclesT  
VirtualCloneDrive  
Vulkan Run Time Libraries 1.0.3.1  
Way of the Samurai 4  
Way of the Samurai 4 Additional Sets  
Woolfe - The Red Hood Diaries  
X-Blades  

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\user\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\amd\ati.ace\fuel\fuel.service.exe
R2 - [ClickToRunSvc] - Microsoft Office Click-to-Run Service - c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe
R2 - [IntuitUpdateServiceV4] - Intuit Update Service v4 - c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe
R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
R2 - [MSMQ] - Message Queuing - c:\windows\system32\mqsvc.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S2 - [ZAMSvc] - ZAM Controller Service - c:\program files (x86)\zemana antimalware\zam.exe [x]
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [diagnosticshub.standardcollector.service] - Microsoft ® Diagnostics Hub Standard Collector Service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [GalaxyClientService] - GalaxyClientService - c:\program files (x86)\galaxyclient\galaxyclientservice.exe
S3 - [GalaxyCommunication] - GalaxyCommunication - c:\programdata\gog.com\galaxy\redists\galaxycommunication.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe

==== Batch Command(s) Run By Tool======================

 Volume in drive C has no label.
 Volume Serial Number is D8EA-9BE7

 Directory of C:\

07/13/2009  10:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\client

04/26/2016  05:31 PM    <SYMLINK>      AppvIsvStream32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll]
04/26/2016  05:31 PM    <SYMLINK>      AppvIsvStream64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll]
04/26/2016  05:31 PM    <SYMLINK>      AppvIsvSubsystems32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll]
04/26/2016  05:31 PM    <SYMLINK>      AppvIsvSubsystems64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll]
04/26/2016  05:31 PM    <SYMLINK>      C2R32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll]
04/26/2016  05:31 PM    <SYMLINK>      C2R64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
               6 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\Flattener

05/02/2016  06:00 PM    <SYMLINK>      AppvIsvStream32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll]
05/02/2016  06:00 PM    <SYMLINK>      AppvIsvStream64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll]
05/02/2016  06:00 PM    <SYMLINK>      AppvIsvSubsystems32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll]
05/02/2016  06:00 PM    <SYMLINK>      AppvIsvSubsystems64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll]
05/02/2016  06:00 PM    <SYMLINK>      C2R32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll]
05/02/2016  06:00 PM    <SYMLINK>      C2R64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
               6 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\Integration

05/02/2016  06:00 PM    <SYMLINK>      AppvIsvStream32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll]
05/02/2016  06:00 PM    <SYMLINK>      AppvIsvStream64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll]
05/02/2016  06:00 PM    <SYMLINK>      AppvIsvSubsystems32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll]
05/02/2016  06:00 PM    <SYMLINK>      AppvIsvSubsystems64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll]
05/02/2016  06:00 PM    <SYMLINK>      C2R32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll]
05/02/2016  06:00 PM    <SYMLINK>      C2R64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
               6 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\Office16

05/02/2016  06:00 PM    <SYMLINK>      AppvIsvStream32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll]
04/26/2016  05:32 PM    <SYMLINK>      AppvIsvStream64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll]
05/02/2016  06:00 PM    <SYMLINK>      AppvIsvSubsystems32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll]
04/26/2016  05:32 PM    <SYMLINK>      AppvIsvSubsystems64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll]
05/02/2016  06:00 PM    <SYMLINK>      C2R32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll]
04/26/2016  05:32 PM    <SYMLINK>      C2R64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
               6 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin

05/02/2016  06:01 PM    <SYMLINK>      AppvIsvStream32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll]
05/02/2016  06:01 PM    <SYMLINK>      AppvIsvStream64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll]
05/02/2016  06:01 PM    <SYMLINK>      AppvIsvSubsystems32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll]
05/02/2016  06:01 PM    <SYMLINK>      AppvIsvSubsystems64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll]
05/02/2016  06:01 PM    <SYMLINK>      C2R32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll]
05/02/2016  06:01 PM    <SYMLINK>      C2R64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
               6 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW

05/02/2016  06:06 PM    <SYMLINK>      AppvIsvStream64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll]
05/02/2016  06:06 PM    <SYMLINK>      AppvIsvSubsystems64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll]
05/02/2016  06:06 PM    <SYMLINK>      C2R64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
               3 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION

04/26/2016  05:36 PM    <SYMLINK>      AppvIsvStream32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll]
04/26/2016  05:36 PM    <SYMLINK>      AppvIsvSubsystems32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll]
04/26/2016  05:36 PM    <SYMLINK>      C2R32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll]
               3 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16

04/26/2016  05:35 PM    <SYMLINK>      AppvIsvStream64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll]
04/26/2016  05:35 PM    <SYMLINK>      AppvIsvSubsystems64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll]
04/26/2016  05:35 PM    <SYMLINK>      C2R64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
               3 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag

05/02/2016  06:07 PM    <SYMLINK>      AppvIsvStream64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll]
05/02/2016  06:07 PM    <SYMLINK>      AppvIsvSubsystems64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll]
05/02/2016  06:07 PM    <SYMLINK>      C2R64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
               3 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Source Engine

05/02/2016  06:07 PM    <SYMLINK>      AppvIsvStream64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll]
05/02/2016  06:07 PM    <SYMLINK>      AppvIsvSubsystems64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll]
05/02/2016  06:07 PM    <SYMLINK>      C2R64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
               3 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\EQUATION

04/26/2016  05:38 PM    <SYMLINK>      AppvIsvStream32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll]
04/26/2016  05:38 PM    <SYMLINK>      AppvIsvSubsystems32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll]
04/26/2016  05:38 PM    <SYMLINK>      C2R32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll]
               3 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16

04/26/2016  05:37 PM    <SYMLINK>      AppvIsvStream32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll]
04/26/2016  05:37 PM    <SYMLINK>      AppvIsvSubsystems32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll]
04/26/2016  05:37 PM    <SYMLINK>      C2R32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll]
               3 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\110

05/02/2016  06:07 PM    <SYMLINK>      AppvIsvStream64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream64.dll]
05/02/2016  06:07 PM    <SYMLINK>      AppvIsvSubsystems64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll]
05/02/2016  06:07 PM    <SYMLINK>      C2R64.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
               3 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16

04/26/2016  05:37 PM    <SYMLINK>      AppvIsvStream32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll]
04/26/2016  05:37 PM    <SYMLINK>      AppvIsvSubsystems32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll]
04/26/2016  05:37 PM    <SYMLINK>      C2R32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll]
               3 File(s)              0 bytes

 Directory of C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\DCF

05/02/2016  06:07 PM    <SYMLINK>      AppvIsvStream32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvStream32.dll]
05/02/2016  06:07 PM    <SYMLINK>      AppvIsvSubsystems32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll]
05/02/2016  06:07 PM    <SYMLINK>      C2R32.dll [C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll]
               3 File(s)              0 bytes

 Directory of C:\Program Files (x86)\Common Files\AV

12/03/2015  06:09 PM    <SYMLINKD>     avast! Antivirus [C:\Program Files\Common Files\AV\avast! Antivirus]
               0 File(s)              0 bytes

 Directory of C:\ProgramData

04/29/2016  07:06 PM    <JUNCTION>     Application Data [C:\ProgramData]
04/29/2016  07:06 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
04/29/2016  07:06 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
04/29/2016  07:06 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
04/29/2016  07:06 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
04/29/2016  07:06 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\ProgramData\Oracle\Java\javapath

04/21/2016  06:52 PM    <SYMLINK>      java.exe [C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe]
04/21/2016  06:52 PM    <SYMLINK>      javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaw.exe]
04/21/2016  06:52 PM    <SYMLINK>      javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe]
               3 File(s)              0 bytes

 Directory of C:\Users

10/30/2015  01:09 AM    <SYMLINKD>     All Users [C:\ProgramData]
10/30/2015  01:09 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes

 Directory of C:\Users\All Users

04/29/2016  07:06 PM    <JUNCTION>     Application Data [C:\ProgramData]
04/29/2016  07:06 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
04/29/2016  07:06 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
04/29/2016  07:06 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
04/29/2016  07:06 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
04/29/2016  07:06 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\All Users\Oracle\Java\javapath

04/21/2016  06:52 PM    <SYMLINK>      java.exe [C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe]
04/21/2016  06:52 PM    <SYMLINK>      javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaw.exe]
04/21/2016  06:52 PM    <SYMLINK>      javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe]
               3 File(s)              0 bytes

 Directory of C:\Users\Default

04/29/2016  07:06 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
04/29/2016  07:06 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
04/29/2016  07:06 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
04/29/2016  07:06 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/29/2016  07:06 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/29/2016  07:06 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
04/29/2016  07:06 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
04/29/2016  07:06 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
04/29/2016  07:06 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\Default\AppData\Local

04/29/2016  07:06 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
04/29/2016  07:06 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
04/29/2016  07:06 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes

 Directory of C:\Users\Default\Documents

04/29/2016  07:06 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
04/29/2016  07:06 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
04/29/2016  07:06 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\Default.migrated\Documents

07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\DefaultAppPool

04/29/2016  08:52 PM    <JUNCTION>     Application Data [C:\Users\DefaultAppPool\AppData\Roaming]
04/29/2016  08:52 PM    <JUNCTION>     Local Settings [C:\Users\DefaultAppPool\AppData\Local]
04/29/2016  08:52 PM    <JUNCTION>     My Documents [C:\Users\DefaultAppPool\Documents]
04/29/2016  08:52 PM    <JUNCTION>     NetHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/29/2016  08:52 PM    <JUNCTION>     PrintHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/29/2016  08:52 PM    <JUNCTION>     Recent [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Recent]
04/29/2016  08:52 PM    <JUNCTION>     SendTo [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo]
04/29/2016  08:52 PM    <JUNCTION>     Start Menu [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu]
04/29/2016  08:52 PM    <JUNCTION>     Templates [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\DefaultAppPool\AppData\Local

04/29/2016  08:52 PM    <JUNCTION>     Application Data [C:\Users\DefaultAppPool\AppData\Local]
04/29/2016  08:52 PM    <JUNCTION>     History [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\History]
04/29/2016  08:52 PM    <JUNCTION>     Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes

 Directory of C:\Users\DefaultAppPool\Documents

04/29/2016  08:52 PM    <JUNCTION>     My Music [C:\Users\DefaultAppPool\Music]
04/29/2016  08:52 PM    <JUNCTION>     My Pictures [C:\Users\DefaultAppPool\Pictures]
04/29/2016  08:52 PM    <JUNCTION>     My Videos [C:\Users\DefaultAppPool\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\Public\Documents

07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\user

04/29/2016  06:54 PM    <JUNCTION>     Application Data [C:\Users\user\AppData\Roaming]
04/29/2016  06:54 PM    <JUNCTION>     Cookies [C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies]
04/29/2016  06:54 PM    <JUNCTION>     Local Settings [C:\Users\user\AppData\Local]
04/29/2016  06:54 PM    <JUNCTION>     My Documents [C:\Users\user\Documents]
04/29/2016  06:54 PM    <JUNCTION>     NetHood [C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/29/2016  06:54 PM    <JUNCTION>     PrintHood [C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/29/2016  06:54 PM    <JUNCTION>     Recent [C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent]
04/29/2016  06:54 PM    <JUNCTION>     SendTo [C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo]
04/29/2016  06:54 PM    <JUNCTION>     Start Menu [C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu]
04/29/2016  06:54 PM    <JUNCTION>     Templates [C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\user\AppData\Local

04/29/2016  06:54 PM    <JUNCTION>     Application Data [C:\Users\user\AppData\Local]
04/29/2016  06:54 PM    <JUNCTION>     History [C:\Users\user\AppData\Local\Microsoft\Windows\History]
04/29/2016  06:54 PM    <JUNCTION>     Temporary Internet Files [C:\Users\user\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes

 Directory of C:\Users\user\AppData\Local\Microsoft\Windows

04/29/2016  06:54 PM    <JUNCTION>     Temporary Internet Files [C:\Users\user\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes

 Directory of C:\Users\user\AppData\Local\Microsoft\Windows\INetCache

05/15/2016  05:46 PM    <JUNCTION>     Content.IE5 [C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE]
               0 File(s)              0 bytes

 Directory of C:\Users\user\Documents

04/29/2016  06:54 PM    <JUNCTION>     My Music [C:\Users\user\Music]
04/29/2016  06:54 PM    <JUNCTION>     My Pictures [C:\Users\user\Pictures]
04/29/2016  06:54 PM    <JUNCTION>     My Videos [C:\Users\user\Videos]
               0 File(s)              0 bytes

 Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache

05/15/2016  05:52 PM    <JUNCTION>     Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE]
               0 File(s)              0 bytes

     Total Files Listed:
              66 File(s)              0 bytes
              71 Dir(s)  460,617,756,672 bytes free

==== Registry Exports ======================

Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL not found


==== Registry Exports x64 ======================

Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL not found


==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2016-05-18 20:38:14    367EDF31148B1735EEFA4F2DB80B8552    35500    ----a-w-    C:\WINDOWS\ZAM.krnl.trace
2016-05-18 20:38:14    17DEC4C599B94E2B005AD3BC98FF27B4    617    ----a-w-    C:\WINDOWS\ZAM_Guard.krnl.trace
2016-05-11 00:06:20    2617877C5761B8A696FD0368861EE6E4    4515256    ----a-w-    C:\WINDOWS\explorer.exe
2016-04-30 03:41:26    8D26DAE92B9995B082AE5B6BC2FB70DB    52184    ----a-w-    C:\WINDOWS\avastSS.scr
2016-04-30 01:50:26    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\WINDOWS\ativpsrm.bin
====== C:\Users\user\AppData\Local\Temp ====
====== Java Cache =====
2016-04-22 01:53:38    C2C4419CC379775E48EFD958C3FEBFEE    479817    ----a-w-    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1784d7c2-3b9466fb
2016-04-22 01:53:25    4F85459CEC4F78A3987FFFD5B6A816C5    605    ----a-w-    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52c00ce5-713284eb
2016-04-22 01:53:26    C9588417B10E1D770E3E5DA1F3510AE5    8425    ----a-w-    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\298d42d-582c36a2
2016-04-22 01:53:28    C1BBA7F1278F193AB584FFF460DB5E2A    17878    ----a-w-    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\c8dc66e-615e0aec
2016-04-22 01:53:38    C611538EFED63F122E4A07F748AC01B3    793    ----a-w-    C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-41d748f3
====== C:\WINDOWS\SysWOW64 =====
2016-05-11 00:08:18    40591C3BEBAEA638423B10863315D93F    87040    ----a-w-    C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 00:08:18    1159023FAA938BF54C7C033D2BC643BE    59904    ----a-w-    C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 00:08:17    DFB54165665C7E369A59B273C91B90B0    800768    ----a-w-    C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 00:08:16    3A1BD59AF5A0D20438D1E44FCF5EA4E8    349696    ----a-w-    C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 00:08:15    52FEDEA32F2BBFCD3AAA83FD39852C1A    2061824    ----a-w-    C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 00:08:13    3AEDE16F62921F443DDE37440C84B6F1    5205504    ----a-w-    C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 00:07:51    0561104CC8619EC5A53848F642434235    13018112    ----a-w-    C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 00:07:46    6BC0E961EA78AFD90348C8E05896A7DC    784896    ----a-w-    C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 00:07:45    98DA2DE9A1AC739DF3750F7DABECC9CF    6295552    ----a-w-    C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 00:07:45    0188F4F7264EE585DE518FD02DDD9F79    711680    ----a-w-    C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 00:07:40    15F732C297CE4B169D85214A96A16559    792064    ----a-w-    C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 00:07:34    22120EE8EC8AC405618FEA768071E267    19344384    ----a-w-    C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 00:06:58    3A5C07D5517087143701DBEB749F0EF1    18676224    ----a-w-    C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 00:06:41    B6506139C8A4CE3BDD3B4EFDF63A87B5    348672    ----a-w-    C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 00:06:41    9CD20753821A4F28AA797B5C9A24050F    9918976    ----a-w-    C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 00:06:37    5D9BB3289D25FDEA1B2DD491C9771778    21123320    ----a-w-    C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 00:06:35    468AA89AF32BEE9D6B0ABBDF7C88CF20    5240960    ----a-w-    C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 00:06:34    9F6F693FD7738B8DA4B420E46E973F35    2919832    ----a-w-    C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 00:06:33    5A77C7C30E117F60ACCEF43E2EA6841D    12125696    ----a-w-    C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 00:06:32    A404EA688829EF2657431CB34D0C72DF    5660160    ----a-w-    C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 00:06:31    85ED26DB17B3270944C344E0E5B7C34A    1542816    ----a-w-    C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 00:06:27    FB01CB67364FF3AA677F0CFD8C958E50    5324288    ----a-w-    C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 00:06:16    FA6CCFE5305E3D276F06A104EAA83029    4759040    ----a-w-    C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 00:06:14    692E62EA6039478321AE5D24A68E1FE2    4074160    ----a-w-    C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 00:06:13    80785EA474D952CC0CB2CF936E36DDE0    3666432    ----a-w-    C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 00:06:12    717DDEC1ABA5678EDC9F2AF1044BAA69    2000896    ----a-w-    C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 00:05:39    1D04327817511268754ED6F177DAD3E8    754176    ----a-w-    C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 00:05:38    4B71644224F39A390B6DCC482B3D582A    639488    ----a-w-    C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 00:05:38    2942FB92C23B77D3BD9D38117AF3663B    1557768    ----a-w-    C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 00:05:29    1F90253211F8E102D814F4DE4D550B85    1626624    ----a-w-    C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 00:05:27    362C9AA8696C74CD38F1416FF866C25C    522176    ----a-w-    C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 00:05:22    2CE163D00A7DA251D77F7B39E267382B    925064    ----a-w-    C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 00:05:21    35E635469515D564CE418DDCC7B7BC96    1500160    ----a-w-    C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 00:05:21    32A696B0A48CCCCE5FC8E8E572FD4E90    434688    ----a-w-    C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 00:05:16    03B7C4D05DB7FF060E49FA900FCE627E    451928    ----a-w-    C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 00:05:14    E48F0A089D9BAE356BF14FE3A16B1147    489984    ----a-w-    C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 00:05:10    25E42F5C3FDE0E96BF3C16814DC7A688    1372304    ----a-w-    C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 00:05:05    B91176A909798C7EAC28AB4FE786CA53    705536    ----a-w-    C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 00:05:03    30E3DC9ED2C6641709AC961CB7CE72BB    647680    ----a-w-    C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 00:05:02    4AE45F3077E79A3E3B22996F80DA9E7A    354304    ----a-w-    C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 00:04:57    D408D20295BA135DC1B9B181FADF78DD    255168    ----a-w-    C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 00:04:50    4ECC2FAF9F29066636E06253C0D7FA06    503296    ----a-w-    C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 00:04:46    318E2A6EC26C9703A5B273B015672660    388608    ----a-w-    C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 00:04:43    CD36155EE56E94B4E8830FA90822511F    503296    ----a-w-    C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 00:04:40    1B26C71109A2EA27DD6684719BF493EC    188256    ----a-w-    C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 00:04:39    89C74675E6DE7888153B1F6644772774    1536088    ----a-w-    C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 00:04:35    122F8F0FAF690B88FBDE2DB097740AB6    569744    ----a-w-    C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 00:04:33    9CAC58EBAFB3E32711920568810CDCD7    307200    ----a-w-    C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 00:04:28    10564E7A7EE807FF580E34A94ACF5590    1522152    ----a-w-    C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 00:04:26    1587235261E629DFFAA0C39A72CAD1A6    667648    ----a-w-    C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 00:04:24    8E8FBA400CD678AB46D46BB24921A051    342528    ----a-w-    C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 00:04:22    A825405D442EB9A2526468E16296DD58    513368    ----a-w-    C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 00:04:19    9E6DBA611E99BE75589D6A358F54364F    137728    ----a-w-    C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 00:04:13    E7BD4D15CDC5A1E162256CFADCA92344    1337240    ----a-w-    C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 00:04:10    525FC35182F9660E2A7DCC75607535DC    707608    ----a-w-    C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 00:04:03    A1A9DDD5C6A335C0B97423A2F75C9299    453472    ----a-w-    C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 00:04:03    30F680D95B0CCABE46C775672C912C0A    306832    ----a-w-    C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 00:04:01    9F8A026A9643F89B4E451539A7AAC0C9    50176    ----a-w-    C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 00:04:00    460CDD92C5283DCB9E35AF2B8DB7F200    461824    ----a-w-    C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 00:03:58    5AEDC6D333BC8D8B1DE5928FCE2150DB    400896    ----a-w-    C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 00:03:54    FAD56D0A789345614220D9B770DF400A    465760    ----a-w-    C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 00:03:48    25B0BAA64D6D62873FAA7719DB64015C    183904    ----a-w-    C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 00:03:40    AB48B90C4DB88D2F31D1A6F460F76D29    241664    ----a-w-    C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 00:03:31    E9E7FA1FC796ADC16A1169736EFC7AF3    84480    ----a-w-    C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 00:03:29    96101F3B90BDE894A862CDF1B808A03F    84832    ----a-w-    C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 00:03:27    0D19695F93813C63B4656E42536892FA    47104    ----a-w-    C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 00:03:25    DA97C8A8C517210E4ACA90E45C836E80    80896    ----a-w-    C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 00:03:24    AA7CBB3B7A7BFC41E9EC4EF645797DFA    502104    ----a-w-    C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 00:03:21    98DA8D97E83C73E7AD7A142A801E1898    2193408    ----a-w-    C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 00:03:18    359765C7C700F7CED909A69C5DBBD943    140800    ----a-w-    C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 00:03:16    3166A46AA132AACD035C7163108F2DA1    103936    ----a-w-    C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 00:03:15    F5814ED9E8B83F872FBDCB139B001C8A    23552    ----a-w-    C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 00:03:15    89C06DA6E3B3C06F69E2CAFB3431CAF5    31232    ----a-w-    C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 00:03:09    CD94405BB0A90B179E94BE23F4D2B79D    39424    ----a-w-    C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 00:03:07    486919689633D1C0DADA718DF1A3E7FB    219648    ----a-w-    C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 00:03:07    3D3BBD2DA5660B0B6C9F6A8B9401648C    337920    ----a-w-    C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 00:03:04    51DF6FC12B5EF8CA87414D79C98CBC7A    395264    ----a-w-    C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 00:03:02    8450005F7BA8662A64E3FB7B0C3EE836    51712    ----a-w-    C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 00:02:45    9B034D049D1C6EC9BED55D2F27D86ED9    2186    ----a-w-    C:\WINDOWS\SysWOW64\AppxProvisioning.xml
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2016-05-11 00:08:16    FD60606E2E7F74D7104A5DA1210D38E6    460800    ----a-w-    C:\WINDOWS\Sysnative\MapConfiguration.dll
2016-05-11 00:08:12    F1CC271FBAD94FBD3D69BC6BE443C33B    1056256    ----a-w-    C:\WINDOWS\Sysnative\JpMapControl.dll
2016-05-11 00:08:12    78A9EBBAC348ACD9AF5B72ECF90944A7    853504    ----a-w-    C:\WINDOWS\Sysnative\MapsStore.dll
2016-05-11 00:08:11    E4B5C9FEF4C8978CF75B584188868AF8    2582016    ----a-w-    C:\WINDOWS\Sysnative\MFMediaEngine.dll
2016-05-11 00:08:09    1B8A57EC632457E909A06957CB216806    7200256    ----a-w-    C:\WINDOWS\Sysnative\BingMaps.dll
2016-05-11 00:08:08    D2EF3FDF915BBA7C9832FA890DD4D85A    16984576    ----a-w-    C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2016-05-11 00:07:48    FA05A804701A1BF900577A0F7C14B59E    24604672    ----a-w-    C:\WINDOWS\Sysnative\mshtml.dll
2016-05-11 00:07:43    99DDB4A100F6013E6B6B269880F0C936    988160    ----a-w-    C:\WINDOWS\Sysnative\NMAA.dll
2016-05-11 00:07:43    5FD7FDCE260C2ADE6CFFBC141657E8C0    939520    ----a-w-    C:\WINDOWS\Sysnative\MapControlCore.dll
2016-05-11 00:07:41    614EF7EFFE6896791CC8E4D045F37579    7977472    ----a-w-    C:\WINDOWS\Sysnative\mos.dll
2016-05-11 00:07:40    A1144CA95D4C30449331D3DF39F295F9    970752    ----a-w-    C:\WINDOWS\Sysnative\kerberos.dll
2016-05-11 00:07:39    3602BE2186C15362DF2B5C489AC1B1D1    22379008    ----a-w-    C:\WINDOWS\Sysnative\edgehtml.dll
2016-05-11 00:06:48    79BF53E386256057C30EF606DC3CFDFB    870400    ----a-w-    C:\WINDOWS\Sysnative\modernexecserver.dll
2016-05-11 00:06:47    0BECECA1B6DA7B022FC9502D22B9E9B3    22561256    ----a-w-    C:\WINDOWS\Sysnative\shell32.dll
2016-05-11 00:06:45    DBD087566420D945303C278A4FD90E60    440320    ----a-w-    C:\WINDOWS\Sysnative\CredProvDataModel.dll
2016-05-11 00:06:44    75A22EF6AC813D4FE63E30C3C292F871    11545088    ----a-w-    C:\WINDOWS\Sysnative\twinui.dll
2016-05-11 00:06:43    24F2141493C1A2F6FDEC8C3FA5A95CDE    6605504    ----a-w-    C:\WINDOWS\Sysnative\windows.storage.dll
2016-05-11 00:06:42    8F225A78F60DB08D4691C1C27CF644F2    6974464    ----a-w-    C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll
2016-05-11 00:06:40    62D33462C8781DA354519488A571A9AD    7832576    ----a-w-    C:\WINDOWS\Sysnative\Chakra.dll
2016-05-11 00:06:40    5EED294E19B8293E4F0845CED31489BA    13383168    ----a-w-    C:\WINDOWS\Sysnative\ieframe.dll
2016-05-11 00:06:34    5BDA53E18911DEAB35F03AA1C3213A78    3673424    ----a-w-    C:\WINDOWS\Sysnative\iertutil.dll
2016-05-11 00:06:30    03DE6DE0019FFC0DE60759A893BD8B3F    1819208    ----a-w-    C:\WINDOWS\Sysnative\ntdll.dll
2016-05-11 00:06:28    89FE1A65D15DE2AA9CBF86AA6A731557    7474528    ----a-w-    C:\WINDOWS\Sysnative\ntoskrnl.exe
2016-05-11 00:06:23    F6718A9F2B5BFA1A42618F63BC890713    5502976    ----a-w-    C:\WINDOWS\Sysnative\d2d1.dll
2016-05-11 00:06:22    7E500CCA3EC66C419F2E4BBDE8617647    4894208    ----a-w-    C:\WINDOWS\Sysnative\jscript9.dll
2016-05-11 00:06:19    7539A3BF1DC12C53D6DDE078BE888951    190144    ----a-w-    C:\WINDOWS\Sysnative\DeviceCensus.exe
2016-05-11 00:06:17    F83E3BAEF5931399978A31753B22D0BE    713920    ----a-w-    C:\WINDOWS\Sysnative\generaltel.dll
2016-05-11 00:06:17    3F943A9A21814C6A394FBB8F1D4E622D    1401024    ----a-w-    C:\WINDOWS\Sysnative\appraiser.dll
2016-05-11 00:06:15    2A643E48326E427C6A43005EC29F314D    2444288    ----a-w-    C:\WINDOWS\Sysnative\twinui.appcore.dll
2016-05-11 00:06:10    8A88DBA247BFF23BD284C2189F41FDA5    2280960    ----a-w-    C:\WINDOWS\Sysnative\wuaueng.dll
2016-05-11 00:06:03    0BF8D8C7EC9FB15D6480A12101E88B71    606720    ----a-w-    C:\WINDOWS\Sysnative\wcmsvc.dll
2016-05-11 00:05:58    087FBBC026DCC0F693E91079B9901B7E    2166784    ----a-w-    C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2016-05-11 00:05:56    1A944DC7982279E73C4181DD5D50E021    3591168    ----a-w-    C:\WINDOWS\Sysnative\win32kfull.sys
2016-05-11 00:05:56    19D88BF131158F4286294C372B4410B3    1946112    ----a-w-    C:\WINDOWS\Sysnative\dwmcore.dll
2016-05-11 00:05:53    DE1C434F0F89C37687D34FB8A8E77B46    120320    ----a-w-    C:\WINDOWS\Sysnative\MapsBtSvc.dll
2016-05-11 00:05:53    7DDC2D8133CC1CA646134CC450C02C15    28672    ----a-w-    C:\WINDOWS\Sysnative\mapsupdatetask.dll
2016-05-11 00:05:52    77DE2FC672F423C2DFCF2A12DB74197C    89088    ----a-w-    C:\WINDOWS\Sysnative\MapsCSP.dll
2016-05-11 00:05:50    B28EA19205448B34303D006D50E9E65A    74752    ----a-w-    C:\WINDOWS\Sysnative\MosStorage.dll
2016-05-11 00:05:50    56B24B359838BE86B013C2CFD38BDFC4    72704    ----a-w-    C:\WINDOWS\Sysnative\moshost.dll
2016-05-11 00:05:49    489EDA0C433F5B0AA54033F523F2C80E    269824    ----a-w-    C:\WINDOWS\Sysnative\moshostcore.dll
2016-05-11 00:05:46    C57CBD3D0A4B832F3DC18250FC02C3DE    46784    ----a-w-    C:\WINDOWS\Sysnative\CompatTelRunner.exe
2016-05-11 00:05:46    AB17E08B47FECDAF0E1349797A6C41A4    1184960    ----a-w-    C:\WINDOWS\Sysnative\aeinv.dll
2016-05-11 00:05:44    A8ECAFE7C58ABABA7CB1C377B7A7E309    984576    ----a-w-    C:\WINDOWS\Sysnative\SettingSyncCore.dll
2016-05-11 00:05:43    F172E5709824756634091047826E7A9F    1319424    ----a-w-    C:\WINDOWS\Sysnative\wifinetworkmanager.dll
2016-05-11 00:05:43    082DC7D3704A17FF022D70C577785254    2066432    ----a-w-    C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll
2016-05-11 00:05:42    191A50C760243B5B8E08E0A1CA0B1F7C    821760    ----a-w-    C:\WINDOWS\Sysnative\TokenBroker.dll
2016-05-11 00:05:40    0C8655AAC4EA262F62B00DCDA4639819    2598912    ----a-w-    C:\WINDOWS\Sysnative\NetworkMobileSettings.dll
2016-05-11 00:05:36    A5C14F8FE076B41778C56F2414F5D246    650304    ----a-w-    C:\WINDOWS\Sysnative\dxgi.dll
2016-05-11 00:05:35    DA5108028A00B865BBECB1980EB05EB8    1997328    ----a-w-    C:\WINDOWS\Sysnative\KernelBase.dll
2016-05-11 00:05:35    6D8365722FBB3E58FC2B10FEA00BE840    514752    ----a-w-    C:\WINDOWS\Sysnative\devinv.dll
2016-05-11 00:05:33    C1D51970E74AB5FFE46FE624BFE900C6    1731072    ----a-w-    C:\WINDOWS\Sysnative\urlmon.dll
2016-05-11 00:05:30    54D6AEA7933377556BBBEC5F45539922    673280    ----a-w-    C:\WINDOWS\Sysnative\Windows.UI.dll
2016-05-11 00:05:30    090AAD83736B45769D2688E3BC1AB80A    1092464    ----a-w-    C:\WINDOWS\Sysnative\mfplat.dll
2016-05-11 00:05:28    F75A1710366B5C6B02D3C061DAA4C578    529920    ----a-w-    C:\WINDOWS\Sysnative\LogonController.dll
2016-05-11 00:05:26    5C156EC4E44E30331BCC865A3B61D839    585728    ----a-w-    C:\WINDOWS\Sysnative\winlogon.exe
2016-05-11 00:05:25    00A8CD22CCF7FA34501038C3C35186BD    498960    ----a-w-    C:\WINDOWS\Sysnative\MFCaptureEngine.dll
2016-05-11 00:05:23    0B28F2ACE5103586D322AD98FAA01309    870912    ----a-w-    C:\WINDOWS\Sysnative\MPSSVC.dll
2016-05-11 00:05:20    EBE067467C144B097CEF5F609F6ABF43    865792    ----a-w-    C:\WINDOWS\Sysnative\AzureSettingSyncProvider.dll
2016-05-11 00:05:19    D5D0D1345DEAC9D08A6A5B146A29ADBE    1390080    ----a-w-    C:\WINDOWS\Sysnative\Windows.UI.Shell.dll
2016-05-11 00:05:16    0676A6C9A6EECA48E14B9AE13B0E3508    1387520    ----a-w-    C:\WINDOWS\Sysnative\win32kbase.sys
2016-05-11 00:05:14    2453622FF2CCB1BA1DFA588207E9C7A4    294592    ----a-w-    C:\WINDOWS\Sysnative\invagent.dll
2016-05-11 00:05:13    86BE19C6A177AEB93302EA5C4FBE2D11    754664    ----a-w-    C:\WINDOWS\Sysnative\CoreMessaging.dll
2016-05-11 00:05:12    ECF260CA5837CE3174AAAE450C1888C6    605184    ----a-w-    C:\WINDOWS\Sysnative\vbscript.dll
2016-05-11 00:05:11    70C5D325E1BBD9C771542375F9DE5711    303216    ----a-w-    C:\WINDOWS\Sysnative\LockAppHost.exe
2016-05-11 00:05:09    8B4111E094EDDBED23EFA1FF8B5F314A    613376    ----a-w-    C:\WINDOWS\Sysnative\SettingSync.dll
2016-05-11 00:05:08    1D7F891D7ADCE1A6824FCB57D6768E14    689152    ----a-w-    C:\WINDOWS\Sysnative\ieproxy.dll
2016-05-11 00:05:07    85A676350B7A349B1DFB47654FBF8C71    804352    ----a-w-    C:\WINDOWS\Sysnative\jscript.dll
2016-05-11 00:05:06    ACC6B16066D073AA0E20B044BFEF9CD1    471552    ----a-w-    C:\WINDOWS\Sysnative\NetSetupShim.dll
2016-05-11 00:05:05    5DA95027DF2317174E8C39B4A8D1FCD8    1213440    ----a-w-    C:\WINDOWS\Sysnative\wwansvc.dll
2016-05-11 00:05:04    CFF943806EBAD5CFAC26FD3DF304E79F    1073152    ----a-w-    C:\WINDOWS\Sysnative\RDXService.dll
2016-05-11 00:04:59    6EA247B3631FE0181583566B9D828B22    413536    ----a-w-    C:\WINDOWS\Sysnative\wifitask.exe
2016-05-11 00:04:58    F1DF87BCF5429D48484E78FB1933326B    848896    ----a-w-    C:\WINDOWS\Sysnative\wuapi.dll
2016-05-11 00:04:57    A2953084546B1F46B5CCC7FC57A72C1B    314880    ----a-w-    C:\WINDOWS\Sysnative\RDXTaskFactory.dll
2016-05-11 00:04:53    82BC3D304654F8EBEFABDDC2AD70AFE3    497152    ----a-w-    C:\WINDOWS\Sysnative\tileobjserver.dll
2016-05-11 00:04:51    93C28A95FC5CA7F420343AC9693E05E6    1594920    ----a-w-    C:\WINDOWS\Sysnative\gdi32.dll
2016-05-11 00:04:49    3CFA0EA6ABC10436D998F7958912387C    1848072    ----a-w-    C:\WINDOWS\Sysnative\crypt32.dll
2016-05-11 00:04:47    F5F7CE3E32536F1A37FB3972F27A814F    1399224    ----a-w-    C:\WINDOWS\Sysnative\user32.dll
2016-05-11 00:04:47    52C95CFC459242ECBD8A557A197F6FF6    725776    ----a-w-    C:\WINDOWS\Sysnative\SHCore.dll
2016-05-11 00:04:45    A29004CC4FE3A06B5C71969F6411FD41    287232    ----a-w-    C:\WINDOWS\Sysnative\provhandlers.dll
2016-05-11 00:04:44    810B7BA7636930BD6A21A93296FBCA51    292864    ----a-w-    C:\WINDOWS\Sysnative\provengine.dll
2016-05-11 00:04:43    453EEF8F903DE266D9CB16313B5FA796    215040    ----a-w-    C:\WINDOWS\Sysnative\aepic.dll
2016-05-11 00:04:41    F7DD01F464ED3ADB8477CD5FD1DE6CF4    356864    ----a-w-    C:\WINDOWS\Sysnative\ActivationManager.dll
2016-05-11 00:04:41    ABF13620065E258771320165E0759761    1776768    ----a-w-    C:\WINDOWS\Sysnative\WindowsCodecs.dll
2016-05-11 00:04:41    82C4028BABC9BADCD89600F5084E4543    479232    ----a-w-    C:\WINDOWS\Sysnative\schannel.dll
2016-05-11 00:04:38    F00A2E895B61858DBB3FE870495E37FA    210432    ----a-w-    C:\WINDOWS\Sysnative\wcmcsp.dll
2016-05-11 00:04:35    7F0318ECC1E6E566D02F218DD59CEA84    484352    ----a-w-    C:\WINDOWS\Sysnative\DataSenseHandlers.dll
2016-05-11 00:04:35    37E893F5A0BB0DCF89D8464F4D5E0C3D    217440    ----a-w-    C:\WINDOWS\Sysnative\AppxAllUserStore.dll
2016-05-11 00:04:30    1997A751EF0FB9889E6642428DC4CAB2    1161120    ----a-w-    C:\WINDOWS\Sysnative\rpcrt4.dll
2016-05-11 00:04:29    C49BB15138D9A7AE2901692CA30E11D1    181248    ----a-w-    C:\WINDOWS\Sysnative\shacct.dll
2016-05-11 00:04:29    50E41D3203DA334DBBD2B3B6C7EA64CD    988672    ----a-w-    C:\WINDOWS\Sysnative\SharedStartModel.dll
2016-05-11 00:04:26    5470B002C5E5D4DC8C4C330EAE8A685D    619296    ----a-w-    C:\WINDOWS\Sysnative\d3d10level9.dll
2016-05-11 00:04:24    FE42F8A07885E518ED1E846C93E4B78C    617984    ----a-w-    C:\WINDOWS\Sysnative\StorSvc.dll
2016-05-11 00:04:24    A55AB67676D0E90C279E36AF78EECCFA    515072    ----a-w-    C:\WINDOWS\Sysnative\OneDriveSettingSyncProvider.dll
2016-05-11 00:04:23    734B3E9E4DA94DD093C6759CA0C2AA1E    4775424    ----a-w-    C:\WINDOWS\Sysnative\actxprxy.dll
2016-05-11 00:04:20    3655A59A1E16307F2F6475AC037C1EE4    87040    ----a-w-    C:\WINDOWS\Sysnative\MDMAppInstaller.exe
2016-05-11 00:04:20    33C215D1F36A184FB0C0F83ECBE12B5B    351232    ----a-w-    C:\WINDOWS\Sysnative\NgcCtnr.dll
2016-05-11 00:04:19    E650C69B5CA9B786AD91E3E7F962A0EE    848896    ----a-w-    C:\WINDOWS\Sysnative\samsrv.dll
2016-05-11 00:04:14    C1C81AAF533552B3C4D9F11A5FF97700    291360    ----a-w-    C:\WINDOWS\Sysnative\wininit.exe
2016-05-11 00:04:13    C991F0E48492D1550279F901AB2332B0    390496    ----a-w-    C:\WINDOWS\Sysnative\wlanapi.dll
2016-05-11 00:04:11    0CFE0F27EC828D9659FD8BF3A529F7B1    166400    ----a-w-    C:\WINDOWS\Sysnative\SubscriptionMgr.dll
2016-05-11 00:04:10    3C52661045548D78EC0EB76495CB978F    66560    ----a-w-    C:\WINDOWS\Sysnative\MosHostClient.dll
2016-05-11 00:04:09    EED30CDEAB6E4B45CBF1BD5298952049    550656    ----a-w-    C:\WINDOWS\Sysnative\directmanipulation.dll
2016-05-11 00:04:09    242DA5F2A6D9C5DFE2F99127BD2077A4    92352    ----a-w-    C:\WINDOWS\Sysnative\acmigration.dll
2016-05-11 00:04:07    981F6C7FB2338CC7889BA4D37C1A9DCE    69632    ----a-w-    C:\WINDOWS\Sysnative\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 00:04:07    7AAA9916AA10F4B0E9743798A5BA6549    649216    ----a-w-    C:\WINDOWS\Sysnative\ngcsvc.dll
2016-05-11 00:04:05    679DD4763AA8028B2F26651D3D02A2E1    582656    ----a-w-    C:\WINDOWS\Sysnative\ngccredprov.dll
2016-05-11 00:04:05    0FB83658FBB2C5A18AB98C5C94DB9FAF    289792    ----a-w-    C:\WINDOWS\Sysnative\NgcCtnrSvc.dll
2016-05-11 00:04:01    B9B902C12D6872DE9135B0A7C1ACA5A8    565600    ----a-w-    C:\WINDOWS\Sysnative\SettingSyncHost.exe
2016-05-11 00:04:00    5907323899BCEFA32BF6B002F2493C09    76288    ----a-w-    C:\WINDOWS\Sysnative\ngcpopkeysrv.dll
2016-05-11 00:03:58    B985F4CC9D63594D8D3DCADAC07F257E    130560    ----a-w-    C:\WINDOWS\Sysnative\CloudDomainJoinDataModelServer.dll
2016-05-11 00:03:57    A1BFD44C6343BDF582828EAB6B4CBDE5    630784    ----a-w-    C:\WINDOWS\Sysnative\PhoneProviders.dll
2016-05-11 00:03:53    72229D3836EA9697F5E13AAEA85F8688    204048    ----a-w-    C:\WINDOWS\Sysnative\rsaenh.dll
2016-05-11 00:03:52    E706406D61508D207F6B41CA4AD30891    127488    ----a-w-    C:\WINDOWS\Sysnative\VEDataLayerHelpers.dll
2016-05-11 00:03:45    EDF39F56DDF4116DCC8779A65EF8D6C5    58208    ----a-w-    C:\WINDOWS\Sysnative\dwminit.dll
2016-05-11 00:03:44    7CEC266216126BC9A0E1072E1A7E5702    279040    ----a-w-    C:\WINDOWS\Sysnative\ListSvc.dll
2016-05-11 00:03:41    C1FCA0AED814F1E814700833EF8E0616    179712    ----a-w-    C:\WINDOWS\Sysnative\BrowserSettingSync.dll
2016-05-11 00:03:41    45FA01F8B7971ACB65202038E34D04A3    86528    ----a-w-    C:\WINDOWS\Sysnative\wpdbusenum.dll
2016-05-11 00:03:38    90A52EBAC043CFCA92E5F3DEAD4BBB4C    48128    ----a-w-    C:\WINDOWS\Sysnative\wups.dll
2016-05-11 00:03:35    D906EFF6ADB6704071C903E62867AC23    696672    ----a-w-    C:\WINDOWS\Sysnative\NetSetupEngine.dll
2016-05-11 00:03:35    4766A523BD8265F3082662A49C382680    26408    ----a-w-    C:\WINDOWS\Sysnative\wuauclt.exe
2016-05-11 00:03:34    5E903356FCDC2C7011E5341A1C2D48E9    192000    ----a-w-    C:\WINDOWS\Sysnative\provisioningcsp.dll
2016-05-11 00:03:29    5DBA65D48CB7B17E241BB7430745C2E0    59392    ----a-w-    C:\WINDOWS\Sysnative\hmkd.dll
2016-05-11 00:03:27    DCC42EF91745E4AB13602B9A4D86DDC4    115040    ----a-w-    C:\WINDOWS\Sysnative\NetSetupApi.dll
2016-05-11 00:03:27    C417C35D0B714320708A1C18673ACE6C    104448    ----a-w-    C:\WINDOWS\Sysnative\BluetoothApis.dll
2016-05-11 00:03:22    D0F9C288251907FD44B96837DBDF0A50    320000    ----a-w-    C:\WINDOWS\Sysnative\cryptngc.dll
2016-05-11 00:03:20    0BFEB4862FC2422DAC67EE95C278ECE0    111616    ----a-w-    C:\WINDOWS\Sysnative\updatepolicy.dll
2016-05-11 00:03:18    33931A5F8E8B4446C547B020409D66C4    436736    ----a-w-    C:\WINDOWS\Sysnative\AppXDeploymentClient.dll
2016-05-11 00:03:12    AB1738C51C1C1F41A885467E7BB0D37B    285696    ----a-w-    C:\WINDOWS\Sysnative\VEEventDispatcher.dll
2016-05-11 00:03:10    ED309332DA910BE791F40F09F6FC50B5    38400    ----a-w-    C:\WINDOWS\Sysnative\ByteCodeGenerator.exe
2016-05-11 00:03:10    09098FB07B47765865492C53B66E29E5    764928    ----a-w-    C:\WINDOWS\Sysnative\Chakradiag.dll
2016-05-11 00:03:08    315CFB6974B5111E3E62E9A512C92B25    151040    ----a-w-    C:\WINDOWS\Sysnative\VEStoreEventHandlers.dll
2016-05-11 00:03:04    FE3A72E9BC5515509517D9BF41144252    414720    ----a-w-    C:\WINDOWS\Sysnative\bcastdvr.exe
2016-05-11 00:03:03    C3534256AF526A16AADBA335AA99D58F    63488    ----a-w-    C:\WINDOWS\Sysnative\wshbth.dll
2016-05-11 00:03:01    1AF7E0BA5D1AEA3DEF1CF05B070803FA    89600    ----a-w-    C:\WINDOWS\Sysnative\NFCProvisioningPlugin.dll
2016-05-11 00:02:58    BD3F339FE542C30BB4A88F34A597728C    134656    ----a-w-    C:\WINDOWS\Sysnative\wificonnapi.dll
2016-05-11 00:02:53    9C6EE1DE9CF7B77FF550A737816EB6DB    207360    ----a-w-    C:\WINDOWS\Sysnative\NetSetupSvc.dll
2016-05-11 00:02:51    F70CB98E5669D44CBFA6F3EBF534977F    86528    ----a-w-    C:\WINDOWS\Sysnative\AppCapture.dll
2016-05-11 00:02:45    9B034D049D1C6EC9BED55D2F27D86ED9    2186    ----a-w-    C:\WINDOWS\Sysnative\AppxProvisioning.xml
====== C:\WINDOWS\Sysnative\drivers =====
2016-05-18 20:38:09    97FB225914D1C3F29D38703A22AB494D    202656    ----a-w-    C:\WINDOWS\Sysnative\drivers\zamguard64.sys
2016-05-11 00:06:07    48D8729FACC784900B831212AE56F824    1996640    ----a-w-    C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2016-05-11 00:05:17    01C01ED15ED56B98088CE1D5A0965E6A    577368    ----a-w-    C:\WINDOWS\Sysnative\drivers\dxgmms2.sys
2016-05-11 00:04:51    E7463CE8579A0418A98BE9BE42C647D7    534872    ----a-w-    C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2016-05-11 00:04:37    357910142E9285B978689B1DB4EFA00A    393568    ----a-w-    C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2016-05-11 00:04:32    B880BE37452AB1D4AA93845F58EF7960    95072    ----a-w-    C:\WINDOWS\Sysnative\drivers\sdport.sys
2016-05-11 00:04:31    CFFE69B6C276A3418687109EA8AC9E7D    330072    ----a-w-    C:\WINDOWS\Sysnative\drivers\pci.sys
2016-05-11 00:03:49    C330883C06E2D4CE4F6982F048265D37    335712    ----a-w-    C:\WINDOWS\Sysnative\drivers\fastfat.sys
2016-05-11 00:03:47    50DFE05C698E9B0A63D95E3D669A105C    638816    ----a-w-    C:\WINDOWS\Sysnative\drivers\fvevol.sys
2016-05-11 00:03:42    C0752D58193603B6ED762B4027C65E1B    155136    ----a-w-    C:\WINDOWS\Sysnative\drivers\hidclass.sys
2016-05-11 00:03:39    2A87EA182EA333D79AA0B03833EA67F2    131424    ----a-w-    C:\WINDOWS\Sysnative\drivers\ufxsynopsys.sys
2016-05-11 00:03:37    82D3B1F4D80057826AA649D78147DE36    63488    ----a-w-    C:\WINDOWS\Sysnative\drivers\UcmCx.sys
2016-05-11 00:03:34    8F2523C9D8F1448FF2156452AF60FA00    87552    ----a-w-    C:\WINDOWS\Sysnative\drivers\filecrypt.sys
2016-05-11 00:03:33    67B9684B8272D5EBD1CCBB1DBD425EC8    99680    ----a-w-    C:\WINDOWS\Sysnative\drivers\pdc.sys
2016-05-11 00:03:21    4AAD6547953D373A1EB5B2DF583D868B    67072    ----a-w-    C:\WINDOWS\Sysnative\drivers\usbser.sys
2016-04-30 03:47:30    78488AF2AB2111D67B3C4044707A519B    192216    ----a-w-    C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2016-04-30 03:47:17    898415AC0B5F1D2A9A48ABCB68A6DC4B    65408    ----a-w-    C:\WINDOWS\Sysnative\drivers\mwac.sys
2016-04-30 03:47:17    78BFF5425E044086E74E78650A359FBB    27008    ----a-w-    C:\WINDOWS\Sysnative\drivers\mbam.sys
2016-04-30 03:47:17    1239597BAB7EED2BB16D035AF87E65D9    140672    ----a-w-    C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2016-04-30 03:44:27    786E8BCDFF674068F3C950615FC2E71C    37144    ----a-w-    C:\WINDOWS\Sysnative\drivers\aswKbd.sys
2016-04-30 03:41:39    DF190688D993A3DB227BFB0BB40BD7D4    103064    ----a-w-    C:\WINDOWS\Sysnative\drivers\aswRdr2.sys
2016-04-30 03:41:39    D873455DFA27680585AE238503917DF5    74544    ----a-w-    C:\WINDOWS\Sysnative\drivers\aswRvrt.sys
2016-04-30 03:41:39    BA4CDCD8C0395E91C38CD2C5CE3E7FA2    287528    ----a-w-    C:\WINDOWS\Sysnative\drivers\aswVmm.sys
2016-04-30 03:41:39    A371A06EC8F4830C263D3F5CA5A11B65    1070904    ----a-w-    C:\WINDOWS\Sysnative\drivers\aswSnx.sys
2016-04-30 03:41:39    6B7F6CE19A16240EE9DE2C528897ED9C    465792    ----a-w-    C:\WINDOWS\Sysnative\drivers\aswSP.sys
2016-04-30 03:41:39    3575F9226251DE48E065ED5C384A21EF    166432    ----a-w-    C:\WINDOWS\Sysnative\drivers\aswStm.sys
2016-04-30 03:41:39    33D0DD0471FDF449C81338863FC63978    107792    ----a-w-    C:\WINDOWS\Sysnative\drivers\aswMonFlt.sys
2016-04-30 03:41:39    1694434F5B9AB16772C7A8E2EF9134CA    37656    ----a-w-    C:\WINDOWS\Sysnative\drivers\aswHwid.sys
2016-04-30 02:43:13    1A490555FD330CA2764D89191177C867    285696    ----a-w-    C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys
2016-04-30 02:43:00    E582DA849A58524E645545FB68B6625D    1152864    ----a-w-    C:\WINDOWS\Sysnative\drivers\ndis.sys
2016-04-30 02:43:00    935823F79CBEDB91637B63D37E3A5A36    148480    ----a-w-    C:\WINDOWS\Sysnative\drivers\dfsc.sys
2016-04-30 02:43:00    19BD8A88AAC580592668B070AC0727D9    2152280    ----a-w-    C:\WINDOWS\Sysnative\drivers\ntfs.sys
2016-04-30 02:43:00    0B3B0C1D86050355676640488FA897D3    430944    ----a-w-    C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2016-04-30 02:43:00    083A727D784009F9CCFB120C7841B7AF    2403680    ----a-w-    C:\WINDOWS\Sysnative\drivers\tcpip.sys
2016-04-30 02:42:57    E3C82823B22463BC38AA4F8ADA852624    104960    ----a-w-    C:\WINDOWS\Sysnative\drivers\rasl2tp.sys
2016-04-30 02:42:57    AA4CD20708B7E0412A5316D7E2875103    530432    ----a-w-    C:\WINDOWS\Sysnative\drivers\nwifi.sys
2016-04-30 02:42:57    A4411C522D41707D5BCA817A5BB9E30B    114688    ----a-w-    C:\WINDOWS\Sysnative\drivers\bridge.sys
2016-04-30 02:42:57    2BC2E99623119521EEF7910A11D0FDE0    694784    ----a-w-    C:\WINDOWS\Sysnative\drivers\WdiWiFi.sys
2016-04-30 02:42:56    EDDB0D726DBECDFC1DBCC6DB464E5A13    146272    ----a-w-    C:\WINDOWS\Sysnative\drivers\appid.sys
2016-04-30 02:42:56    63C3F74DC398A1C1A77E39DFB9C312CA    1089888    ----a-w-    C:\WINDOWS\Sysnative\drivers\http.sys
2016-04-30 02:42:54    3B866F8CB10719A5AF9E410B1B149714    605440    ----a-w-    C:\WINDOWS\Sysnative\drivers\cng.sys
2016-04-30 02:42:54    28B8E1C6CBCF9FFE2FABFF3160C26ADF    258912    ----a-w-    C:\WINDOWS\Sysnative\drivers\ufx01000.sys
2016-04-30 02:42:53    F279536122B83FD0D8E158AA753E1B7C    238592    ----a-w-    C:\WINDOWS\Sysnative\drivers\xboxgip.sys
2016-04-30 02:42:53    DA0807D87A62D076C29C4E30F1E84F46    26112    ----a-w-    C:\WINDOWS\Sysnative\drivers\xinputhid.sys
2016-04-30 02:42:53    B24408471C1BCB17FC44F5B47EA8DEA3    277856    ----a-w-    C:\WINDOWS\Sysnative\drivers\sdbus.sys
2016-04-30 02:42:53    9E9D58F5E1702955B2F4D62996F80E8E    378208    ----a-w-    C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2016-04-30 02:42:53    8949F77132A4F8F3BA17C6727099F002    127840    ----a-w-    C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS
2016-04-30 02:42:53    8359F776CA899E761852F2293B724EAE    185184    ----a-w-    C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2016-04-30 02:42:53    469441BAE3FF8A16826FC62C51EF5E18    563552    ----a-w-    C:\WINDOWS\Sysnative\drivers\acpi.sys
2016-04-30 02:42:53    249A563C48DFD9E42A37587653E003BB    83968    ----a-w-    C:\WINDOWS\Sysnative\drivers\serial.sys
2016-04-30 02:42:53    0731E8F4D8D3B8D3FD98A46A8ABFE0A0    333824    ----a-w-    C:\WINDOWS\Sysnative\drivers\portcls.sys
2016-04-23 00:52:36    C1167FF84E5F270B9ADAE7C67ACDEBE1    23969776    ----a-w-    C:\WINDOWS\Sysnative\drivers\atikmdag.sys
2016-04-23 00:52:34    1F16C42264A3328CD99B721AB32D2EE4    679912    ----a-w-    C:\WINDOWS\Sysnative\drivers\atikmpag.sys
2016-04-23 00:52:30    3AAFA0CD3C2685529658713971464E33    52200    ----a-w-    C:\WINDOWS\Sysnative\drivers\ati2erec.dll
====== C:\WINDOWS\Tasks ======
2016-04-30 03:44:44    E82D2ACD5AC5EA94C351D4C9624E8207    4004    ----a-w-    C:\WINDOWS\Sysnative\Tasks\SafeZone scheduled Autoupdate 1461987882
2016-04-30 03:41:47    E72DD2EF9B85D5DDCCA532B4A3AB6BFE    4280    ----a-w-    C:\WINDOWS\Sysnative\Tasks\avast! Emergency Update
2016-04-26 07:03:38    --------    d-----w-    C:\WINDOWS\Sysnative\Tasks\OfficeSoftwareProtectionPlatform
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2016-05-18 20:00:46    --------    d---a-w-    C:\Program Files\Common Files\DESIGNER
2016-04-30 02:35:38    --------    d-----w-    C:\Program Files\Reference Assemblies
2016-04-30 02:35:38    --------    d-----w-    C:\Program Files\MSBuild
2016-04-30 01:55:44    --------    d-----w-    C:\Program Files\Common Files\SpeechEngines
2016-04-30 01:50:17    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2016-04-30 01:50:13    --------    d---a-w-    C:\Program Files\AMD
2016-04-27 00:31:10    --------    d-----w-    C:\Program Files\Microsoft Office 15
2016-04-26 08:03:47    --------    d---a-w-    C:\Program Files\Microsoft Office
======= C:\PROGRA~2 =====
2016-04-30 22:08:56    --------    d---a-w-    C:\PROGRA~2\Overwatch
2016-04-30 02:35:38    --------    d-----w-    C:\PROGRA~2\Reference Assemblies
2016-04-30 02:35:38    --------    d-----w-    C:\PROGRA~2\MSBuild
2016-04-30 01:55:47    --------    d-----w-    C:\PROGRA~2\COMMON~1\SpeechEngines
2016-04-30 01:51:45    --------    d---a-w-    C:\PROGRA~2\AMD
2016-04-29 05:08:47    --------    d-----w-    C:\PROGRA~2\OpenAL
2016-04-27 01:07:20    --------    d-----w-    C:\PROGRA~2\Microsoft OneDrive
2016-04-26 06:59:49    --------    d-----w-    C:\PROGRA~2\Microsoft Office
2016-04-26 01:52:17    --------    d-----w-    C:\PROGRA~2\Raptr Inc
2016-04-26 01:51:30    --------    d-----w-    C:\PROGRA~2\VulkanRT
======= C: =====
====== C:\Users\user\AppData\Roaming ======
2016-05-18 22:38:00    --------    d-----w-    C:\Users\user\AppData\Local\GalaxyCommunicationService
2016-05-18 20:38:09    --------    d-----w-    C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Zemana
2016-05-18 20:37:55    --------    d-----w-    C:\Users\user\AppData\Local\Zemana
2016-04-30 03:52:03    --------    d-s---r-    C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-04-30 03:52:03    --------    d-----w-    C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-04-30 03:52:03    --------    d-----w-    C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2016-04-30 03:52:03    --------    d-----w-    C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2016-04-30 03:52:03    --------    d-----w-    C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-04-30 03:52:03    --------    d-----w-    C:\Users\DefaultAppPool\AppData\Roaming
2016-04-30 03:52:03    --------    d-----w-    C:\Users\DefaultAppPool\AppData\LocalLow
2016-04-30 03:52:03    --------    d-----w-    C:\Users\DefaultAppPool\AppData\Local\Temp
2016-04-30 03:52:03    --------    d-----w-    C:\Users\DefaultAppPool\AppData\Local\Microsoft
2016-04-30 03:52:03    --------    d-----w-    C:\Users\DefaultAppPool\AppData\Local
2016-04-30 03:52:03    --------    d-----r-    C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-04-30 03:52:03    --------    d-----r-    C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-04-30 03:52:03    --------    d-----r-    C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-04-30 03:19:24    --------    d-----w-    C:\Users\user\AppData\Local\NetworkTiles
2016-04-30 02:53:05    --------    d-----w-    C:\Users\user\AppData\Local\Comms
2016-04-30 02:41:01    --------    d-----w-    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\DataSharing
2016-04-30 02:35:42    --------    d-----w-    C:\Users\user\AppData\Local\ActiveSync
2016-04-30 02:34:24    --------    d-----w-    C:\Users\user\AppData\Local\Publishers
2016-04-30 02:33:39    --------    d-----w-    C:\Users\user\AppData\Local\Packages
2016-04-30 02:33:37    --------    d-----w-    C:\Users\user\AppData\Local\TileDataLayer
2016-04-30 02:33:36    --------    d-----w-    C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles
2016-04-30 02:05:06    --------    d-----w-    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Packages
2016-04-30 01:58:56    --------    d-----w-    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2016-04-30 01:58:56    --------    d-----w-    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2016-04-30 01:58:56    --------    d-----w-    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2016-04-30 01:58:56    --------    d-----w-    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2016-04-30 01:54:09    --------    d-s---r-    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-04-30 01:54:09    --------    d-----w-    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-04-30 01:54:09    --------    d-----w-    C:\Users\user\AppData\Roaming
2016-04-30 01:54:09    --------    d-----w-    C:\Users\user\AppData\Local\Temp
2016-04-30 01:54:09    --------    d-----w-    C:\Users\user\AppData\Local\Microsoft
2016-04-30 01:54:09    --------    d-----w-    C:\Users\user\AppData\Local
2016-04-30 01:54:09    --------    d-----r-    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-04-30 01:54:09    --------    d-----r-    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-04-30 01:54:09    --------    d-----r-    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-04-30 01:54:09    --------    d-----r-    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-04-30 01:50:32    --------    d-----w-    C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft
====== C:\Users\user ======
2016-05-18 22:31:01    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2016-05-16 01:16:23    B7BC90CDEA5F00BD606A846EC04331FD    2258944    ----a-w-    C:\Users\user\Desktop\ZHPCleaner.exe
2016-05-16 01:04:46    D0EB45DEF6549458A9E3A23A953A036F    1610816    ----a-w-    C:\Users\user\Desktop\JRT.exe
2016-05-16 00:53:18    276301DE3892CC50045EF3721DBFA08A    3651136    ----a-w-    C:\Users\user\Desktop\AdwCleaner.exe
2016-05-15 22:10:51    BD3D78A36B4E77EC5972C89EC13A289C    2382336    ----a-w-    C:\Users\user\Desktop\FRST64.exe
2016-05-14 00:55:13    DB42B2F9B6B40C84BF41F9D65A346F66    1788712    ----a-w-    C:\Users\user\Desktop\GPU-Z.0.8.8.exe
2016-04-30 23:11:10    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-04-30 06:31:06    --------    d-----r-    C:\Users\user\3D Objects
2016-04-30 03:52:03    6FC234AD3752E1267B34FB12BCD6718B    20    --sh--w-    C:\Users\DefaultAppPool\ntuser.ini
2016-04-30 03:52:03    --------    d--h--w-    C:\Users\DefaultAppPool\AppData
2016-04-30 03:52:03    --------    d-----w-    C:\Users\DefaultAppPool\Saved Games
2016-04-30 03:52:03    --------    d-----w-    C:\Users\DefaultAppPool\Cookies
2016-04-30 03:52:03    --------    d-----r-    C:\Users\DefaultAppPool\Videos
2016-04-30 03:52:03    --------    d-----r-    C:\Users\DefaultAppPool\Pictures
2016-04-30 03:52:03    --------    d-----r-    C:\Users\DefaultAppPool\Music
2016-04-30 03:52:03    --------    d-----r-    C:\Users\DefaultAppPool\Links
2016-04-30 03:52:03    --------    d-----r-    C:\Users\DefaultAppPool\Favorites
2016-04-30 03:52:03    --------    d-----r-    C:\Users\DefaultAppPool\Downloads
2016-04-30 03:52:03    --------    d-----r-    C:\Users\DefaultAppPool\Documents
2016-04-30 03:52:03    --------    d-----r-    C:\Users\DefaultAppPool\Desktop
2016-04-30 03:42:03    --------    d-----w-    C:\WINDOWS\sysWoW64\config\systemprofile\.oracle_jre_usage
2016-04-30 02:33:31    6FC234AD3752E1267B34FB12BCD6718B    20    --sh--w-    C:\Users\user\ntuser.ini
2016-04-30 01:58:56    --------    d-----w-    C:\Users\Default\Cookies
2016-04-30 01:54:09    --------    d--h--w-    C:\Users\user\AppData
2016-04-30 01:53:42    8C74C8E654748ACF9537D16874A1B70C    4194304    ----a-w-    C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bin
2016-04-30 01:53:42    573CBEC372F4669D000B7439AF2EEEAF    4194304    ----a-w-    C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bak
2016-04-30 01:51:56    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-04-30 01:51:05    --------    d-----w-    C:\ProgramData\Package Cache
2016-04-27 01:07:20    --------    d-----r-    C:\Users\user\OneDrive
2016-04-27 00:36:49    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-04-26 01:51:30    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1

====== C: exe-files ==
2016-05-18 22:31:08    97531CB1B7745A5940863B1C57508B68    1327184    ----a-w-    C:\Program Files (x86)\GalaxyClient\Games\The Witcher 3 Wild Hunt\unins001.exe
2016-05-18 22:31:01    699F16D95185453D9AB40A04FEE0E84B    1327184    ----a-w-    C:\Program Files (x86)\GalaxyClient\Games\The Witcher 3 Wild Hunt\unins000.exe
2016-05-18 21:06:25    BF3F290275C21BDD3951955C9C3CF32C    517976    ----a-w-    C:\Program Files (x86)\GalaxyClient\Games\The Witcher 3 Wild Hunt\__redist\DirectX\DXSETUP.exe
2016-05-18 21:06:25    7F52A19ECAF7DB3C163DD164BE3E592E    6554576    ----a-w-    C:\Program Files (x86)\GalaxyClient\Games\The Witcher 3 Wild Hunt\__redist\MSVC2012\vcredist_x86.exe
2016-05-18 21:06:25    3C03562B5AF9ED347614053D459D7778    7186992    ----a-w-    C:\Program Files (x86)\GalaxyClient\Games\The Witcher 3 Wild Hunt\__redist\MSVC2012_x64\vcredist_x64.exe
2016-05-18 21:06:22    5FFB860FFCB57BDBC170DDC93592BF07    46016080    ----a-w-    C:\Program Files (x86)\GalaxyClient\Games\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe
2016-05-18 03:31:54    DBC5B21AE38E81C81516CC089B72FBCD    3985976    ----a-w-    C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
2016-05-18 03:31:54    A70B4C0D882BB4458A839585BD7F8F87    672824    ----a-w-    C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
2016-05-18 03:31:54    7A0882E2128E9ADF8E018A0EEE5EEDC8    246328    ----a-w-    C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe
2016-05-18 03:31:54    53193A4644190B0D15557DBBA6F0EE44    416824    ----a-w-    C:\Program Files (x86)\GalaxyClient\CrashReporter.exe
2016-05-18 03:31:53    172DF57EE4B29E3E157FF4404B5A78EC    1248824    ----a-w-    C:\Program Files (x86)\GalaxyClient\unins000.exe
2016-05-16 16:44:12    D3F63AAF649149F3ABFE654DFEDC1DCD    11826360    ----a-w-    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe
=== C: other files ==
2016-05-18 20:38:09    97FB225914D1C3F29D38703A22AB494D    202656    ----a-w-    C:\Windows\System32\drivers\zamguard64.sys
2016-05-18 05:37:57    563BEE4B17DA6F776FB7BC2A793568C0    15212200    ----a-w-    C:\Users\user\Documents\Endless Legend\Temporary Files\a37e61bb-3e04-425a-98b0-f19244a8dda2\Default_V1.zip
2016-05-16 01:06:04    B27219A8DDD6605F855E07DCBE1E3017    127384    ----a-w-    C:\Users\user\AppData\Local\Temp\jrt\get.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-3532764290-1005100713-3378480098-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GalaxyClient"="C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GalaxyClient"="C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Exploit]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Malwarebytes Anti-Exploit"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCN]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCN"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\AMD\\CNext\\CNext\\RadeonSettings.exe\" atlogon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VirtualCloneDrive"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\XboxStat]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="XboxStat"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Xbox 360 Accessories\\XboxStat.exe\" silentrun"


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05/13/2016 09:49 AM]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\AMD Updater" ["C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe"]
"C:\WINDOWS\SysNative\tasks\SafeZone scheduled Autoupdate 1461987882" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672
user_pref("browser.search.defaultenginename.US", "Google");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [04/29/2016 08:41 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [04/29/2016 08:41 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672
9248E0BC029D59125F6ED27CCF3CE8BA    - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL -    Microsoft Office 2016
DFCBDF22DCA31210D9713684270B4101    - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll -    Microsoft Office 2016
258693279212838A6A879A69A17BE215    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll -    Shockwave Flash


==== Chromium Look ======================


Docs - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"urls_to_restore_on_startup": [ "http://www.google.com" ]


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

======== System Restore Points ========

RP1: 4/30/2016 11:17:50 PM - Windows Update
RP2: 5/6/2016 7:06:50 PM - Windows Modules Installer
RP3: 5/13/2016 11:59:06 AM - Windows Update
RP5: 5/15/2016 5:44:52 PM - Restore Point Created by FRST
RP6: 5/15/2016 6:06:13 PM - JRT Pre-Junkware Removal
RP7: 5/17/2016 8:15:37 PM - Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
RP8: 5/20/2016 9:33:10 AM - zoek.exe restore point

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Fri 05/20/2016 at 10:43:04.69 ======================
 


Edited by bluedoggie2122, 20 May 2016 - 12:52 PM.


#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 23 May 2016 - 07:32 AM

Hi again,

Please do the following

51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes];r
"DefaultScope"=-;r
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main];r
"Start Page"=-;r
{0633EE93-D776-472f-A0FF-E1416B8B2E3A};c
{972ce4c6-7e08-4474-a285-3208198ce6fd};c
coobgpohoikkiipiblmjeljniedjpjpf;chr
emptyjava;
autoclean;
emptyCHRcache;
emptyFFcache;
emptyIEcache;
emptyclsid;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

================================================================================================

 

How is your PC  runnind now and are there still '' opens firefox by itself and goes to msn website '' issues ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 bluedoggie2122

bluedoggie2122
  • Topic Starter

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 23 May 2016 - 11:03 PM

Hi Olgun52,

 

zoek was able to run completely this time. Log file below. How's my computer doing now according to this log?

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by user on Mon 05/23/2016 at 20:30:00.13.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\user\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-05-20-170622.log    82026 bytes
C:\zoek-results2016-05-20-174304.log    81987 bytes

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\user\AppData\Local\ActiveSync deleted successfully
C:\Users\user\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\user\AppData\Local\EmieSiteList deleted successfully
C:\Users\user\AppData\Local\EmieUserList deleted successfully
C:\Users\user\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3532764290-1005100713-3378480098-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672

user.js not found
---- Lines search.com removed from prefs.js ----
user_pref("noscript.untrusted", "199.101.98.242 addthis.com adobetag.com ajax.googleapis.com akamaized.net amazon-adsystem.com amazonaws.com aolcdn.co
---- FireFox user.js and prefs.js backups ----

prefs_20160523_0847_.backup

ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8zmazt0e.default

prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672\extensions\firefox@ghostery.com.xpi deleted
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672\jetpack deleted
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8zmazt0e.default\jetpack deleted
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [04/29/2016 08:41 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [04/29/2016 08:41 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672
9248E0BC029D59125F6ED27CCF3CE8BA    - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL -    Microsoft Office 2016
DFCBDF22DCA31210D9713684270B4101    - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll -    Microsoft Office 2016
258693279212838A6A879A69A17BE215    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll -    Shockwave Flash


==== Chromium Look ======================


Docs - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"urls_to_restore_on_startup": [ "http://www.google.com" ]


==== Chromium Fix ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="Not_Found"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Exploit deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCN deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\apstk4cy.default-1436850714672\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=96 folders=101 51634050 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\user\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 05/23/2016 at 20:54:11.35 ======================
 



#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 24 May 2016 - 04:06 PM

Thank you,
 
Please download OTM to your Desktop.

  • Right-click on OTM and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Files
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1784d7c2-3b9466fb
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52c00ce5-713284eb
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\298d42d-582c36a2
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\c8dc66e-615e0aec
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-41d748f3
C:\Users\user\AppData\Local\Temp

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-

:Commands
[EmptyTemp]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

Note: The logfile can also be located C: >> _OTM >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
===================================================================================
 
Please open Farbar Recovery Scan Tool
Start FRST.
Enter pevz.exe; into the Search box.
When the scan has finished, a Search.txt log is saved at the same location that FRST.exe is located.
Please post it here.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 bluedoggie2122

bluedoggie2122
  • Topic Starter

  • Members
  • 106 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 24 May 2016 - 07:29 PM

Hi olgun52,

 

Okay here is the log for OTM and FRST separated by $ symbol:

 

All processes killed
========== FILES ==========
File/Folder C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1784d7c2-3b9466fb not found.
File/Folder C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52c00ce5-713284eb not found.
File/Folder C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\298d42d-582c36a2 not found.
File/Folder C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\c8dc66e-615e0aec not found.
File/Folder C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-41d748f3 not found.
C:\Users\user\AppData\Local\Temp\_avast_ folder moved successfully.
C:\Users\user\AppData\Local\Temp\mozilla-temp-files folder moved successfully.
C:\Users\user\AppData\Local\Temp\F05B.tmp folder moved successfully.
C:\Users\user\AppData\Local\Temp\avastBCLTMP\firefox\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} folder moved successfully.
C:\Users\user\AppData\Local\Temp\avastBCLTMP\firefox\{73a6fe31-595d-460b-a920-fcc0f8843232} folder moved successfully.
C:\Users\user\AppData\Local\Temp\avastBCLTMP\firefox\loop@mozilla.org folder moved successfully.
C:\Users\user\AppData\Local\Temp\avastBCLTMP\firefox\firefox@getpocket.com folder moved successfully.
C:\Users\user\AppData\Local\Temp\avastBCLTMP\firefox\e10srollout@mozilla.org folder moved successfully.
C:\Users\user\AppData\Local\Temp\avastBCLTMP\firefox\default-1436850714672 folder moved successfully.
C:\Users\user\AppData\Local\Temp\avastBCLTMP\firefox folder moved successfully.
C:\Users\user\AppData\Local\Temp\avastBCLTMP\edge folder moved successfully.
C:\Users\user\AppData\Local\Temp\avastBCLTMP folder moved successfully.
C:\Users\user\AppData\Local\Temp\acro_rd_dir folder moved successfully.
C:\Users\user\AppData\Local\Temp folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: user
->Temporary Internet Files folder emptied: 309 bytes
->Java cache emptied: 8196 bytes
->FireFox cache emptied: 40054066 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1649816 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 447537 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 40.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 05242016_171052

Files moved on Reboot...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\officeclicktorun.exe_streamserver(20160524170018914).log not found!
C:\WINDOWS\temp\USER-PC-20160524-1700.log moved successfully.

Registry entries deleted on Reboot...
 

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

 

Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
Ran by user (2016-05-24 17:19:14)
Running from C:\Users\user\Desktop
Boot Mode: Normal

================== Search Files: "pevz.exe" =============

====== End of Search ======






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users